dnsmasq

What is dnsmasq?

dnsmasq is a compact, open source network service designed to deliver DNS caching, DNS forwarding to upstream resolvers, and DHCP services for small networks and embedded devices. It consolidates multiple functions into a single daemon, reducing upstream DNS traffic while offering straightforward configuration through /etc/dnsmasq.conf or drop-in files.

dnsmasq runs as a single daemon that listens on UDP/TCP port 53 for DNS queries and on DHCP ports to lease addresses. It supports DHCPv4/v6, DNS caching, and simple host name resolution, making it ideal for tiny LANs, home routers, and lightweight appliances.

Is dnsmasq Safe?

dnsmasq is generally safe when obtained from official repositories and configured with sensible access controls. It is widely used in home routers, Linux desktops, and embedded devices to provide efficient DNS caching, DHCP services, and basic local name resolution. Always secure network interfaces, limit exposure, and keep the package up to date.

Is dnsmasq a Virus?

dnsmasq is not a virus by design; it is a legitimate, open source daemon. However, attackers may modify or replace the binary if the system is compromised or if installations come from untrusted sources. Always verify the binary location, provenance, and signatures, and monitor for unexpected network behavior.

How to Verify Legitimacy

1. Check File Location: Confirm the dnsmasq binary resides at a canonical path such as /usr/sbin/dnsmasq or /usr/local/sbin/dnsmasq and that no suspicious copies exist in user-writable directories.
2. Verify Digital Signature: On systems using package managers, verify the installed package signature (e.g., dpkg -V or rpm -V) and compare with the official repository.
3. Check File Hash: Compute the SHA256 hash of the binary (e.g., sha256sum /usr/sbin/dnsmasq) and compare against the known, published hash from the distro.
4. Scan for Malware: Run a malware scan on the binary and system directories with a trusted scanner (e.g., rkhunter, ClamAV) and review for unexpected modifications.

Why is it Running?

Reasons it's running:

• DNS caching for speed and resilience: dnsmasq caches frequent DNS lookups to reduce upstream DNS traffic and improve response times for local clients, which is especially beneficial on low-bandwidth links.
• DHCP service for small networks: It can act as a lightweight DHCP server, issuing IP addresses, gateways, and DNS server info to devices on a local network without needing a full DHCP server stack.
• Simple local DNS and hostname resolution: dnsmasq can provide simple hostname resolution for static hosts and integrate with DHCP leases to map IPs to hostnames, simplifying management on tiny networks.
• Embedded and router integrations: Many routers and embedded Linux systems rely on dnsmasq to provide essential DNS and DHCP functionality with minimal footprint.
• Configurable and lightweight: With a small configuration surface area and straightforward syntax, dnsmasq is easy to customize for custom DNS forwarding, spoofing prevention, and DHCP ranges.

Can I Disable or Remove It?

Common Problems

Common Causes & Solutions

• : Check system logs (journalctl -u dnsmasq) for syntax errors in /etc/dnsmasq.conf and ensure the file exists and is accessible by root. Fix the syntax, then restart the service.
• : Verify that dnsmasq is configured as the DNS resolver for clients, ensure upstream servers are reachable in /etc/resolv.conf, and confirm no conflicting DNS services are bound to port 53.
• : Check the dhcp-range and dhcp-option settings in /etc/dnsmasq.conf, ensure the DHCP service is enabled on the correct interface (e.g., interface=eth0), and examine lease file for conflicts.
• : Identify other services using port 53 or 67/68 with ss -tulpen and adjust dnsmasq's port bindings or disable the conflicting service to resolve the conflict.
• : Review conditional forwarding and upstream servers, verify firewall rules allow DNS traffic, and ensure integrity of the dnsmasq.conf directives related to server= lines.
• : Check dnsmasq processes with top or ps, verify config for excessive logging or overly broad DHCP ranges, and tune cache size or log verbosity as needed.

Related Processes