Local DNS and DHCP with dnsmasq
Quick and simple: here's a dnsmasq configuration to have DHCP and DNS from a local server on your network.
First, install dnsmasq and prepare a folder for configurations. I'm using Ubuntu as an example:
apt update && apt install -y dnsmasq
mkdir /etc/dnsmasq
Now, let's edit /etc/dnsmas.conf
:
log-facility=/var/log/dnsmasq.log
# Uncomment these for debugging
#log-queries
#log-dhcp
# DNS
# Upstream DNS servers
server=1.1.1.1
server=8.8.8.8
domain-needed
bogus-priv
strict-order
no-resolv
no-negcache
bind-interfaces
# Optional: map your public IP to your DNS server
alias=1.2.3.4,192.168.1.2
cache-size=10000
# A file where we can define additional local addresses
addn-hosts=/etc/dnsmasq/hosts
# DHCP
dhcp-hostsfile=/etc/dnsmasq/dhcp
dhcp-leasefile=/etc/dnsmasq/leases
dhcp-lease-max=999
no-hosts
# dynamic IP range. This network can have up to 253 machines
dhcp-range=192.168.1.3,192.168.1.255,255.255.255.0,1h
# subnet
dhcp-option=1,255.255.255.0
# primary dns
dhcp-option=6,192.168.1.2
# your network router
dhcp-option=3,192.168.1.1
/etc/dnsmasq.conf
systemctl restart dnsmasq
Some assumptions here:
- your router is at 192.168.1.1
- your DNS/DHCP server is at 192.168.1.2. This machine needs a static IP address
Now you can also create some local DNS resolutions:
192.168.1.5 office.local
192.168.1.10 example.com
/etc/dnsmasq/hosts
These only apply to your local network, but they are handy if you want to host a public website and still have it running from within the network without SSL certificate issues.
And here's how you can associate a MAC address with a fixed IP:
00:11:22:33:44:55,office-computer,192.168.1.5
/etc/dnsmasq/dhcp
Bonus
If you want to block some annoying websites network-wide, it's also easy peasy: go to /etc/dnsmasq.d/blackhole.conf
and add some entries like so:
address=/bad-website.com/127.0.0.1
address=/another-site.com/127.0.0.1
With a bit of smartness and automation, you can even block ads with lists like https://easylist.to/
Have fun!