Related commands

• sudo systemd-resolve --flush-caches

Files of Interest

/var/lib/misc/dnsmasq.leases

Stub Resolver

• https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts#:~:text=in%20the%20namespace.-,Recursive%20name%20resolution,which%20it%20is%20not%20authoritative.&text=Forwarding%20and%20root%20hints%20are,which%20they%20are%20not%20authoritative.
• https://www.internetsociety.org/resources/deploy360/dns-privacy/intro/-
• https://www.omnisecu.com/tcpip/recursive-and-iterative-dns-queries.php#:~:text=Recursion%20in%20DNS%20(Domain%20Name,DNS%20Servers%20for%20name%20resolution.

Install

apt-get update && sudo apt-get install -y dnsmasq
systemctl stop systemd-resolved
touch /etc/dnsmasq.hosts
systemctl disable systemd-resolved
systemctl mask systemd-resolved

Undo

systemctl unmask systemd-resolved
systemctl enable systemd-resolved
systemctl start systemd-resolved

/etc/dnsmasq.hosts

10.0.0.1  prod.example.com.
10.0.0.2  dev.example.com.

/etc/dnsmasq.conf

no-resolv  # Don't read /etc/resolv.conf. Get upstream servers only from the command line or the dnsmasq  configuration file.
server=8.8.8.8
server=8.8.4.4
addn-hosts=/etc/dnsmasq.hosts
cache-size=1000  # Only cache up to 1000 names
listen-address=127.0.0.1,10.x.x.x  # must explicityly set this for non-local network resolves
# server=/example.com/ns.example.com  # forward example.com to server
# ...

systemctl restart dnsmasq
dig @10.x.x.x +short prod.example.com -p 15353
sudo tcpdump -npi eth0 port 53

Example

=======================================================
# Example DNSMASQ configuration file with 192.168.2.1 private network
# Common defaults
resolv-file=/etc/resolv.conf
dhcp-leasefile=/var/lib/misc/dnsmasq.leases
# Make sure we look at our DNS servers in order first so unqualified name names are resolved correctly
strict-order
expand-hosts
# Out default local domain name
domain=localnet
local=/localnet/
domain-needed
bogus-priv
dhcp-authoritative
# The more DNS queries you have from clients the larger you want this
cache-size=2048
bind-interfaces
enable-tftp
log-dhcp
log-facility=/var/log/dnsmasq
tftp-root=/tftpboot/pxes
# Default BIOS boot file
dhcp-boot=pxelinux.0
# Rasperry PI boot
dhcp-mac=set:RASPBERRYPI,b8:27:eb:*:*:*
dhcp-match=set:RASPBERRYPI, option:client-machine-id, 00:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
tag-if=set:RASPBERRYPI, tag:ARCH_0, tag:RASPBERRYPI
dhcp-option=tag:RASPBERRYPI,43,"Raspberry Pi Boot   "
dhcp-boot=tag:RASPBERRYPI,/tftpboot/pxes/raspberrypi/boot/bootcode.bin
# Raspebrry PI looks like intel arch so fix it here
tag-if=set:x86PC, tag:ARCH_0, tag:!RASPBERRYPI
dhcp-boot=tag:x86PC,pxelinux.0
# Match other architecture types here
dhcp-match=set:X86-64_EFI,option:client-arch,6
dhcp-match=set:X86-64_EFI,option:client-arch,7
dhcp-match=set:X86-64_EFI,option:client-arch,9
dhcp-boot=tag:X86-64_EFI,syslinux64.efi
# Default listen addresses for servers
listen-address= 127.0.0.1,192.168.2.1
dhcp-range=comm1,192.168.2.2,192.168.2.254,255.255.255.0,3600
dhcp-option=comm1,6,192.168.2.1
dhcp-option=comm1,3,192.168.2.1
#  Add your windows servers here
srv-host=_ldap._tcp,licsrv2.uwaterloo.ca,389,1
srv-host=_ldap._tcp,licsrv1.uwaterloo.ca,389,2
#==============================
dhcp-host=192.168.2.1,90:e2:ba:52:f0:2f,cs-tech1,86400
ptr-record=1.2.168.192.in-addr.arpa.,"cs-tech1"
address=/cs-tech1/192.168.2.1
dhcp-host=192.168.2.2,00:23:7d:87:7f:d1,HP-P2055dn,86400
ptr-record=2.2.168.192.in-addr.arpa.,"HP-P2055dn"
address=/HP-P2055dn/192.168.2.2
dhcp-host=192.168.2.129,00:0c:29:02:1e:4e,mysalt,86400
ptr-record=129.2.168.192.in-addr.arpa.,"mysalt"
address=/mysalt/192.168.2.129
dhcp-host=192.168.2.130,00:0c:29:37:f7:f2,myminion,86400
ptr-record=130.2.168.192.in-addr.arpa.,"myminion"
address=/myminion/192.168.2.130

Ref

• https://www.tecmint.com/setup-a-dns-dhcp-server-using-dnsmasq-on-centos-rhel/