In a DNS bind? Get Out With dnsmasq - Page 2
DHCP Server
The simplest way to use the DHCP server in Dnsmasq is to set the hostnames on each host on your LAN. Then make these edits to /etc/dnsmasq.conf:
expand-hosts domain=test.net (use your own domain here, of course) dhcp-range=192.168.1.100,192.168.1.150,168h
The first line automatically expands the hostnames to include the domain name, which is specified on the next line. The third line shows how to set a range of IP addresses for your DHCP pool, with a 168-hour lease. You can set the lease to any interval you like, either in hours (h) or minutes (m) or infinite, for a permanent lease.
Setting Hostnames Correctly
The key to making all this work nicely is to have hostnames correctly configured on your PCs. On most Linux systems, you must edit /etc/hostname. /etc/hostname sets only the system's hostname:
workstation1
On Red Hat and Fedora, you must edit /etc/sysconfig/network instead of /etc/hostname:
HOSTNAME=workstation1
Anytime you change the hostname, you must reboot. Then you can check your work with the hostname command:
$ hostname workstation1
Foiling Sitefinder and Related Foolishnesses
Verisign's Sitefinder has gone away, for the moment, but they are making noises about trying again. A number of registries for various domains still do it. For those who have mercifully erased this nonsense from their memory banks: Sitefinder, instead of returning a proper NXDOMAIN response for non-existent .com and .net addresses, instead re-directed to a Verisign search page. Which broke DNS, messed up applications that depended on accurate DNS queries, subjected users to yet more advertising, and did not help anyone at all. Except Verisign, who collected ad revenue.
As usual, the tech community swiftly responded with various workarounds. Should Sitefinder return, or you encounter other that registries implement a similar "service", Dnsmasq can foil it. Simply enter the offending IP address in /etc/dnsmasq.conf:
bogus-nxdomain=64.94.110.11
That was the IP used by Sitefinder, so all DNS redirected to that IP is considered bogus, and forced to return a proper NXDOMAIN response. This page has a list of other offending IPs that do, or have done, the same thing. Testing for this DNS-breaking silliness is simple enough, using the host command and bogus addresses:
$ host jd89hv8eef09jvoiuew90ofhjyfhf.ws jd89hv8eef09jvoiuew90ofhjyfhf.ws has address 216.35.187.246
Oho, a live one! A correct response would be
Host jd89hv8eef09jvoiuew90ofhjyfhf.ws not found: 3(NXDOMAIN)
Try www.jd89hv8eef09jvoiuew90ofhjyfhf.ws in a Web browser, and see what you get. Not a correct "Page not found", but one of those annoying registrar pages. You should probably try a few improbable domain names just to make sure. When you're certain you've tracked down a bogus redirect IP, in this example 216.35.187.246, just slap it into /etc/dnsmasq.conf:
bogus-nxdomain=216.35.187.246
Documentation
See /etc/dnsmasq.conf for a lot of good, well-commented examples, and dnsmasq (8) for complete options, and more examples.
Resources
- Dnsmasq home page
- If you are interested in more heavy-duty DNS servers, see djbdns home page, with bales of good documentation.
- BIND home page
- This covers the traditional DHCP server for Linux: the DHCP mini-howto
