← DNS SoftwareDNS Software / Forwarder + DHCP

dnsmasq

A lightweight DNS forwarder and DHCP server designed for small networks, home routers, embedded systems, and developer environments.

Overview

Lightweight DNS Forwarder

dnsmasq is a combined DNS forwarder and DHCP server designed to be simple and lightweight. It reads /etc/hosts for local names and forwards everything else to upstream resolvers. It is not a recursive resolver — it forwards queries rather than walking the DNS hierarchy itself.

dnsmasq ships as the default DNS component in OpenWrt (the Linux firmware for home routers), NetworkManager on Linux desktops, and many embedded Linux systems. It is also popular for local development environments — tools like minikube and macOS's Homebrew-based dev setups use dnsmasq for local domain routing.

  • DNS forwarding with caching — not full recursion
  • Reads /etc/hosts automatically — no zone file needed for simple local entries
  • DHCP server with static lease assignment by MAC address
  • DHCP + DNS integration: assigns hostnames from DHCP leases automatically
  • Wildcard local domains: e.g., route *.dev.local to 127.0.0.1
  • TFTP server for PXE boot alongside DHCP
  • No DNSSEC validation — not suitable for security-sensitive deployments
Not for Production Resolversdnsmasq is a forwarder, not a recursive resolver. It does not validate DNSSEC, does not perform full resolution, and is not designed for high query volumes. For a production or ISP resolver, use Unbound or PowerDNS Recursor instead.
2001
First released
OpenWrt
Ships in most home routers
Configuration

Key Configuration Examples

Basic dnsmasq.conf

# /etc/dnsmasq.conf # Listen on localhost and LAN listen-address=127.0.0.1,192.168.1.1 # Forward to upstream resolvers server=1.1.1.1 server=8.8.8.8 # Cache size (number of entries) cache-size=1000 # Don't forward queries for # unqualified names (single label) domain-needed # Don't forward 192.168.x.x reverse lookups bogus-priv # Read /etc/hosts no-hosts # comment out to enable /etc/hosts

Local domain routing (dev)

# Route *.test to localhost # (useful for local dev environments) address=/.test/127.0.0.1 address=/.test/::1 # Specific internal host address=/myapp.internal/10.0.0.5 # Forward internal zone to # a specific DNS server server=/corp.internal/10.0.0.1 # Block a domain (return NXDOMAIN) address=/tracking.example.com/ # Or block with specific IP: address=/ads.example.com/0.0.0.0

DHCP server config

# DHCP range: 192.168.1.100-200 # Lease time: 24h dhcp-range=192.168.1.100,192.168.1.200,24h # Static lease by MAC address dhcp-host=aa:bb:cc:dd:ee:ff,printer,192.168.1.10 # Set DHCP options dhcp-option=3,192.168.1.1 # gateway dhcp-option=6,192.168.1.1 # DNS server dhcp-option=15,home.local # domain # DHCP lease file dhcp-leasefile=/var/lib/misc/dnsmasq.leases # Integrate DHCP hostnames into DNS # (automatic — dnsmasq does this by default)

macOS local dev setup

# Route *.test to 127.0.0.1 on macOS # via Homebrew dnsmasq brew install dnsmasq # /usr/local/etc/dnsmasq.conf: echo "address=/.test/127.0.0.1" >> \ $(brew --prefix)/etc/dnsmasq.conf # Tell macOS to use dnsmasq for .test sudo mkdir -p /etc/resolver echo "nameserver 127.0.0.1" | \ sudo tee /etc/resolver/test # Start dnsmasq sudo brew services start dnsmasq # Test ping -c1 anything.test

Related Topics

Unbound

Full DNSSEC-validating recursive resolver for environments that need more than dnsmasq offers.

CoreDNS

Plugin-based DNS server popular in Kubernetes and container environments.

Recursive Resolver

How recursive resolution works — dnsmasq forwards to an upstream resolver rather than resolving iteratively.