The dnsmasq utility is a compact server application for Linux. It handles DNS, DHCP, PXE, TFTP, and router advertisement tasks. Unlike heavyweight DNS solutions, dnsmasq keeps things simple. It works best for home networks and small office setups.
When a query arrives, dnsmasq checks its local cache first. If no match is found, it passes the request to an upstream resolver, such as Google’s public DNS. The tool also reads your system’s /etc/hosts file for local name resolution and responds to DHCP-configured machines.
Getting dnsmasq Ready on Your Machine
Confirm whether dnsmasq already exists on your system:
$ dnsmasq --versionIf you see a version number, everything is set. Otherwise, grab it with your package manager.
On Ubuntu or Debian-based distros:
$ sudo apt install dnsmasqOn Fedora:
$ sudo dnf install dnsmasqsystemd-resolved occupies port 53 by default. Disable it before starting dnsmasq with sudo systemctl disable --now systemd-resolved. If you need to install a particular package version on Debian-based systems, the apt install specific version guide covers that process.
Basic dnsmasq Command Format
The general pattern looks like this:
$ dnsmasq [options]Pass flags to control DNS cache capacity, DHCP address pools, config file paths, and more.
Key dnsmasq Flags and Their Purpose
| Short Flag | Long Flag | What It Does |
|---|---|---|
-a ip |
--listen-address=ip |
Binds dnsmasq to a particular local IP |
-c size |
--cache-size=size |
Sets cache capacity (150 entries by default) |
-C file |
--conf-file=file |
Points to a custom config file |
-d |
--no-daemon |
Runs in debug mode rather than background |
-F ip |
--dhcp-range=ip |
Activates DHCP within a given address pool |
-h |
--no-hosts |
Skips loading /etc/hosts |
-i |
--interface=interface |
Restricts listening to one network interface |
-k |
--keep-in-foreground |
Prevents dnsmasq from daemonizing |
-K |
--dhcp-authoritative |
Declares this as the sole DHCP provider on the LAN |
-p port |
--port=port |
Changes the DNS listening port (default: 53) |
-q |
--log-queries |
Records all DNS lookups |
-R |
--no-resolve |
Ignores the resolv.conf file |
-v |
--version |
Prints the current dnsmasq version |
If your dnsmasq instance will listen on a non-standard port, make sure that port is open in your firewall. The guide to opening ports on Linux walks through the steps for ufw and firewalld.
Practical dnsmasq Usage Scenarios
Launching with default behavior
Run dnsmasq without any flags to fire it up using standard settings:
$ dnsmasqYour configuration must be valid before doing this. Review config files with a terminal editor like nano to check for syntax problems.
Activating query logging
Track every DNS request by appending the -q flag. To redirect logs into a separate file, pair it with -8:
$ dnsmasq -q --log-facility=/home/user/dnsmasq.logThis approach is helpful for troubleshooting network problems. Inspect log output with tools like grep or tail.
Running dnsmasq as a DHCP provider
Assign addresses automatically across your LAN by specifying an IP pool and lease duration:
$ dnsmasq -F 192.168.10.80,192.168.10.160,6hAddresses between 192.168.10.80 and 192.168.10.160 get allocated here. Each lease lasts six hours.
Restricting to one network adapter
Force dnsmasq to accept traffic on a single interface only:
$ dnsmasq -i enp0s0Combining several flags together
Mix multiple options in one command. The example below listens on a specific adapter, allocates DHCP addresses, blocks host file loading, and enables query logging:
$ dnsmasq --interface=enp0s0 --dhcp-range=192.168.10.80,192.168.10.160,6h --no-hosts --log-querieskillall dnsmasq clears it before restarting.
Storing All dnsmasq Options Inside a Config File
Typing long commands repeatedly gets tedious. Place every setting inside a dedicated file instead. Open a new file with any editor:
$ sudo nano /etc/custom.confAdd your preferred settings there. Before launching, validate the syntax:
$ dnsmasq -C /etc/custom.conf --testIf no errors appear, boot the server with:
$ dnsmasq -C /etc/custom.confchmod 600 /etc/custom.conf to lock the file to root only. The chmod executable guide covers permission management in more detail.
To confirm dnsmasq is listening after startup, list running processes with ps aux | grep dnsmasq or check with ss -lntp | grep :53.
Wrapping Up
dnsmasq remains one of the most practical solutions for managing DNS and DHCP on small networks. Its low resource footprint makes it a good fit where a full-featured server would be overkill. With caching, forwarding, filtering, and PXE boot support packed into a single binary, dnsmasq covers a wide range of networking needs without added complexity.
FAQs
dnsmasq is a lightweight DNS forwarder, DHCP server, and network boot provider. It caches DNS queries and assigns IP addresses on small local networks.
Run sudo apt install dnsmasq after disabling systemd-resolved. Remove the default /etc/resolv.conf symlink and create a new one pointing to your upstream DNS.
Yes. Enable DHCP with the --dhcp-range flag while DNS runs by default. Both services operate within a single dnsmasq process.
Write your settings in a file such as /etc/custom.conf, test with dnsmasq -C /etc/custom.conf --test, then launch using dnsmasq -C /etc/custom.conf.
Run ss -lntp | grep :53 to see if port 53 is active, or use systemctl status dnsmasq on systemd-based distributions to check the service state.
