# Charlton Trezevant's Zoomin DNSMasq Config - Version 1.0 # Having a large local cache speeds up subsequent DNS queries significantly (from several hundred msec to around 25-30) # You may need to adjust this depending on the amount of free space you have cache-size=10000 # This ensures local reverse lookup queries are never sent upstream (e.g. dig +noall +answer -x 10.0.1.1) bogus-priv # Names without a dot or other domain part will also not be forwarded upstream domain-needed # We won't need dnsmasq to overwrite the system's resolv.conf, as we have our own cache. no-resolv # One of the most important directives!! For some reason Dnsmasq devs block name resolution with synchronous writes to the # syslog. This directive will have Dnsmasq write log entries asynchronously, so fs writes don't bog down performance. log-async=5 # This forces Dnsmasq to query each of the DNS servers below in the order they appear, rather than randomly (default) strict-order server=8.8.8.8 # Google DNS, but can be anything you prefer server=8.8.4.4 server=208.67.222.222 #OpenDNS # This directive allows local hosts to have FQDNs on the domain you specify below (e.g. yourhost.local becomes yourhost.lan.yourdomain) expand-hosts # Sets the local domain domain=lan.yourdomain local=/lan.yourdomain/ # Sets a DNS record so that router.lan.yourdomain resolves to your router's IP, locally # Make sure all these IP addresses are correct for your network configuration address=/router.lan.yourdomain/10.0.1.1 # My Nifty Idea(tm): If you manage multiple LANs, you can use the TXT record below to determine what network you're on in scripts # using dig +TXT lan.yourdomain or equivalent txt-record=lan.yourdomain,"area:your LAN name here" # Binds Dnsmasq to the local, LAN-facing interfaces. Not 100% necessary, but still useful for security listen-address=127.0.0.1 listen-address=10.0.1.1 bind-interfaces # Additional options: # - Enable forced DNS redirection, so that all outbound DNS traffic is answered by your server (regardless of client settings) # - Make sure "No DNS Rebind" is enabled (prevents DNS rebind attacks) # - Make sure "Add requestor MAC to DNS query" is disabled (privacy reasons) # Recommended reading (RTD!): # https://www.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO # https://mohan43u.wordpress.com/2012/08/06/dnsmasq-for-home-user/ # https://github.com/mirror/dd-wrt/blob/master/src/router/dnsmasq/dnsmasq.conf.example