Version: v2.5.0

Configuring DNS Firewall on Dnsmasq

This document provides steps to set-up DNSFirewall as a forwarder in Dnsmasq. The target audience for this document are system admins managing an existing Dnsmasq set-up on their enterprise environment.

About Dnsmasq

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.

How to configure DNS Firewall on Dnsmasq?

Create a backup of Dnsmasq config:

cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

Open the config file in an editor:

vi /etc/dnsmasq.conf

Define the upstream DNS server for non-local domains using the server option (in the form server=dns_server_ip) as shown.

-strict-order # Setting this forces DNSMasq to try each query with each server in exactly the same order.  
server=45.152.135.135 # DNS Firewall resolver 
server=45.152.135.235 # DNS Firewall resolver 
server=8.8.8.8 # Google resolver 

Restart Dnsmasq and try visiting external domains from browser or command line utility like dig and verify the response in Dnsmasq logs.

Configuring DNS Firewall on Dnsmasq

About Dnsmasq​

How to configure DNS Firewall on Dnsmasq?​

About Dnsmasq

How to configure DNS Firewall on Dnsmasq?