Using dnsmasq as an internal DNS server to block online adverts

Using dnsmasq as an internal DNS server to block online adverts

This post will show you how to setup dnsmasq in order to serve dns requests for (multiple) internal domains – using dnsmasq as an internal DNS server. Using this setup you can also add block lists so that your entire network doesnt get adverts :D

  • eg you can serve a .dev tld internally to your dev teams, instead of google’s dev teams :P and block all doubleclick adverts…

I’ve used this setup in multiple locations, but this is the setup for my home network

1) install dnsmasq (yum install dnsmask, apt-get install dnsmasq)
– for the Zyxel NSA320 I installed using slacker and installed the uli/dnsmasq package

2) configure dnsmasq
in the NSA320 I had to create the dnsmasq.conf in /
I symlinked it to /etc/dnsmasq.conf

Mine has 2 lines (excluding the comments):


# this line sets the entire dev tld pointing at a centos web server box
address=/dev/192.168.0.150
# this line grabs an additional hosts file - 
# I get the hosts.nuke with a cronjob that does:
# wget http://someonewhocares.org/hosts/hosts -O /etc/hosts.nuke  
addn-hosts=/etc/hosts.nuke

you can add any of the optinos from the man page:
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

4) configure /etc/resolve.conf
I added google’s dns servers and opendns to the resolve.conf, you can add any dns server you like, as long as its not the ip address of your router…
(see update below)

5) configure your dhcp or router
I set my router to use the nsa320 as its preferred dns server
– this means that all the macnines on my network which use dhcp will get thir dns through my nsa320 (and in turn and ads should be blocked by the hosts.nuke list)

6) renew your dhcp leases on your client machines

now you can go to anthing.dev and it will route to the ip address configured in the address line in the dnsmasq.conf (in this case its 192.168.0.150) – you’ll still need to configure something on that end though (eg a name based vhost)

Update: I found this excellent post which suggests adding a cache with cache-size=1000 and setting /etc/resolv.conf to use 127.0.0.1 and setting dnsmasq to use a separate resolve file for upstream dns. I have since added the following changes:

/etc/dnsmasq.conf:


addn-hosts=/etc/hosts.nuke
address=/dev/192.168.0.115
domain-needed
bogus-priv
cache-size=1000
resolv-file=/etc/resolv.dnsmasq

/etc/resolv.conf:


nameserver 127.0.0.1

/etc/resolv.dnsmasq:


nameserver 8.8.8.8
nameserver 8.8.4.4
Tags: , , , , , , , , , , , ,

Leave a Reply