dnsmasq is a small DNS/DHCP server. Because of its size and ease of configuration, it’s an ideal solution for a small network.
This is one of the easiest plugins to install on Freenas
Create the jail
Create a standard jail and untick the vanilla option. This means you can install PC-BSD PBI packages and BSD packages.
Think of a suitably descriptive name. I chose dhcp_dns so its role is immediately obvious.
I also gave it its own IP address.
Select the autostart also.
Change into the jail
You can either use the shell menu item in the FreeNas GUI to get a pop-up window. I prefer to ssh into the FreeNas box. See the documentation on the FreeNas site on setting up the ssh server.
[root@freenas ~]# jls JID IP Address Hostname Path 1 - database /mnt/volume1/jails/database 2 - dhcp_dns /mnt/volume1/jails/dhcp_dns
jexec 2 /bin/csh
to change into the jail. Remember to replace the “2” with the number of the jail from the list you got from the jls command.
I chose to use the package manager (the pkg command)
root@dhcp_dns:/#pkg search dnsmasq dnsmasq-2.66,1 root@dhcp_dns:/#
The line in red is the name of the package that the search returned.
To install it simply type
root@dhcp_dns:/#pkg install dnsmasq
An example configuration file is found in
/usr/local/etc/dnsmasq.conf.example. I find this is useful to keep as a master copy as it’s well commented, so the main configuration file can be tidied up.
root@dhcp_dns:/ #cd /usr/local/etc root@dhcp_dns:/usr/local/etc #cp dnsmasq.conf.example dnsmasq.conf root@dhcp_dns:/usr/local/etc # ls dns* dnsmasq.conf dnsmasq.conf.example
now edit the configuration file. I’m used to using vi, which is installed as standard when you create the jail. If you want to use another editor, then you will need to install that.
Create a local hosts file (optional)
dnsmasq will normally read from
/etc/hosts. If you’re adding/removing machines, then you will need to keep this up-to-date for the name lookups to work. I use a separate hosts file, so that the one held in the /etc directory is always a minimal version.
Create the file
/usr/local/etc/hosts and add all the machines and ip addresses that you have hard coded. Even if you’re serving out IP addresses via DHCP to the entire network, your router will almost certainly have a hard-coded IP address. This is usually number “1” on whatever subnet that the manufacturer has set up as default.
For all the home/small office/DSL/Cable routers I’ve come across the address defaults to either 192.168.0.1 or 192.168.1.1
So I just call this “gateway” and put the following entry in the
# $FreeBSD: src/etc/hosts,v 188.8.131.52.2.1 2009/10/25 01:10:29 kensmith Exp $ # # Host Database # # This file should contain the addresses and aliases for local # hosts that # share this file. Replace 'my.domain' below with the domainname # of your machine. # # In the presence of the domain name service or NIS, this file may # not be consulted at all; see /etc/nsswitch.conf for the # resolution order. # # 192.168.1.1 gateway gateway.localdomain
If you’ve set up you own local domain, add the correct name here also.
Check that the resolv.conf file exists
This sits in the /etc directory. This lists (in IP format) the name servers that you use to resolve internet addresses. The entries here will usually be provided by your ISP. When dnsmasq can’t provide an answer to a DNS query it uses this file to see where to interrogate next.
Check that the lease directory exists
The leases are written to a lease file. This won’t be big.
#mkdir -p /var/db/dnsmasq/
Set up a basic configuration
domain-needed bogus-priv resolv-file=/etc/resolv.conf strict-order local=/mydomain/ except-interface=lo0 listen-address=192.168.1.3 addn-hosts=/usr/local/etc/hosts expand-hosts domain=/mydomain/ dhcp-range=192.168.1.150,192.168.1.180,12h dhcp-leasefile=/var/db/dnsmasq/dnsmasq.leases dhcp-authoritative cache-size=250 bogus-nxdomain=184.108.40.206 bogus-nxdomain=220.127.116.11 bogus-nxdomain=18.104.22.168 bogus-nxdomain=22.214.171.124 bogus-nxdomain=126.96.36.199
- The listen-address is the same IP address that you gave the jail when you created it
- the bogus-nxdomains lines were in the the example, so I left them in
- the dhcp range can be anything in the range, but avoid any hard-coded devices
- the dhcp-lease file is placed in the directory created above
- replace the mydomain in the local= and domain= lines with your own domain
- the resolv-file should point to /etc/resolv.conf (unless you’ve moved it)
- The addn-hosts line gives the location of our own host file we created above.
When the jail starts, we want dnsmasq to start automatically. The following lines just need to be added to /etc/rc.conf.
Strictly speaking, the second line doesn’t need to be there, but I like to explicitly put these in so that my rc.conf file becomes a useful bit of documentation also.