Dnsmasq is a lightweight DNS forwarder and DHCP server that is commonly used in small networks and as a caching DNS proxy. It was developed by Simon Kelley and released in 2001 under the GNU General Public License.
Dnsmasq is designed to be a simple and easy-to-use tool that provides essential DNS and DHCP services. It can be used as a standalone tool or as part of a larger network infrastructure. It is particularly useful in situations where a full-blown DNS server or DHCP server is not required, such as in small office or home networks.
- Current stable: dnsmasq 2.92 (2026-01-14).
- Small networks that need combined DNS caching and DHCP.
- Home labs, branch offices, or edge gateways.
- Lightweight environments where simplicity matters.
- DNS forwarding and caching: Forward queries to upstream servers with configurable cache size and TTL handling.
- DHCP server: Assign IP addresses, lease management, and static mappings for local networks.
- DHCPv6 and RA support: IPv6 DHCP and Router Advertisement (
--enable-ra) for SLAAC.
- DNSSEC validation: Supported since v2.70 (2014), enhanced in v2.90/v2.92. Validate signed zones with trust anchors.
- Authoritative DNS mode: Serve authoritative records for local domains (
--local, --domain).
- Network booting (PXE/TFTP): Built-in TFTP server for diskless boot and OS installation.
- Conditional forwarding: Forward specific domains to designated upstream servers.
- DNS-0x20 encoding: Cache-poisoning protection via case randomization (v2.91+, default-off).
- IDN support: Internationalized domain name handling.
- Domain name tagging: Configure different DNS/DHCP settings per subnet or client tag.
- Lightweight footprint: Extremely low resource usage (~1MB RAM).
- GPL-2.0-or-later (GPL-2.0 or GPL-3.0, user’s choice)
- Self-hosted deployment
- Actively maintained (v2.92 released 2026-01-14)
- libvirt/KVM: Default DNS/DHCP for virtual machine networks
- Pi-hole: Uses dnsmasq fork for ad-blocking DNS
- OpenWrt home routers: Default DNS/DHCP on OpenWrt/LEDE
- Android OS: Embedded DNS resolver on Android devices
- PXE boot servers: Network boot provisioning with TFTP
- Small office/home networks: Combined lightweight DNS + DHCP
¶ Setup and References
- Not for large-scale production: Best suited for small networks; BIND/Unbound for enterprise DNS
- DNSSEC supported: Validation available since v2.70 (2014), trust-anchor improvements in v2.90+
- DHCP integration: Tightly integrated DHCP and DNS with automatic record updates
- PXE boot: Supports network boot (PXE, TFTP) out of the box
- Conditional forwarding: Can forward specific domains differently
- Lightweight: Extremely low resource usage (~1MB RAM)
- Config files:
/etc/dnsmasq.conf (main), /etc/dnsmasq.d/ (drop-in directory)