BIND has been serving up internal address information on our home network for way over a decade now. That’s changing over the next couple of days. The whys and hows follow.
This was done on Fedora 21*.
I like BIND. I really do. Learning how to configure BIND servers not only helped me become a better diagnostician of network issues, it actually helped me get through the first iteration of Microsoft’s Active Directory training (which needless to say had some rough edges in the hands-on lab department).
But configuring BIND servers has lost its lustre for me. It’s just not as much fun as it used to be. When I recently upgraded our home firewall to pfSense 2.2-RELEASE, I decided not to install BIND but instead work with the built-in DNS Forwarder (not Resolver) that uses dnsmasq under the covers. This simplified configuration and setup tremendously, and reduced our dependency on add-on packages that can create problems during upgrades of the base system.
Fortunately, dnsmasq works pretty well as a simple name server. In fact it also offers some features, like SRV records, that were only available with BIND and other full-featured name servers in the past.
To implement dnsmasq as a name server all I had to do was:
1. Shut down and disable BIND (“systemctl stop named”, “systemctl disable named”).
2. Install dnsmasq (“yum install dnsmasq”).
3. Add an /etc/banner_add_hosts file that contains all the IP to host name mappings (in addition to those for your own host already in /etc/hosts), one line per name (in the case of aliases, CNAMEs, you would have an additional line for the same IP address)**. For example:
10.0.0.1 gw.example.com gw 10.0.0.1 ns1.example.com ns1 10.0.1.1 gw2.example.com gw2 10.0.0.10 backup.example.com nas 10.0.0.10 www.example.com www 10.0.0.10 ldap.example.com ldap
4. Edit the configuration file, /etc/dnsmasq.conf. The sample file included with the Fedora install is mostly commented out. Here are the (mostly) non-defaults I uncommented:
filterwin2k listen-address=10.0.0.3 bind-interfaces addn-hosts=/etc/banner_add_hosts domain=example.com conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
5. Start and enable dnsmasq (“systemctl start dnsmasq”, “systemctl enable dnsmasq”).
* It’s even easier to set up on FreeBSD, where you can install the plain vanilla package (“pkg install dnsmasq”). The configuration is almost identical (I left the “conf-dir” argument commented out).
** On FreeBSD and other systems whose network config isn’t controlled by FreeDesktop.org’s NetworkManager you can do this in the /etc/hosts file. That file gets overwritten by NetworkManager in systems (like Fedora and Ubuntu) that are controlled by it, necessitating the use of a supplemental file to persistently store the additional mappings.
Of course dnsmasq won’t respond to zone transfer requests the way a “real” name server would, but that’s not something most people need to do very often.