chtzvt/dnsmasq.conf

## dnsmasq.conf
# Charlton Trezevant's Zoomin DNSMasq Config - Version 1.0

# Having a large local cache speeds up subsequent DNS queries significantly (from several hundred msec to around 25-30)
# You may need to adjust this depending on the amount of free space you have
cache-size=10000
# This ensures local reverse lookup queries are never sent upstream (e.g. dig +noall +answer -x 10.0.1.1)
bogus-priv
# Names without a dot or other domain part will also not be forwarded upstream
domain-needed
# We won't need dnsmasq to overwrite the system's resolv.conf, as we have our own cache.
no-resolv
# One of the most important directives!! For some reason Dnsmasq devs block name resolution with synchronous writes to the
# syslog. This directive will have Dnsmasq write log entries asynchronously, so fs writes don't bog down performance.
log-async=5
# This forces Dnsmasq to query each of the DNS servers below in the order they appear, rather than randomly (default)
strict-order
server=8.8.8.8 # Google DNS, but can be anything you prefer
server=8.8.4.4
server=208.67.222.222 #OpenDNS
# This directive allows local hosts to have FQDNs on the domain you specify below (e.g. yourhost.local becomes yourhost.lan.yourdomain)
expand-hosts
# Sets the local domain
domain=lan.yourdomain
local=/lan.yourdomain/
# Sets a DNS record so that router.lan.yourdomain resolves to your router's IP, locally
# Make sure all these IP addresses are correct for your network configuration
address=/router.lan.yourdomain/10.0.1.1
# My Nifty Idea(tm): If you manage multiple LANs, you can use the TXT record below to determine what network you're on in scripts
# using dig +TXT lan.yourdomain or equivalent
txt-record=lan.yourdomain,"area:your LAN name here"
# Binds Dnsmasq to the local, LAN-facing interfaces. Not 100% necessary, but still useful for security
listen-address=127.0.0.1
listen-address=10.0.1.1
bind-interfaces

# Additional options:
# - Enable forced DNS redirection, so that all outbound DNS traffic is answered by your server (regardless of client settings)
# - Make sure "No DNS Rebind" is enabled (prevents DNS rebind attacks)
# - Make sure "Add requestor MAC to DNS query" is disabled (privacy reasons)
# Recommended reading (RTD!):
#    https://www.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO
#    https://mohan43u.wordpress.com/2012/08/06/dnsmasq-for-home-user/
#    https://github.com/mirror/dd-wrt/blob/master/src/router/dnsmasq/dnsmasq.conf.example
	# Charlton Trezevant's Zoomin DNSMasq Config - Version 1.0

	# Having a large local cache speeds up subsequent DNS queries significantly (from several hundred msec to around 25-30)
	# You may need to adjust this depending on the amount of free space you have
	cache-size=10000
	# This ensures local reverse lookup queries are never sent upstream (e.g. dig +noall +answer -x 10.0.1.1)
	bogus-priv
	# Names without a dot or other domain part will also not be forwarded upstream
	domain-needed
	# We won't need dnsmasq to overwrite the system's resolv.conf, as we have our own cache.
	no-resolv
	# One of the most important directives!! For some reason Dnsmasq devs block name resolution with synchronous writes to the
	# syslog. This directive will have Dnsmasq write log entries asynchronously, so fs writes don't bog down performance.
	log-async=5
	# This forces Dnsmasq to query each of the DNS servers below in the order they appear, rather than randomly (default)
	strict-order
	server=8.8.8.8 # Google DNS, but can be anything you prefer
	server=8.8.4.4
	server=208.67.222.222 #OpenDNS
	# This directive allows local hosts to have FQDNs on the domain you specify below (e.g. yourhost.local becomes yourhost.lan.yourdomain)
	expand-hosts
	# Sets the local domain
	domain=lan.yourdomain
	local=/lan.yourdomain/
	# Sets a DNS record so that router.lan.yourdomain resolves to your router's IP, locally
	# Make sure all these IP addresses are correct for your network configuration
	address=/router.lan.yourdomain/10.0.1.1
	# My Nifty Idea(tm): If you manage multiple LANs, you can use the TXT record below to determine what network you're on in scripts
	# using dig +TXT lan.yourdomain or equivalent
	txt-record=lan.yourdomain,"area:your LAN name here"
	# Binds Dnsmasq to the local, LAN-facing interfaces. Not 100% necessary, but still useful for security
	listen-address=127.0.0.1
	listen-address=10.0.1.1
	bind-interfaces

	# Additional options:
	# - Enable forced DNS redirection, so that all outbound DNS traffic is answered by your server (regardless of client settings)
	# - Make sure "No DNS Rebind" is enabled (prevents DNS rebind attacks)
	# - Make sure "Add requestor MAC to DNS query" is disabled (privacy reasons)
	# Recommended reading (RTD!):
	# https://www.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO
	# https://mohan43u.wordpress.com/2012/08/06/dnsmasq-for-home-user/
	# https://github.com/mirror/dd-wrt/blob/master/src/router/dnsmasq/dnsmasq.conf.example