The scenario: You've got a computer you want to use as a web server for your own personal stuff... And it works from the outside when you use a service like DynDNS... but when you use that DynDNS from the inside, you get your router's configuration page! Oh Noes!

You're a victim of what's known as NAT Loopback Blocking. This is fixable by running your own internal DNS server, optionally with a DHCP server 

Step 1: A Fast Introduction to NATs

A NAT (or Network Address Translator) is a chunk of software that turns one network of IP addresses (say, into a single IP address (say, so that the network can be routed.

NATs are often used to turn non-routable networks such as and (both common networks) into routable IPs (often referred to as "Public" or "External" IPs.)

NAT Loopback is a term used when a NAT understands a connection request for its External IP from an Internal IP and routes it as though it were a request from the outside, heeding your particular port-forwarding requests.

Many ISP-provided routers disallow this, and for good reason: Its really easy to fake a NAT loopback, sending the 'external' connection through a loop or just outright denying it.

Step 2: Installing Debian [part 1]

you can safely ignore this if you are already running Ubuntu or Debian. CentOS and friends, please consult your documentation on how to install Dnsmasq

I'm going to install Debian Squeeze (Testing) in a virtual machine, however the steps are going to be mostly the same given a real box.

The first step is getting a Network Install CD burned. You can get them from http://cdimage.debian.org -- You will find links to all the appropriate locations.

Step 3: Installing Debian [part 2]

Installing the base Debian system is pretty easy.

Some notes however to make sure you dont loose your way:

- The debian Network Installation disc will by default try and do DHCP. This sets a little flag in the installer later on that DHCP is a Good Thing to have on by default in the network configuration, and will lead to breaking things. This is fixable later on, its just a pain.
- know your network layout!
- the Debian installer needs ~1/2 a gig of space. Small hard drives are A-OK for a Debian box.
- There are numerous tutorials on how to install Debian and how to configure it. If you get lost, GIYBF.
- If you need to adminstrate this box later on remotely, install the SSH server! Really!

Step 4: Installing Dnsmasq

Dnsmasq is our DNS server and possibly DHCP server. Installing is fairly simple:

apt-get install dnsmasq

This will download and install dnsmasq onto the box, then get it running.

Step 5: Configuring Dnsmasq

The first thing you're going to want to do is actually disable your router's DHCP server -- Check the documentation on how to do that.

su to root and edit the DNSMasq configuration file using 'nano /etc/dnsmasq.conf'

dnsmasq's configuration file can be rather terse and still work. For example, here's mine:


this /forces/ the DNS server to be ( a root nameserver ) and listens only on certain addresses.

It creates a DHCP range with a lease of 12 hours.

I use PXE booting when I need to get a box up and running, so that works just fine.

You are going to want to define 3 things:
DHCP range

see http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq.conf.example for the default.

Step 6: Adding Hosts and Upstream Servers.

Dnsmasq by default will read the file /etc/hosts and /etc/resolv.conf first before it asks upstream DNS servers.

Here's an example resolv.conf:


And here's an example hosts file:

-8<        hero        leap        bridge             localhost             breaker

To find a root nameserver that works nicely, take a look at the website for them all (including a nice pretty graph) with IPv4 and IPv6 information:


Step 7: Test, Test, Test.

Tweak your dnsmasq file until you like it. Over time, DNS entries will come faster, as dnsmasq will cache the results.

Dnsmasq runs anywhere and uses very little RAM or CPU -- Many routers in fact use it for their DHCP server and often as a DNS server as well.
How different is this sequence using the other common Linux distros?
dnsmasq is not specific to any distro. If you really want to get into dsn then you need to get into bind and it's derivatives. Now with ipv6 and that dns traffic will be encrypted, this will all get real fun. But for the home network it is probably fine. Some of your open source routers already run dnsmasq. No need to set up a whole machine just for that.

About This Instructable




More by indrora:Running your own DNS/DHCP Server the Easy way. 
Add instructable to: