Practical Technology

for practical people.

February 9, 2017
by sjvn01

Want Faster, Easier-to-Manage DNS? Use Dnsmasq

Sure, you can use BIND (Berkeley Internet Name Domain) for your Domain Name Server (DNS). BIND is almost everyone’s favorite domain name server software and I’ve installed and managed it before. But, and it’s a big but, full-scale BIND can be a pain to run. So, unless I really need BIND’s full power, I use another program: Dnsmasq.

Dnsmasq is an easy-to-use and -setup caching DNS server. Stop laughing! It really is easy!

As a refresher, DNS is the Internet’s master phone book. It turns machine-usable IP addresses into human-readable domain names. Linode provides good documentation on its DNS manager; how to set up a reverse DNS server, which resolves an IP address to a domain name; and common DNS configurations.

Dnsmasq is a small, open-source application that’s designed to provide DNS and, optionally, Dynamic Host Configuration Protocol (DHCP), addressing to a small network. It also supports IPv4 and IPv6 static and dynamic DHCP leases, tftp, and BOOTP and PXE for network booting of diskless systems. For our purposes, I’m sticking with DNS.

The program also supports Domain Name System Security Extensions (DNSSEC) upstream. With today’s seemingly endless DNS-based Distributed Denial of Service (DDoS) attacks, you MUST use DNSSEC.

Dnsmasq is a lightweight program. In the past, I’ve run it in my home-office on a Hewlett-Packard 521n mini-tower PC with an AMD Athlon XP 1.4 GHz processor, 256MBs of RAM and a 60GB hard drive. In short, no matter how small your server or VM, you can run Dnsmasq.

The program is also widely available. It’s included in almost all Linux distributions.

Presuming you’re using Debian or Ubuntu, you’ll take the following steps to get Dnsmasq up and running. If you’re using another operating system, just use its default package installation routines.

apt-get update

apt-get install dnsmasq

That’s it. Dnsmasq should now be running.

To test it out run

dig localhost

This forces your server to use Dnsmasq for looking up the DNS record. You should put up the record in single milliseconds. That’s the big advantage of using Dnsmasq. It makes looking up frequently used domains?—?FAST!

Dig is a DNS utility program. It gives you information about a site’s address and how long it took to get its IP address from the DNS server.

By default, Dnsmasq will use the DNS servers setup in your /etc/resolv.conf file. On Linode, this will include Linode’s default DNS servers.

I like to add additional DNS servers, so if the default DNS servers go south, it will keep working. Don’t go hog-wild with setting up DNS servers. Dnsmasq will only access the first three sites listed in the resolv.conf file. I usually add one of the Google Public DNS servers, or and one of Cisco’s OpenDNS servers, or, to the default DNS site. You do this by adding them to resolv.conf with your favorite text editor. That’s vi for me.

While, you’re in the resolv.conf file, go ahead and add localhost as the first line. This enables Dnsmasq to cache DNS queries for queries from the local machine.

By default, Dnsmasq treats all nameservers as equals. It picks the one to use by using an algorithm designed to avoid nameservers which aren’t responding. If you want to use the servers in the order you have them in the resolv.conf file, run dnsmasq with the -o flag.

Next, I need to start it up to make sure that it works. Like most Linux/Unix utilities, you can do this with an init script. So, from the shell, I start it as root with:

# /etc/init.d/dnsmasq start

But, how do I know if it’s actually done anything? For that, you run the dig command. For example:


Dnsmasq is configured in /etc/dnsmasq.conf. I recommend copying the original to keep as a reference. For example, dnsmasq.conf-master. Every time you make a change to dnsmasq.conf you have to restart Dnsmasq.

The easiest way to do that is with the command:

/etc/init.d/dnsmasq restart

There are several changes you might want to make in Dnsmasq.conf. The important one is to upgrade the cache size. By default, it’s 1,000, but I prefer 2,048. Look for the line:

cache-size=1000 and change it accordingly.

Once you have it running properly, your next step is to set up dnsmasq so it runs automatically. The easiest way to do this is to run it with cron.

Why did I mention upgrading the cache? That’s because I’ve found Dnsmasq’s biggest advantage is the way it speeds up your DNS queries… a lot.

For example, one Linode customer from a few years back who was doing millions of DNS lookups got 50 percent hits from the Dnsmasq cache and that dropped their average DNS lookup time by 30 to 50 percent…

Now, that’s the kind of DNS performance I want!

This story first appeared on the Linode web site as Want Faster, Easier-to-Manage DNS? Use Dnsmasq.

February 7, 2017
by sjvn01

Municipal drones are coming — and cloud leaders are getting prepared

The Cloud Security Alliance (CSA), a leading organization dedicated to ensuring a secure cloud computing environment is working with Securing Smart Cities, a nonprofit global initiative focused on smart city cybersecurity, to set up drone guidelines.

Their report, co-authored by the CSA Internet of Things (IoT) Working Group, provides guidance for the safe and secure creation and operation of municipal drone programs. To borrow from President Trump, it’s going to be Yuge.

Why is the Cloud Security Alliance involved? While you can control and monitor a DJI Phantom 4 Quadcopter from a handset, you’re going to need more resources if you’re running hundreds or thousands of them. You need the resources of the cloud.

Municipal drones are coming — and cloud leaders are getting prepared. More>

February 7, 2017
by sjvn01

Email Privacy Act passed by House, but don’t get your hopes up

Do you want the IRS, FBI, or SEC looking into your email without a warrant? Probably not. That’s why a bipartisan group of lawmakers reintroduced the Email Privacy Act after it failed to pass last year. This law would keep your email from government snoopers without a warrant. This time, the bill passed the House of Representatives by a unanimous voice vote.

That’s a good start. The real challenge will be getting passed by the Senate and then getting President Donald Trump to sign it.

Email Privacy Act passed by House, but don’t get your hopes up. More>

February 6, 2017
by sjvn01

NY Attorney General accuses Charter Spectrum of cheating millions of Internet users

New York Attorney General Eric T. Schneiderman didn’t mince his words. In his announcement of a lawsuit against Charter and its subsidiary Spectrum, formerly known as Time Warner Cable (TWC), he said: “The allegations in today’s lawsuit confirm what millions of New Yorkers have long suspected — Spectrum-Time Warner Cable has been ripping you off.”

NY Attorney General accuses Charter Spectrum of cheating millions of Internet users. More >

February 3, 2017
by sjvn01

Mesh networking: Why it’s coming to a home or office near you

There’s nothing new about mesh-networking technology. What is new is that mesh networking is finally cheap enough to be deployed in both homes and small businesses.

Mesh networking deals with that most common of Wi-Fi problems: Dead zones. You know how it goes. You move your laptop from your office to your conference room and — blip! — there goes your Wi-Fi connection.

Mesh networking: Why it’s coming to a home or office near you. More >