X
Popular Searches

How to Run a Local Network DHCP Server with Dnsmasq

A neon "DHCP" sign
Profit_Image/Shutterstock.com

Dnsmasq is a lightweight network server providing DNS, DHCP, TFTP, and PXE functions. In this guide, we’ll look at configuring a fresh Dnsmasq installation as a standalone DHCP server.

DHCP (Dynamic Host Configuration Protocol) is the process by which network devices acquire IP addresses. Your network’s DHCP server is responsible for assigning each new device a unique address. Addresses can be static or dynamic, the latter meaning they’re issued on a short lease basis so each device’s IP may change over time.

The router acts as the DHCP server in most small networks. Setting up Dnsmasq on a Linux box gives you control over the process, as well as improved visibility into any errors that occur.

Preparing Dnsmasq

Dnsmasq is included with most Linux distributions. You can usually add the dnsmasq package if it’s not present on yours. The standard config file is located at /etc/dnsmasq.conf; you may also add files to the /etc/dnsmasq.d directory if you want to keep your settings separate to the defaults.

Dnsmasq usually listens on all your network interfaces. If you want to use a specific interface, set this now by adding or uncommenting the following line in your config file:

# Only operate on eth0
interface=eth0
Advertisement

DNS server functionality is enabled by default. You can turn it off by changing the port to 0:

port=0

Dnsmasq is now ready to operate in DCHP-only mode.

Configuring Your DHCP Server

The DHCP server is activated by specifying a DHCP IP address range:

dhcp-range=192.168.0.101,192.168.0.150,255.255.255.0,6h

This example instructs Dnsmasq to offer IP addresses between 192.168.0.101 and 192.168.0.150 in the 255.255.255.0 subnet. Issued IPs will have a lease lifetime of six hours, after which clients will need to request a renewed lease.

You should alter the above parameters to suit your network’s requirements. It’s advisable to adjust the DHCP range so it excludes any IP addresses you plan to statically assign to devices. This will ensure a device receiving dynamic leases can never be issued a “reserved” address.

Used like this, your Dnsmasq server will become the default gateway on your devices when they receive an IP address. If you’re not setting up DNS too, you should change this so Dnsmasq stops offering itself as a gateway.

dhcp-option=3,192.168.0.50

Change the IP address to that of your router. Your devices will now be able to use the router as normal after they’ve acquired an IP address from Dnsmasq.

Setting Up Static IPs

You can set up static IP addresses within the Dnsmasq config file. This lets you centralize your IP reservations, instead of scattering them across networking files on individual devices.

Advertisement

To assign a static IP, use the dhcp-host instruction. This takes a MAC address and a hostname and IP to assign:

dhcp-host=ab:cd:ef:12:34:56,example-host,192.168.0.10,infinite

Here the device with MAC ab:cd:ef:12:34:56 is given the hostname example-host and a fixed IP of 192.168.0.10. The lease duration is set to infinite to ensure no renewal is needed and the IP will never change.

To set up additional static IPs, simply repeat the dhcp-host instruction as many times as you need. At minimum, consider adding an explicit DHCP host for your router so you can reliably access it with a fixed IP. This should match the value you assigned in the dhcp-option line above.

You can load host information from a separate file or directory with the --dhcp-hostsfile and --dhcp-hostsdir options. In the case of a directory, Dnsmasq will automatically load new changes without needing to be restarted.

Using Your DHCP Server

Once you’re done setting up Dnsmasq, test its configuration to make sure your changes are valid:

dnsmasq --test

Next restart the Dnsmasq service to apply your changes:

sudo systemctl restart dnsmasq
Advertisement

Disable your router’s built-in DHCP server. Then set your router or your client devices to use your Dnsmasq server’s IP for DHCP. The steps will vary by router manufacturer so refer to your device’s documentation if you get lost.

Now your instance is operational as your network’s DHCP server, you should be able to force an IP address renewal on your devices to receive a lease from Dnsmasq. Either restart the networking service, systemctl restart networking, or use ifdown and ifup to drop and reestablish your connection.

Dnsmasq records issued IP addresses in its leases file. You can inspect this file to see active devices on your network and check IPs are being leased correctly:

cat /var/lib/misc/dnsmasq.leases

If you encounter errors, view the Dnsmasq service logs to see what’s wrong:

sudo journalctl -u dnsmasq.service

Authoritative Mode

A challenge you might have when introducing your server to an existing network is devices timing out when renewing their IPs. Each client will send its previous IP to the DHCP server, enabling the same IP to be issued if it’s still available. In the case of a fresh Dnsmasq instance, it will have no record of the existing client/IP pair so the request will be ignored.

The client will eventually timeout and submit a new request, this time asking for any available IP address. The second request will succeed but the timeout window can be quite long, potentially causing a noticeable delay during startup or networking stack initialization.

Advertisement

Adding this line to your config file solves this problem if Dnsmasq will be the only DHCP server in your network:

dhcp-authoritative

Authoritative mode instructs Dnsmasq to accept requests from clients even if they claim to have previously held an IP it has no record of. The client will still be admitted to the network and granted an IP, removing the need to make two requests separated by a lengthy timeout.

Adjusting Other Settings

A few other settings are worthy of mention:

dhcp-sequential-ip

Dnsmasq usually hashes each client’s MAC address to determine the IP they receive. This means clients generally receive the same IP address each time they connect, even if no static host has been configured. Setting the dhcp-sequential-id option means Dnsmasq will issue IPs in sequential numerical order instead, starting from the beginning of your specified IP range.

dhcp-lease-max=100

This setting controls how many concurrent leases Dnsmasq will issue. The default is 1000. If you’re on a small network, consider decreasing this value to protect Dnsmasq from denial-of-service attacks. Compromised hosts could send malicious DHCP requests to create thousands of redundant leases.

dhcp-alternate-port=8068,8068

Change the port numbers used for DHCP servers and clients. The default ports are 67 and 68; these should not normally be changed unless your network infrastructure requires it.

dhcp-leasefile=/dhcp-leases

Change the file path used to store DHCP lease information. It defaults to /var/lib/misc/dnsmasq.leases.

Summary

Dnsmasq is easy to set up as a simple DHCP server for your local network. It can operate alongside or independently of the software’s DNS functionality.

Advertisement

Despite being an intentionally lightweight server, Dnsmasq supports many different config options to facilitate more complex installations. You can use these to set up DHCP relays and proxies, adjust Dnsmasq’s conformance to the DHCP specification, and add custom scripts that will be executed when leases are created and destroyed. These facilities let you quickly evolve an experimental Dnsmasq instance into a hardened one more suitable for production-grade use in larger networks.

James Walker James Walker
James Walker is a CloudSavvy IT contributor. He's the Founder of Heron Web where he provides bespoke software development services to SMEs, specializing in web applications and APIs. He's experienced with the complete development lifecycle and works with DevOps technologies such as GitLab, Docker, and Kubernetes. Read Full Bio »

The above article may contain affiliate links, which help support CloudSavvy IT.