I had a need to split DNS resolution on a series of hosts between two DNS servers, one local to the environment and one for global address resolution. In the past I have always used BIND 9 for my go-to DNS server, however for this trivial forwarding tasks it seemed overkill and a good opportunity to give something lighter-weight a go. So I opted to try Dnsmasq instead.

Rather than introduce new infrastructure, since there is no pair (or more) of high-availability hosts in the infrastructure and no obvious candidates to become a resiliant DNS cluster of servers, I opted to setup Dnsmasq locally on each machine and configure each to use themselves for DNS. This means each machine’s single failure point is itself and the failure of Dnsmasq on one machine will not impact any others.

On Debian, setting this up was very easy. First, I installed Dnsmasq:

apt-get install dnsmasq

Then I created a configuration file, to configure it to listen on the loopback device only, not to try and do DHCP and where to forward the requests. I dropped the file into the /etc/dnsmasq.d directory, which Debian’s setup will read out of the box:

no-hosts
no-dhcp-interface=lo
interface=lo
listen-address=127.0.0.1
no-resolv
server=/home.entek.org.uk/192.168.20.250
server=8.8.8.8
bind-interfaces
# Dnsmasq will try and query all servers (if multiple are configured)
# and respond with the first reply with this option
all-servers

And then a simple restart got it working:

systemctl restart dnsmasq

I also needed to make sure the service was enabled:

systemctl enable dnsmasq

Finally, after testing resolution was working with dig, I updated resolv.conf to use the local Dnsmasq instance for resolution:

# ...
nameserver 127.0.0.1