Created
September 20, 2017 20:30
-
-
Save chtzvt/15bc1759cd255608b80091c0bdb45b1a to your computer and use it in GitHub Desktop.
Optimized Dnsmasq configuration, for use with OpenWRT/DD-WRT/Tomato/etc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Charlton Trezevant's Zoomin DNSMasq Config - Version 1.0 | |
# Having a large local cache speeds up subsequent DNS queries significantly (from several hundred msec to around 25-30) | |
# You may need to adjust this depending on the amount of free space you have | |
cache-size=10000 | |
# This ensures local reverse lookup queries are never sent upstream (e.g. dig +noall +answer -x 10.0.1.1) | |
bogus-priv | |
# Names without a dot or other domain part will also not be forwarded upstream | |
domain-needed | |
# We won't need dnsmasq to overwrite the system's resolv.conf, as we have our own cache. | |
no-resolv | |
# One of the most important directives!! For some reason Dnsmasq devs block name resolution with synchronous writes to the | |
# syslog. This directive will have Dnsmasq write log entries asynchronously, so fs writes don't bog down performance. | |
log-async=5 | |
# This forces Dnsmasq to query each of the DNS servers below in the order they appear, rather than randomly (default) | |
strict-order | |
server=8.8.8.8 # Google DNS, but can be anything you prefer | |
server=8.8.4.4 | |
server=208.67.222.222 #OpenDNS | |
# This directive allows local hosts to have FQDNs on the domain you specify below (e.g. yourhost.local becomes yourhost.lan.yourdomain) | |
expand-hosts | |
# Sets the local domain | |
domain=lan.yourdomain | |
local=/lan.yourdomain/ | |
# Sets a DNS record so that router.lan.yourdomain resolves to your router's IP, locally | |
# Make sure all these IP addresses are correct for your network configuration | |
address=/router.lan.yourdomain/10.0.1.1 | |
# My Nifty Idea(tm): If you manage multiple LANs, you can use the TXT record below to determine what network you're on in scripts | |
# using dig +TXT lan.yourdomain or equivalent | |
txt-record=lan.yourdomain,"area:your LAN name here" | |
# Binds Dnsmasq to the local, LAN-facing interfaces. Not 100% necessary, but still useful for security | |
listen-address=127.0.0.1 | |
listen-address=10.0.1.1 | |
bind-interfaces | |
# Additional options: | |
# - Enable forced DNS redirection, so that all outbound DNS traffic is answered by your server (regardless of client settings) | |
# - Make sure "No DNS Rebind" is enabled (prevents DNS rebind attacks) | |
# - Make sure "Add requestor MAC to DNS query" is disabled (privacy reasons) | |
# Recommended reading (RTD!): | |
# https://www.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO | |
# https://mohan43u.wordpress.com/2012/08/06/dnsmasq-for-home-user/ | |
# https://github.com/mirror/dd-wrt/blob/master/src/router/dnsmasq/dnsmasq.conf.example |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment