# Charlton Trezevant's Zoomin DNSMasq Config - Version 1.0

# Having a large local cache speeds up subsequent DNS queries significantly (from several hundred msec to around 25-30)
# You may need to adjust this depending on the amount of free space you have
cache-size=10000 
# This ensures local reverse lookup queries are never sent upstream (e.g. dig +noall +answer -x 10.0.1.1)
bogus-priv
# Names without a dot or other domain part will also not be forwarded upstream
domain-needed
# We won't need dnsmasq to overwrite the system's resolv.conf, as we have our own cache.
no-resolv
# One of the most important directives!! For some reason Dnsmasq devs block name resolution with synchronous writes to the
# syslog. This directive will have Dnsmasq write log entries asynchronously, so fs writes don't bog down performance.
log-async=5
# This forces Dnsmasq to query each of the DNS servers below in the order they appear, rather than randomly (default)
strict-order
server=8.8.8.8 # Google DNS, but can be anything you prefer
server=8.8.4.4
server=208.67.222.222 #OpenDNS
# This directive allows local hosts to have FQDNs on the domain you specify below (e.g. yourhost.local becomes yourhost.lan.yourdomain)
expand-hosts
# Sets the local domain
domain=lan.yourdomain
local=/lan.yourdomain/
# Sets a DNS record so that router.lan.yourdomain resolves to your router's IP, locally
# Make sure all these IP addresses are correct for your network configuration
address=/router.lan.yourdomain/10.0.1.1
# My Nifty Idea(tm): If you manage multiple LANs, you can use the TXT record below to determine what network you're on in scripts
# using dig +TXT lan.yourdomain or equivalent
txt-record=lan.yourdomain,"area:your LAN name here"
# Binds Dnsmasq to the local, LAN-facing interfaces. Not 100% necessary, but still useful for security
listen-address=127.0.0.1 
listen-address=10.0.1.1
bind-interfaces

# Additional options: 
# - Enable forced DNS redirection, so that all outbound DNS traffic is answered by your server (regardless of client settings)
# - Make sure "No DNS Rebind" is enabled (prevents DNS rebind attacks)
# - Make sure "Add requestor MAC to DNS query" is disabled (privacy reasons)
# Recommended reading (RTD!): 
#    https://www.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO
#    https://mohan43u.wordpress.com/2012/08/06/dnsmasq-for-home-user/ 
#    https://github.com/mirror/dd-wrt/blob/master/src/router/dnsmasq/dnsmasq.conf.example