Dnsmasq on CentOS 7.3 - SME Networks

General index of the series: Computer Networks for SMEs: Introduction

Hello friends!. We dedicate this article to dnsmasq a very simple program that provides services DNS - DHCP using a single software. The best documentation that exists about this software is the one installed with the package itself located at /usr/share/doc/dnsmasq-2.66/, the configuration file -full of examples- /etc/dnsmasq.conf, and the one obtained by the command man dnsmasq. It is also very healthy to visit your Official Site.

[root @ dns ~] # ls -l /usr/share/doc/dnsmasq-2.66/
total 136 -rw-r - r--. 1 root root 18007 Apr 17 2013 COPYING -rw-r - r--. 1 root root 59811 Nov 11 13:20 CHANGELOG -rw-r - r--. 1 root root 5164 17 Apr 2013 1 DBus-interface -rw-r - r--. 5009 root root 17 Apr 2013 1 doc.html -rw-r - r--. 25075 root root 17 Apr 2013 1 FAQ -rw-r - r--. 12019 root root 17 Apr 2013 XNUMX setup.html

• The procedure described in the post is also valid for Debian 8 "Jessie". The / etc / dnsmasq configuration file is the same. In Jessie, maybe you only need to install your dnsmasq package and nothing else. I write it because I consider it unnecessary to make a separate article for Dnsmasq in Debian. Fortunately, the directories related to documentation and configuration are the same,

The Dnsmaq is a creation of Simon Kelley.

What is Dnsmasq?

Free Software dnsmasq is a server DNS Forwarder y DHCP for small computer networks. Typical example are the existing networks in our SMEs. It requires few hardware resources for its operation and can be run on various platforms such as Linux, BSD, Android and OS X. It is included in almost all the repositories of Linux and BSD distributions.

The server DHCP of the dnsmasq you can lease IP addresses dynamically and statically, for multiple networks with different ranges of IP addresses. It is integrated with the server DNS and allows local machines that obtain an IP address to appear as registered in DNS with their correct DNS records, both direct and reverse.

The native way of working of the dnsmasq to cache DNS records obtained through queries to their forwarders, reduces the load on these and improves the overall performance of the response speed to different DNS queries.

Supports modern standards such as IPv6 y DNSSEC, Start - Boat over the network with support for the protocols BOOTP, Tftp, and PXE.

In the Linux universe, Dnsmasq is widely used in servers for Machines without Hard Disk and Thin Clients. In Microsoft® Windows, with the software ARDENCE®, an equivalent -to Dnsmasq- is used as a DHCP server called tellurian.

In which scenario can we use Dnsmasq?

If we execute man dnsmasq In CentOS, we will get the page for that manual in the English language. In the File dnsmasq.8.gz -in Spanish- which is installed with the Debian 8 «Jessie» distribution, it is reflected exactly following:

LIMITS

• The default values ​​for resource limits are generally conservative, and appropriate for use on router-type devices. stuck with slow processors and low memory. In hardware more  capable, it is possible to increase the limits, and support many more customers. The following applies to dnsmasq-2.37: previous versions do not they climbed so well.
  

• Dnsmasq is capable of supporting DNS and DHCP at least one thousand (1,000) customers. Lease times should not be too short (less than one time). The value of –dns-forward-max can be increased: start with the equivalent of the number of clients and increase it if the DNS. Note that DNS performance also depends on the servers Upstream DNS. DNS cache size can be increased: the limit Required is 10,000 names and the default (150) is very low. Sending a SIGUSR1 to dnsmasq makes bitacore information that is Useful for fine-tuning the cache size. See the NOTES section for details.

• The built-in TFTP server is capable of supporting multiple transfers simultaneous files: the absolute limit is related to the number of file-handles allowed to a process and the ability of the sys‐tem call select () to support large numbers of file-handles. If the limit is set too high with –tftp-max it will be de-scaled and the actual limit will be clocked at startup. Note that more transfers are possible when the same file is sent what when each transferencia sends a different file. It is possible to use dnsmasq to deny Web advertising using a list of well known banner servers, all resolving to 127.0.0.1 or 0.0.0.0 in / etc / hosts or in an additional hosts file. The list can be very long. Dnsmasq has been tested successfully with a million names. That file size needs a 1GHz CPU and approximate60MB RAM.

I did not write or edit the above paragraphs at all. They are reflected as they come in the Mon in Spanish from dnsmasq 2.72 from the Debian 8.6 repository. From them and from the practice in the use of this software, we can infer that it is rare - not impossible - to find a scenario in our SME networks that exceeds the amount of 1000 clients or computers connected to the LAN.

• Dnsmasq is capable of supporting DNS and DHCP at least one thousand (1,000) love Lóleo.

Margin considerations

It always struck me that the award-winning software ClearOS Enterprise 5.2 SP1 will use the Dnsmasq -associated with its NTP- as Infrastructure Server by default, and to continue using it as such -at least until versions 7.xxx- in Releases you pay to install an Active Directory® based on Samba 4. Too bad for us, Free Software lovers, that the company ClearFoundationwill stop providing software of that quality in versions after 5.xxx in the obvious sake of better monetary gains. I think it is counterproductive for the company itself.

Even though I am a fan Debian -and I do not want to make a propaganda of my very personal choice at all- I have always admired the Company Red Hat®, Inc. whose business model has positioned it as the undisputed leader of Free Software. In addition, it is the Sponsor of the CentOS binary clone - 100% free software - of its star operating system Red Hat® Enterprise Linux - RHEL. For something it is said that CentOS is an unsupported RHEL 😉

• I have running a Samba Classic NT 4.0 Style Primary Domain Controller based on the ClearOS Enterprise 5.2 SP1 for more than 4 years in the network of a company with clients Windows XP, 7, 8, Windows Server 2003 and Windows server 2012. What is there to tickle a couple of registry values ​​of each Windows client of version higher than XP? It is true. What works the best? It is also true. That the number of teams does not reach 100? Also true.

Common sense

• Although for me «The Common Sense is the least common of the senses», place yourself first of all in Your Needs and then select the artistic scene according to what You need to express and solve according to Your Own Script.
• Do not use a transcontinental missile to kill a mosquito. Don't complicate life unnecessarily: start with the simplest solution. If you don't solve with that, raise the complexity one point, and so on.
  

Let's install CentOS 7 and the Dnsmasq

For the installation of the base system we are guided by the article CentOS 7 Hypervisor I and in the selection of packages we only mark the option «Infrastructure Server«. The general parameters that we will use in the preparation of this article are the following:

FQDN name of the virtual machine: dns.desdelinux.fan
IP address: 10.10.10.5

CentOS 7 installs the default dnsmasq

Yes Dear Readers, in CentOS 7 the package dnsmasq it is installed during the installation of an Infrastructure Server and I suppose than in other options as well.

[root @ dns ~] # yum info dnsmasq
Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile Installed packages Name: dnsmasq Architecture: x86_64 Version: 2.66 Release: 21.el7 Size: 464 k
Repository: installed
From repository: centos-base Summary: A lightweight DHCP / caching DNS server URL: http://www.thekelleys.org.uk/dnsmasq/ License: GPLv2 Description: Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP: server . It is designed to provide DNS and, optionally, DHCP, to a: small network. It can serve the names of local machines which are: not in the global DNS. The DHCP server integrates with the DNS: server and allows machines with DHCP-allocated addresses to appear: in the DNS with names configured either in each host or in a: central configuration file. Dnsmasq supports static and dynamic: DHCP leases and BOOTP for network booting of diskless machines.

Version dnsmasq installed is 2.66, and corresponds to the version of CentOS:

[root @ dns ~] # cat / proc / version
Linux version 3.10.0-514.6.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)) # 1 SMP Wed Jan 18 13:06:36 UTC 2017

Let's enable and configure the dnsmasq

[root @ dns ~] # nano / etc / hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.5 dns.desdelinux.fan dns

[root @ dns ~] # hostname
dns
[root @ dns ~] # hostname -f
dns.desdelinux.fan


[root @ dns ~] # systemctl enable dnsmasq
[root @ dns ~] # systemctl start dnsmasq
[root @ dns ~] # systemctl status dnsmasq
● dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2017-02-18 11:47:19 EST; 4s ago Main PID: 1179 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1179 / usr / sbin / dnsmasq -k Feb 18 11:47:19 dns systemd [1]: Started DNS caching server .. Feb 18 11:47:19 dns systemd [1]: Starting DNS caching server .... Feb 18 11:47:19 dns dnsmasq [1179]: started, version 2.66 cachesize 150 Feb 18 11:47:19 dns dnsmasq [1179 ]: compile time options: IPv6 GNU-getopt DB ... th Feb 18 11:47:19 dns dnsmasq [1179]: reading /etc/resolv.conf Feb 18 11:47:19 dns dnsmasq [1179]: ignoring nameserver 127.0.0.1 - local in ... ce Feb 18 11:47:19 dns dnsmasq [1179]: read / etc / hosts - 3 addresses Hint: Some lines were ellipsized, use -l to show in full.

Don't forget the next step:

[root @ dns ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

Fixed IP addresses

With Dnsmasq, the addresses of the servers or computers that require a fixed IP -both IPv4 and IPv6- are declared in the file / Etc / hosts:

[root @ dns ~] # nano / etc / hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 # Servers 10.10.10.1 sysadmin.desdelinux.fan sysadmin 10.10.10.3 ad-dc.desdelinux.fan ad-dc 10.10.10.4 fileserver.desdelinux.fan fileserver 10.10.10.5 dns.desdelinux.fan dns 10.10.10.6 proxyweb.desdelinux.fan proxyweb 10.10.10.7 blog.desdelinux.fan blog 10.10.10.8 ftpserver.desdelinux.fan ftpserver 10.10.10.9 mail.desdelinux.fan mail

Let's create the /etc/dnsmasq.conf file

[root @ dns ~] # nano /etc/dnsmasq.conf
# ------------------------------------------------- ------------------ # GENERALOPTIONS # ----------------------------- -------------------------------------- domain-needed # Don't pass names without the domain part bogus-priv # Do not pass addresses in unrouted space expand-hosts # Automatically add the domain to the host interface=eth0 # Interface. BE CAREFUL with the Interface # except-interface=eth1 # DO NOT listen for this NIC strict-order # Order in which you consult the /etc/resolv.conf file # Include many more configuration options # through a file or by locating the # configuration files additional in a directory # conf-file=/etc/dnsmasq.more.conf conf-dir=/etc/dnsmasq.d # Relating to the Domain Name domain=desdelinux.fan # Domain name # Time Server is 10.10.10.1 address=/time.windows.com/10.10.10.1 # Sends an empty option of the WPAD value. Required for # Windows 7 and later clients to behave properly. ;-) dhcp-option=252,"\n" # File where we will declare the HOSTS that will be "banned" addn-hosts=/etc/banner_add_hosts # ----------------- -------------------------------------------------- # RECORDSCNAMEMXTXT # ----------------------------------------------- -------------------- # This type of registration requires an entry # in the /etc/hosts file # ex: 10.10.0.7 blog.desdelinux.fan blog # cname=ALIAS,REAL_NAME cname=www.desdelinux.fan,blog.desdelinux.fan # MX RECORDS # Returns an MX record with the name "desdelinux.fan" destined # to the mail team.desdelinux.fan and priority of 10 mx-host=desdelinux.fan,mail.desdelinux.fan,10 # The default destination for MX records created # using the localmx option will be: mx-target=mail.desdelinux.fan # Returns an MX record pointing to mx-target for ALL # local machines localmx # TXT records. We can also declare an SPF record txt-record=desdelinux.fan,"v=spf1 a -all" txt-record=desdelinux.fan,"DesdeLinux, your Blog dedicated to Free Software" # ----------------------------------------- -------------------------- # -------------------- -------------------------------------------- # RANGEANDUSOPTIONS # --- -------------------------------------------------- -------------- # IPv4 range and lease time # 1 to 29 are for Servers and other needs dhcp-range=10.10.10.30,10.10.10.250,8h

dhcp-lease-max = 222 # Maximum number of addresses to lease
                        # by default is 150
# IPV6 Range # dhcp-range=1234::, ra-only # Options for RANGE # OPTIONS dhcp-option=1,255.255.255.0 # NETMASK dhcp-option=3,10.10.10.253 # ROUTER GATEWAY dhcp-option=6,10.10.10.5 .15 # DNS Servers dhcp-option=XNUMX,desdelinux.fan # DNS Domain Name dhcp-option=19,1 # option ip-forwarding ON dhcp-option=28,10.10.10.255 # BROADCAST dhcp-option=42,10.10.10.1 # NTP # dhcp-option=40,DCH # NIS Domain Name # dhcp-option=41,10.10.10.5 # NIS Server # EXTERNAL SAMBA4 WINS SERVER # # dhcp-option=44,10.10.10.5 # WINS # dhcp-option=45,10.10.10.5 # NetBIOS Datagrams # WINS SERVER SAMBA4 EXTERNAL # # dhcp-option=46,8 # NetBIOS Node # dhcp-option=73,10.10.10.3 # Finger Server dhcp-authoritative # DHCP Authoritative on subnet # ------------- -------------------------------------------------- ---- # --------------------------------------------- ---------------------- # LOGGINGAL /var/log/messages # ------------------- ------------------------------------------------ log- queries

# END of the /etc/dnsmasq.conf file
# ------------------------------------------------- ------------------

Let's check the syntax and restart the service

[root @ dns ~] # dnsmasq --test
dnsmasq: syntax check OK.
[root @ dns ~] # systemctl restart dnsmasq
[root @ dns ~] # systemctl status dnsmasq
● dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2017-02-18 12:48:05 EST; 5s ago Main PID: 1288 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1288 / usr / sbin / dnsmasq -k Feb 18 12:48:05 dns systemd [1]: Started DNS caching server .. Feb 18 12:48:05 dns systemd [1]: Starting DNS caching server .... Feb 18 12:48:05 dns dnsmasq [1288]: started, version 2.66 cachesize 150 Feb 18 12:48:05 dns dnsmasq [1288 ]: compile time options: IPv6 GNU-getopt DB ... th Feb 18 12:48:05 dns dnsmasq-dhcp [1288]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:48 : 05 dns dnsmasq [1288]: reading /etc/resolv.conf Feb 18 12:48:05 dns dnsmasq [1288]: ignoring nameserver 127.0.0.1 - local in ... ce Feb 18 12:48:05 dns dnsmasq [ 1288]: read / etc / hosts - 11 addresses
Feb 18 12:48:05 dns dnsmasq [1288]: failed to load names from /etc/banner_ad...ry
Hint: Some lines were ellipsized, use -l to show in full.

Note that in the previous output the systemctl status dnsmasq returns the error:

Feb 18 12:48:05 dns dnsmasq [1288]: failed to load names from /etc/banner_ad...ry

complaining that you can't find the file / etc / banner_add_hosts.

[root @ dns ~] # touch / etc / banner_add_hosts
[root @ dns ~] # systemctl restart dnsmasq.service 
[root @ dns ~] # systemctl restart dnsmasq.service 
[root @ dns ~] # systemctl status dnsmasq.service 
● dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2017-02-18 12:54:26 EST; 7s ago Main PID: 1394 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1394 / usr / sbin / dnsmasq -k Feb 18 12:54:26 dns systemd [1]: Started DNS caching server .. Feb 18 12:54:26 dns systemd [1]: Starting DNS caching server .... Feb 18 12:54:26 dns dnsmasq [1394]: started, version 2.66 cachesize 150 Feb 18 12:54:26 dns dnsmasq [1394 ]: compile time options: IPv6 GNU-getopt DB ... th Feb 18 12:54:26 dns dnsmasq-dhcp [1394]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:54 : 26 dns dnsmasq [1394]: reading /etc/resolv.conf Feb 18 12:54:26 dns dnsmasq [1394]: ignoring nameserver 127.0.0.1 - local in ... ce Feb 18 12:54:26 dns dnsmasq [ 1394]: read / etc / hosts - 11 addresses Feb 18 12:54:26 dns dnsmasq [1394]: read / etc / banner_add_hosts - 0 addresses Hint: Some lines were ellipsized, use -l to show in full.

And we already have the DNS and DHCP services running.

Important

• If we modify the /etc/dnsmasq.conf file, we must restart the service for the changes to take effect.
• If we modify the / etc / hosts file to eliminate, modify or add a fixed IP with its corresponding host name, we must restart the service for the changes to take effect..
• systemctl reload dnsmasq.service cannot be used with this service.

We open the necessary ports in the Firewall

In the article by my friend and colleague Luigys Toro -aka lizard- "How to open ports in Centos 7 Firewall»The procedure we must follow to open the ports in the Firewall that CentOS installs by default is explained very well. I still don't know how to apply the Selinux context rules to the dnsmasq service in CentOS. If anyone knows him, please enlighten us.

The files / etc / protocols y / etc / services They are a very good guide to know which ports we need to open for the DNS and DHCP services provided by Dnsmasq to work well.

[root @ dns ~] # firewall-cmd --get-active-zones
public interfaces: eth0

Service domain o Domain Name Server (dns). Protocol swipe «IP with Encryption»

[root @ dns ~] # firewall-cmd --zone = public --add-port = 53 / tcp --permanent
success

[root @ dns ~] # firewall-cmd --zone = public --add-port = 53 / udp --permanent
success

Service bootps o BOOTP server (dhcp). Protocol ippc «Internet Pluribus Packet Core»

[root @ dns ~] # firewall-cmd --zone = public --add-port = 67 / tcp --permanent
success

[root @ dns ~] # firewall-cmd --zone = public --add-port = 67 / udp --permanent
success

[root @ dns ~] # firewall-cmd --reload
success

[root @ dns ~] # firewall-cmd --list-all
public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: 53 / udp 67 / tcp 53 / tcp 67 / udp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

Important

• If we are going to provide IPv6 address leasing services, we must also open ports dhcpv6-server 547 / tcp and dhcpv6-server 547 / udp.

Checks

Let's check through several DNS queries how our brand new newly installed Dnsmasq is working. For this we select the well-known team sysadmin.desdelinux.fan, and from that computer, which is connected to the LAN, we will execute several queries, but not before checking that the file is properly configured / Etc / resolv.conf:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
# Generated by NetworkManager search desdelinux.fan nameserver 10.10.10.5

File settings / Etc / resolv.conf it's correct. Let's start the consultations

buzz @ sysadmin: ~ $ host dns
dns.desdelinux.fan has address 10.10.10.5 Host dns.desdelinux.fan not found: 5(REFUSED) dns.desdelinux.fan mail is handled by 1 mail.desdelinux.fan.

With the proposed configuration, we can discard the output of the command host without options when it comes to Dnsmasq, when returning lines like the following:

Host dns.desdelinux.fan not found: 5(REFUSED)

If we don't want that type of output, we must use the command host with options -t A, -t CNAME, -t NS, -t SOA, -t SIG, -t AXFR. Read more man host for more information:

buzz@sysadmin:~$ host -t To dns.desdelinux.fan
dns.desdelinux.fan has address 10.10.10.5

[root @ dns ~] # host -t To dns
dns.desdelinux.fan has address 10.10.10.5

buzz @ sysadmin: ~ $ dig dns

buzz @ sysadmin: ~ $ host 10.10.10.5
5.10.10.10.in-addr.arpa domain name pointer dns.desdelinux.fan.

Dnsmasq is not intended for a Master - Slave scheme

buzz@sysadmin:~$ host -t AXFR desdelinux.fan
"Trying"desdelinux.fan" Host desdelinux.fan not found: 5(REFUSED) ; Transfer failed.

It is also not intended to return NS and SOA records

buzz@sysadmin:~$ host -t NS desdelinux.fan
Host desdelinux.fan not found: 5(REFUSED)

buzz@sysadmin:~$ host -t SOA desdelinux.fan
Host desdelinux.fan not found: 5(REFUSED)

buzz@sysadmin:~$ dig IN SOA desdelinux.fan
buzz@sysadmin:~$ dig IN NS desdelinux.fan

If it supports MX, CNAME, and TXT records

buzz @ sysadmin: ~ $ host -t To www
www.desdelinux.fan is an alias for blog.desdelinux.fan. Blog.desdelinux.fan has address 10.10.10.7
buzz@sysadmin:~$ host -t MX desdelinux.fan
desdelinux.fan mail is handled by 10 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ host -t CNAME www
www.desdelinux.fan is an alias for blog.desdelinux.fan.

buzz@sysadmin:~$ host -t To blog.desdelinux.fan
blog.desdelinux.fan has address 10.10.10.7

buzz@sysadmin:~$ host -t TXT desdelinux.fan
desdelinux.fan descriptive text "DesdeLinux, your Blog dedicated to Free Software"
desdelinux.fan descriptive text "v=spf1 a -all"

PTR records inquiries

buzz @ sysadmin: ~ $ host -t PTR 10.10.10.7
7.10.10.10.in-addr.arpa domain name pointer blog.desdelinux.fan.

buzz @ sysadmin: ~ $ host 10.10.10.7
7.10.10.10.in-addr.arpa domain name pointer blog.desdelinux.fan.

Microsoft® Windows clients

Very healthy is to run on a server console dns.desdelinux.fan the command journalctl -f BEFORE turning on a machine which is running a Microsoft® Windows operating system, to see the enormous amount of DNS queries it makes to different sites. It really is very entertaining. 😉

If we want to prevent queries related to some of these sites from traveling to the Roots servers - root servers or towards forwarders that we declare in the file / Etc / resolv.conf, we can make good use of the file / etc / banner_add_host, filling it with as many sites we need to declare. Example:

[root @ dns ~] # nano / etc / banner_add_hosts
127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 download.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com

[root @ dns ~] # dnsmasq --test
dnsmasq: syntax check OK.

[root @ dns ~] # systemctl restart dnsmasq.service 
[root @ dns ~] # systemctl status dnsmasq.service

[root @ dns ~] # host -t To spynet4.microsoft.com
spynet4.microsoft.com has address 127.0.0.1

[root @ dns ~] # host -t To www.download.windowsupdate.com
www.download.windowsupdate.com has address 127.0.0.1

• The format of the / etc / banner_add_hosts file is the same as the / etc / hosts file. Remember that the list of domains to "ban" can be as long as we need, according to what is stated in the section LIMITS of this article.

To check from the client seven.desdelinux.fan which gave the IP address:

buzz @ sysadmin: ~ $ host -t A seven
seven.desdelinux.fan has address 10.10.10.115

we execute the command in the Windows client itself cmd:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C: \ Users \ buzz> nslookup
Default Server: dns.desdelinux.fan Address: 10.10.10.5 > dns Server: dns.desdelinux.fan Address: 10.10.10.5 Name: dns.desdelinux.fan Address: 10.10.10.5 > ftpserver Server: dns.desdelinux.fan Address: 10.10.10.5 Name: ftpserver.desdelinux.fan Address: 10.10.10.8 > www Server: dns.desdelinux.fan Address: 10.10.10.5 Name: blog.desdelinux.fan Address: 10.10.10.7 Aliases: www.desdelinux.fan > mail Server: dns.desdelinux.fan Address: 10.10.10.5 Name: mail.desdelinux.fan Address: 10.10.10.9 > sysadmin Server: dns.desdelinux.fan Address: 10.10.10.5 Name: sysadmin.desdelinux.fan Address: 10.10.10.1 > www.download.windowsupdate.com Server: dns.desdelinux.fan Address: 10.10.10.5 Name: www.download.windowsupdate.com Address: 127.0.0.1 > quit C:\Users\buzz>

Summary

So far we have seen a few main features of the Dnsmasq. I suggest Read and study the files mentioned in the first paragraph of this article, if you want to know more about this magnificent -and surprising- program. Through its use we can greatly facilitate our lives.

Around 2014 I read the article «How To: Samba4 AD PDC + Windows XP, Vista and 7«. The creator of the article declares without blushing: «I hate bind, so it's dnsmasq to the rescue»(Sic) which more or less means«I hate BIND, so Dnsmasq comes to the rescue«. For the record, that phrase is not said by me.

In passing, I will comment that in that article the Author does not make clear the origin of some DNS records and in general terms it is not a good guide to implement an Active Directory® based on Samba 4. If your fanatic preference for the Dnsmasq.

I don't hate BIND at all. My four -4- previous articles prove it:

• DNS and DHCP in openSUSE 13.2 "Harlequin"
• DNS and DHCP on CentOS 7
• DNS and DHCP in Debian 8 "Jessie"
• BIND and Active Directory®

As I have written on previous occasions, almost never I recommendBut i suggest. In the case of Dnsmasq yes I recommend its use in SME Networks.

Next delivery

The next installment -i think i think- I will dedicate it to the integration of Dnsmasq with a Microsoft® Active Directory®. It will be a good entry point for an article -.- later that will deal with how to make an AD-DC with Samba 4 and Dnsmasq.