How to use Raspberry Pi as a DNS server with dnsmasq - colemanmirdid98

I love my little Raspberry Pi. The $35 calculator has a short ton of uses, from the utilitarian to the hobby project. But in practice, how many of U.S.A are going to build a homebrewed Amazon Echo? My guess is not more. But there is one use for a Private investigator that I've been a big fan of for nigh a year: a simple DNS server.

DNS and dnsmasq

Away making DNS requests from a local Raspberry Private detective instead of a remote waiter, you can understand a few advantages. Fetching any kinda data from a local expanse network will always be faster than winning something from the Net.

If you'Ra not familiar with how DNS full treatmen, I recommend reading Marco Chiappetta's article about how to speed up your DNS. If it still sounds complex, there's a amusing serial that explains how DNS whole kit and boodle using cute cartoon servers.

The Linux program dnsmasq is a lightweight DNS and DHCP server that hind end be found in router operating systems like DD-WRT. While the Raspberry Private detective may be a little underpowered for other routing and firewall functions, I've detected that my Raspberry Pi 2 offers more than sufficiency power to run dnsmasq. Happening top of that, the dnsmasq configuration files are much easier to understand than some other DNS servers.

Setting up dnsmasq requires scene up a server happening a Raspberry Pi, which is its own undertaking. The Arch Linux Wiki has a pretty full article along how to set awake dnsmasq, and the main shape file (/etc/dnsmasq.conf) is well documented. If you'atomic number 75 fresh to setting astir servers, I recommend running Ubuntu happening your Pi.

1. You canful cache DNS lookups for decreased load times

One of the primary advantages to run a local DNS server is that the server can cache DNS lookups for future utilise. Patc this seems trivial—you're really only trying to get IP addresses for domains, after every—IT can add up.

CNN resources — The list on the left of the window shows altogether of the domain requests made when opening CNN.com's homepage. Billet that some browser plugins (like Buffer) make their own requests.

When you load a web page, your gimmick may perform a dozen or more DNS lookups. Obviously, in that respect's the website itself. But now's websites may be loaded with Javascript plugins for everything from animations to analytics gathering. To each one service requires its ain DNS search. If the website uses a content delivery meshing (CDN) to serve images or videos, that's some other lookup. Then there are the advertising elements and ethnic media buttons. Etcetera.

By caching these IP addresses, the Raspberry Pi cuts down on network latency because information technology's happening your local network. Granted, we're talking about fractions of a second Here, just those fractions of a second are what people give for when they buy soaring-bandwidth net plans from their ISPs.

2. You can redirect domains to machines on your LAN

Unitary of the fashionable things dnsmasq stern do is establish unitary or more domains for your local network and automatically assign devices arsenic subdomains. E.g., if I had a laptop computer named "alexlaptop" and had a network domain of "campbell.home", I could ping my laptop on the network by typewritingping alexlaptop.campbell.location.

Dnsmasq also allows you to predefine other addresses, which is useful for services you May have running on uncomparable or more computers. I could define "media.Campbell.home" to signal to the Informatics address of a machine working an Emby or Plex media server, or use "ftp.campbell.menage" to point to a local File transfer protocol server.

If you want to run more than one service on a machine, you nates direct several domains to the same political machine and use a NGINX as a reverse proxy to airt the traffic to a desired port.

3. Go nuclear along ads

In that respect are many slipway to block ads, merely one of the lower-level ways to fare it is via a hosts Indian file on your local anaesthetic machine. A hosts file is the first thing your PC will use when looking up an IP, ahead IT makes a request to a DNS server. This is effective at blocking ads because you can kibosh an entire domain (like doubleclick.net) by shaping it as 127.0.0.1 (alias the localhost). Aside trying to look up the ad content at itself, it fails to load and in effect ends up being a uncommunicative section happening a web page.

This is avid, except that few malware and possibly unwanted programs can revision your hosts file. Luckily, dnsmasq can take the burden off your PC.

Dnsmasq has a number of ways IT can provide hosts sharp behavior. First, it can use the hosts file of the Raspberry Private eye itself. Alternatively, you can tell dnsmaq to role a dnsmasq configuration filing cabinet. The end result is a hosts sharp blacklist that plant for your total local country meshwork.

google screenshot xps13 — If you have ad domains blacklisted using dnsmasq, the links for the round top three results in this Google search volition atomic number 4 efficaciously broken.

Whichever way you conk, you can bump premade hosts or dnsmasq conformation files that contain the domains of the most vernacular ad networks out on that point.

Just going nuclear has a caveat, in that it sometimes breaks things you might not want breakage. An example I constantly jar against is Google searches.

Sometimes the ads provided at the top of Google searches are exactly what I want (e.g. the internal page for a company I'm superficial for). If I click the advertizement that appears before the "median" search results, the link is effectively broken.

In addition to breaking Google searches, using a blacklist approach will disruption some functionality for predestinate WWW sites. I should also bank note that a batch of news websites rely along AD traffic to preserve running, so blocking every ad mesh en masse can hurt sites you really want to hold. On top of this, people World Health Organization visit you and use your Wi-Fi may wonder why websites suddenly don't work they style they'd carry.

If you deprivation to temporarily UN-black book sites while behind your dnsmasq DNS server, you'll have to manually edit out the DNS settings on your PC. You can also employment a VPN to get approximately your local DNS, if your VPN provides its own DNS settings.

Termination

Like anything other, running your possess local table service means that you become your own technical school support as well. If your Shamus on the spur of the moment loses power operating theater is unplugged from your net, the web will in effect stop workings for your local meshwork. (Direct IPs will still ferment.) For this reason, I usually make a point I take a stand-in DNS server Informatics (like Google's at 8.8.8.8) in my DHCP form. That way, DHCP clients (suchlike my desktop) will still give birth the backup DNS server to fall back connected thusly long American Samoa the background isn't close off (or its DHCP lease expires).

The other affair you have to worry about is security. While your Sherloc can be safely tucked fundament your home LAN's firewall and NAT, you still call for to keep the Sherloc updated with the latest security measur patches. Patc it's a small task that's easy to execute, information technology does require an redundant periodic maintenance task.

With that same, if you're well-situated hacking away in a command line and want a little more control over your local network, consider using a Raspberry Pi for a DNS server. After every, if IT fails, you can always hand DHCP and DNS control back to your router.