In this post we are going to install and configure dnsmasq with a simple webUI acting as a front end for our less technical users. Our goal is to simplify dns in our lab sandboxes, and keep users from directly modifying our dnsmasq config files.
Installation
First we need to install dnsmasq.
# dnf -y install dnsmasqNow lets enable and start the service. We will also check the status of the service to ensure that we do not have any issues with the default config.
# systemctl start dnsmasq
# systemctl enable dnsmasq
# systemctl status dnsmasqConfiguration
Next let’s make a backup of the default configuration file before we start making modification.
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.origI made the following modifications.
- listen-address is the loopback and our routable ip address
- expand-hosts, we uncomment this in order to allow dnsmasq to automatically expand the hostnames to fully qualified domain names
- domain – this is the local domain that we will serve via dnsmasq
- dhcp-range – this is the range of IP addresses that dnsmasq is allowed to hand out
interface=enp1s0
listen-address=127.0.0.1,192.168.65.7
expand-hosts
domain=sandbox3.localdomain
dhcp-range=192.168.65.20,192.168.65.40,255.255.255.128,12h
Next we check our config file for any errors
# dnsmasq --test
dnsmasq: syntax check OK.Now lets restart dnsmasq
# systemctl restart dnsmasqFirewall Config
Now we need to modify firewalld
[root@dns ~]# firewall-cmd --add-service=dns --permanent
success
[root@dns ~]# firewall-cmd --add-service=dhcp --permanent
success
[root@dns ~]# firewall-cmd --reload
successTesting
I prefer to use nslookup for testing, so lets install it
# dnf -y install bind-utilsNow let’s make sure we are able to resolve addresses, using our local instance of dnsmasq.
# nslookup
> server localhost
Default server: localhost
Address: ::1#53
Default server: localhost
Address: 127.0.0.1#53
> google.com
Server: localhost
Address: ::1#53
Non-authoritative answer:
Name: google.com
Address: 142.251.40.174
Name: google.com
Address: 2607:f8b0:4006:821::200e
Install and Configure the Webui
For the webui – we are going to use a simple one that I found via the link below. https://github.com/akivajp/dnsmasq-webconf
First, we need to install git and pip
# dnf -y install git
# dnf -y install pipThen we follow the directions which I will repeat here.
# mkdir -p ~/git && cd ~/git
# git clone https://github.com/akivajp/dnsmasq-webconf.gitThen we use pip to install jinja2
# pip install --user bottle jinja2Now change directory
# cd dnsmasq-webconf/We now need to poke a hole for http traffic in our local firewall
# firewall-cmd --add-service=http --permanent
# firewall-cmd --reloadNow start the front end
# python ~/git/dnsmasq-webconf/app/index.py 80 --leases /var/lib/dnsmasq/dnsmasq.leases --hosts /etc/hosts --config /etc/dnsmasq.confCreating a Service
So far we have dnsmasq configured and running, and we have installed a web front end and have been able to start it on the command line. Now we need to configure the front end to start as a service when the OS boots. So we now need to turn the webUI into a systemd service.
First we create the following service file
# vi /etc/systemd/system/dnsmasq-webconf.serviceThe contents of which are below. Note that we have modified relative paths to be absolute paths.
[Unit]
Description=DNSMasq WebConf
After=network.target
[Service]
ExecStart=/usr/bin/python3 /root/git/dnsmasq-webconf/app/index.py 80 --leases /var/lib/dnsmasq/dnsmasq.leases --hosts /etc/hosts --config /etc/dnsmasq.conf
Restart=always
User=root
WorkingDirectory=/root/git/dnsmasq-webconf/app
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.targetNow we need to reload systemd
# systemctl daemon-reloadNow we can start the service
# systemctl start dnsmasq-webconf.service