Dnsmasq is free software providing Domain Name System (DNS) caching, a Dynamic Host Configuration Protocol (DHCP) server, router advertisement and network boot features, intended for small computer networks. Which we will be using to host our own caching DNS server with a blacklist from oisd.nl.
First make sure to install Dnsmasq and other needed software with the command (only works on distros with apt):
sudo apt install dnsmasq dnsutils curl
Next thing you do is edit a configuration file in the /etc/ directory:
sudo nano /etc/dnsmasq.conf
The default options should be sufficient for now but of course edit accordingly. For performance optimization or deeper configuration consult the Arch Wiki or Debian Wiki.
Only thing you absolutly have to add is a hint for external config file.
# Adds blocklist to dnsmasq confoguration
conf-file=/etc/dnsmasq.d/blocklist.confNext up create the script to generate the blocklist this will be run weekly:
sudo nano /etc/cron.weekly/dnsmasqlist
Paste this into the configuration file:
#!/bin/sh
curl https://dnsmasq.oisd.nl/ -o /etc/dnsmasq.d/blocklist.conf && dnsmasq --test && systemctl reload dnsmasq || echo "" > /etc/dnsmasq.d/blocklist.conf ; systemctl restart dnsmasqMake it executable:
sudo chmod +x /etc/cron.weekly/dnsmasqlist
And run it:
/etc/cron.weekly/dnsmasqlist
Note: If it complains about missing directory just create one with: sudo mkdir /etc/dnsmasq.d/ .
After that run this command to check if generated:
head /etc/dnsmasq.d/blocklist.conf
Then do a test request to your server:
dig kaizentom.xyz @127.0.0.1
If it works correctly the output shoud look likes this:
; <<>> DiG 9.17.21-1-Debian <<>> kaizentom.xyz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40866
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;kaizentom.xyz. IN A
;; ANSWER SECTION:
kaizentom.xyz. 600 IN A 31.207.89.98
;; Query time: 284 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jan 15 15:35:49 CET 2022
;; MSG SIZE rcvd: 58You are done, now head to your device and add your server as the DNS.