Dnsmasq is a lightweight DNS forwarder, DHCP server, and BOOTP/TFTP server for a small network (up to 1000 clients is known to work). It’s easy to configure and low resource cost.
I just use the DNS forward(cache) function here, which only serves with the systems of internal network, as the configuration file of the dnsmasq server below:
$ cat /etc/dnsmasq.conf
no-hosts
neg-ttl=3600
#log-queries
log-facility=/var/log/dnsmasq.log
pid-file=/var/run/dnsmasq.pid
user=nobody
group=nogroup
port=53
edns-packet-max=1280
interface=eth0 # internal network
except-interface=eth1 # external network
#no-dhcp-interface=eth1
listen-address=192.168.0.10
bind-interfaces
resolv-file=/etc/dnsmasq.resolv.conf
strict-order
#all-servers
stop-dns-rebind
#no-poll
cache-size=2048
no-negcache
$ cat /etc/resolv.conf
nameserver 127.0.0.1
On another system:
$ cat /etc/resolv.conf
nameserver 192.168.0.10
nameserver 192.168.0.11
I think it’s a good choice to effect fault tolerance with setting up two dnsmasq servers. As the two lines above.
the first time:
$ dig dotimes.com
;; Query time: 258 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
the second time:
$ dig dotimes.com
;; Query time: 1 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
As you can see the difference in the above example.
Yes, this is only one request, but what about surfing, or sending mails on mail server? It’s really worth the effort.
djbdns, pdnsd are also good DNS cache (proxy) programs, which yep worth a try.
The only thing I’m wondering that whether djbdns is still under maintainence.
Tags: dnsmasq
