Welcome to configuring Ubuntu Server 22.04 as a router tutorial series!
- Setup Ubuntu Server 22.04 as a NAT Router with Qemu/KVM, Part 1
- Setup Ubuntu Server 22.04 as a DHCP Server with Qemu/KVM, Part 2
- Setup Ubuntu Server 22.04 as a DNS Server with Qemu/KVM, Part 3
One of the most popular programs for Linux operating systems providing DNS forwarder service is dnsmasq.
Ubuntu 22.04 comes with systemd-resolved which you need to disable since it binds to port 53 which will conflict with dnsmasq port.
Disable the systemd-resolved DNS listeners to free up port 53 by uncommenting DNSStubListener and setting it to no in /etc/systemd/resolved.conf.
DNSStubListener=noDisable the systemd-resolved DNSSEC, DNSOverTLS, LLMNR, and MulticastDNS by uncommenting them and setting it to no in /etc/systemd/resolved.conf.
DNSSEC=no
DNSOverTLS=no
MulticastDNS=no
LLMNR=noIn order to configure dnsmasq to act as cache for the host on which it is running, uncomment DNS and set it to 127.0.0.1 to force host to perform local DNS lookup.
DNS=127.0.0.1Restart the systemd-resolved service to apply your changes:
sudo systemctl restart systemd-resolvedOnce that is done, install dnsmasq:
sudo apt -y install dnsmasqTo enable DNS forwarder service, you need to configure /etc/dnsmasq.conf.
Set the port on which dnsmasq will listen for DNS requests. This default to UDP port 53.
port=53Disable forwarding of names without a dot or domain part by uncommenting:
domain-neededAdd a local-only domain:
local=/app/Restart the dnsmasq service to apply your changes:
sudo systemctl restart dnsmasqBy default, DNS uses TCP and UDP port 53. Open the DNS port, run:
sudo firewall-cmd --zone=public --permanent --add-port=53/tcp
sudo firewall-cmd --zone=public --permanent --add-port=53/udpNext, you will need to edit your /etc/hosts file and add the local DNS server entries.
172.16.0.100 bulbasaur.app
172.16.0.101 ivysaur.app
172.16.0.102 venusaur.appRestart the dnsmasq service to apply your changes:
sudo systemctl restart dnsmasqInstall dnsutils package:
sudo apt -y install dnsutilsTo test if the local DNS server is working or not, run:
dig bulbasaur.app
dig ivysaur.app
dig venusaur.appThe response should look similar to this:
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> bulbasaur.app
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62416
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;bulbasaur.app. IN A
;; ANSWER SECTION:
bulbasaur.app. 0 IN A 172.16.0.100
;; Query time: 0 msec
;; SERVER: fe80::9a73:37ff:fe90:3457%3#53(fe80::9a73:37ff:fe90:3457%3%3) (UDP)
;; WHEN: Mon Aug 14 13:24:05 UTC 2023
;; MSG SIZE rcvd: 58
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> ivysaur.app
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33069
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ivysaur.app. IN A
;; ANSWER SECTION:
ivysaur.app. 0 IN A 172.16.0.101
;; Query time: 0 msec
;; SERVER: fe80::9a73:37ff:fe90:3457%3#53(fe80::9a73:37ff:fe90:3457%3%3) (UDP)
;; WHEN: Mon Aug 14 13:24:05 UTC 2023
;; MSG SIZE rcvd: 56
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> venusaur.app
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50282
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;venusaur.app. IN A
;; ANSWER SECTION:
venusaur.app. 0 IN A 172.16.0.102
;; Query time: 0 msec
;; SERVER: fe80::9a73:37ff:fe90:3457%3#53(fe80::9a73:37ff:fe90:3457%3%3) (UDP)
;; WHEN: Mon Aug 14 13:24:05 UTC 2023
;; MSG SIZE rcvd: 57To test a reverse IP lookup, run:
dig -x 172.16.0.100
dig -x 172.16.0.101
dig -x 172.16.0.102The response should look similar to this:
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> -x 172.16.0.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13755
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;100.0.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.0.16.172.in-addr.arpa. 0 IN PTR bulbasaur.app.
;; Query time: 0 msec
;; SERVER: fe80::9a73:37ff:fe90:3457%3#53(fe80::9a73:37ff:fe90:3457%3%3) (UDP)
;; WHEN: Mon Aug 14 13:26:19 UTC 2023
;; MSG SIZE rcvd: 81
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> -x 172.16.0.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15516
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;101.0.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
101.0.16.172.in-addr.arpa. 0 IN PTR ivysaur.app.
;; Query time: 0 msec
;; SERVER: fe80::9a73:37ff:fe90:3457%3#53(fe80::9a73:37ff:fe90:3457%3%3) (UDP)
;; WHEN: Mon Aug 14 13:26:19 UTC 2023
;; MSG SIZE rcvd: 79
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> -x 172.16.0.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47090
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;102.0.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
102.0.16.172.in-addr.arpa. 0 IN PTR venusaur.app.
;; Query time: 0 msec
;; SERVER: fe80::9a73:37ff:fe90:3457%3#53(fe80::9a73:37ff:fe90:3457%3%3) (UDP)
;; WHEN: Mon Aug 14 13:26:19 UTC 2023
;; MSG SIZE rcvd: 80Run the tests on the client computers as well to check if the local DNS server is working or not.
