This guide uses Docker to run dnsmasq.
Note: dnsmasq does not have an official Docker image. Community-maintained images are available, or you can build your own from source.
For Docker installation, see Docker.
Create a directory to store your configuration and compose files.
mkdir -p /opt/dnsmasq
mkdir -p /opt/dnsmasq/config/dnsmasq.d
cd /opt/dnsmasq
Define a container for dnsmasq.
services:
dnsmasq:
image: jpillora/dnsmasq:latest
container_name: dnsmasq
ports:
- "53:53/udp"
- "53:53/tcp"
volumes:
- ./config/dnsmasq.conf:/etc/dnsmasq.conf
- ./config/dnsmasq.d:/etc/dnsmasq.d
restart: unless-stopped
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
read_only: true
Create /opt/dnsmasq/config/dnsmasq.conf:
# Listen on all interfaces
listen-address=0.0.0.0
# Upstream DNS servers
server=8.8.8.8
server=1.1.1.1
# Cache size
cache-size=1000
# DNSSEC validation (v2.70+)
dnssec
dnssec-check-unsigned
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
# DNS-0x20 cache poisoning protection (v2.91+, default-off)
# dns-0x20
# Log queries
log-queries
Start the container in the background.
docker compose up -d
# Check container is running
docker ps | grep dnsmasq
# Test DNS resolution
dig @127.0.0.1 google.com +short
# Test DNSSEC (if enabled)
dig @127.0.0.1 dnssec.works +dnssec
If you prefer to build from source:
FROM alpine:latest
RUN apk add --no-cache dnsmasq bind-tools
EXPOSE 53/tcp 53/udp
ENTRYPOINT ["dnsmasq", "-k", "--log-facility=-"]
docker build -t dnsmasq:local .
jpillora/dnsmasq are popular, or build from source.latest for production deployments./etc/dnsmasq.conf (main), /etc/dnsmasq.d/ (drop-in directory).Running dnsmasq in containers for production? We help with:
Need help? office@linux-server-admin.com or Contact Us