Wednesday, July 28, 2010



I use DNSmasq to provide DNS, DHCP, tftpd and ad blocking to my home network.


Debian Etch

Install DNSmasq from testing because it has a newer version with integrated tftpd server.
apt-get -t testing install dnsmasq

Debian Lenny and Ubuntu

aptitude install dnsmasq

Configure DNSmasq

I prefer to keep my DNSmasq configuration outside the distributed .conf file, it makes upgrades much less of a headache.
Edit '/etc/dnsmasq.conf'
nano /etc/dnsmasq.conf
Add the following to the last line of the file...
Now I need to setup my DNSmasq configuration.
# The following two options make you a better netizen, since they
 # tell dnsmasq to filter out queries which the public DNS cannot
 # answer, and which load the servers (especially the root servers)
 # uneccessarily. If you have a dial-on-demand link they also stop
 # these requests from bringing up the link uneccessarily. 
 # Never forward plain names (without a dot or domain part)
 # Never forward addresses in the non-routed address spaces.
 # By  default,  dnsmasq  will  send queries to any of the upstream
 # servers it knows about and tries to favour servers to are  known
 # to  be  up.  Uncommenting this forces dnsmasq to try each query
 # with  each  server  strictly  in  the  order  they   appear   in
 # /etc/resolv.conf
 # Set this (and domain: see below) if you want to have a domain
 # automatically added to simple names in a hosts-file.
 # Set the domain for dnsmasq. this is optional, but if it is set, it
 # does the following things.
 # 1) Allows DHCP hosts to have fully qualified domain names, as long
 #     as the domain part matches this setting.
 # 2) Sets the "domain" DHCP option thereby potentially setting the
 #    domain of all systems configured by DHCP
 # 3) Provides the domain part for "expand-hosts"
 # Uncomment this to enable the integrated DHCP server, you need
 # to supply the range of addresses available for lease and optionally
 # a lease time. If you have more than one network, you will need to
 # repeat this for each network on which you want to supply DHCP
 # service.
 # Override the default route supplied by dnsmasq, which assumes the
 # router is the same machine as the one running dnsmasq.
 # Do the same thing, but using the option name
 # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
 # probably doesn't support this......

Configure /etc/resolv.conf

We have configured DNSmasq to query the DNS servers in the order they appear in '/etc/resolv.conf'. I have done this because I use OpenDNS and failover to my ISPs DNS server in the unlikely eventOpenDNS is not available.
nano /etc/resolv.conf
Add the following and save the file.
 #OpenDNS Servers
 #Your ISPs DNS Servers

Configure hosts

Here is an example hosts file for your DNSmasq server.
nano /etc/hosts
Add the following and save the file. router server-a server-b
Restart DNSmasq
/etc/init.d/dnsmasq restart

Ad Blocking

We need a couple of supporting utilities to complete DNSmasq's ad blocking duties.

Enable adblocking configuration

nano /etc/dnsmasq.conf
Add the following to the last line of the file...

Get Ad Block List

First we need to create a simple script to get the ad block list.
nano /usr/local/bin/

# Down the DNSmasq formatted ad block list
wget "" -O /tmp/adblock.tmp

# Replace all occurrences of with the IP address our ad block server is listening on.
cat /tmp/adblock.tmp | sed 's/' | sed 's/googleadservices/ggggggadservices/' | sed 's/'> /etc/dnsmasq.adblock.conf

# Restart DNSmasq
/etc/init.d/dnsmasq restart
Now we will setup a cron job to run that on a weekly basis.
ln -s /usr/local/bin/ /etc/cron.weekly/get-ad-block-list

Create a pixel server

Pixelserv is a super minimal webserver, it's one and only purpose is serving a 1x1 pixel transparent gif file. We will redirect web requests, for adverts, to pixelserv.
wget -O /usr/local/bin/
 chmod 755
We will now edit and change the IP address it listen on.
nano /usr/local/bin/
$sock = new IO::Socket::INET (  LocalHost => '',
$sock = new IO::Socket::INET (  LocalHost => '',
We need a simple init script for starting/stopping
vi /etc/init.d/pixelserv
#! /bin/sh
# /etc/init.d/pixelserv
# Carry out specific functions when asked to by the system
case "$1" in
     echo "Starting pixelserv "
     /usr/local/bin/ &
     echo "Stopping script pixelserv"
     echo "Usage: /etc/init.d/pixelserv {start|stop}"
     exit 1
exit 0
chmod 755 /etc/init.d/pixelserv
Test that the pixelserv init script work correctly by running '/etc/init.d/pixelserv start' and checking that the '' process is running. Now run '/etc/init.d/pixelserv stop' and check the the '' process is no longer running. If everything works correctly, add the pixelserv init script to startupshutdown sequences...
update-rc.d pixelserv defaults

Testing the Ad Blocking

Go and visit some websites which have adverts in their pages and check if they are removed :-)