Search
K
Links

How to set up your own DNS server

Learn how to set up your personal DNS server on Linux and macOS and use it remotely over Meshnet.

Introduction

Once the internet connection is set up in your home, it is usually configured to use the internet service provider’s DNS addresses. Using such DNS can lead to a number of inconveniences: longer website loading times, unwanted URL blocking, and query logging. All of these factors can make the browsing experience feel like a chore. Thankfully, there are various ways to overcome these hindrances, such as configuring a personal DNS server. A tool that allows you to do exactly this is dnsmasq.
By using the free dnsmasq software, your device can function as a DNS forwarder and DHCP server. It has an integrated DNS caching feature. This means that any website that is saved in the cache will open nearly instantly. Such behavior leads to a much smoother and more enjoyable browsing experience. Additionally, you are in control of your DNS records, as you can monitor them directly on your device or disable logging altogether.
The drawback of dnsmasq is that it is designed to work only on the local network. However, with the addition of Meshnet, you can use your dnsmasq configuration no matter how far away from home you are.
In this article, you will find instructions on how to set up a personal DNS server using dnsmasq on macOS and Linux.
Note
Changing DNS addresses while using cellular data and keeping the Meshnet connection active is not possible. If you are using a mobile device with a cellular connection, you will need to use dnsmasq with a VPN connection.
macOS
Linux

Before you begin

Because dnsmasq uses port 53 for its functionality, it is important to ensure that this port is available on your system before configuring dnsmasq. To do so, open Terminal and execute the following command:
sudo lsof -i -n -P | grep :53
If port 53 is being used, in the output, you will see the name of the process that is using it.
In case the port is occupied, you will need to free it up by killing the other process which is using port 53 or changing its port to a different one.

Install Homebrew

To install dnsmasq, you can use the Homebrew package manager. Install Homebrew by taking these steps:
  1. 1.
    Open Terminal.
  2. 2.
    Enter the following command:
    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
    For additional information about the installation process, refer to Homebrew documentation.
  3. 3.
    Follow the on-screen instructions to finish the installation.

Find the Meshnet network interface

Communication between devices in Meshnet is done via the Meshnet network interface. The name of the interface can differ for each device. To find the correct name on your device:
  1. 2.
    Open Terminal.
  2. 3.
    Run the following command:
    ifconfig
  3. 4.
    Locate the interface with your Meshnet IP and note its name. For example, utun3.
    Meshnet network interface

Install dnsmasq

To start configuring your DNS server, you will need to install dnsmasq on your machine.
  1. 1.
    Open Terminal.
  2. 2.
    Install dnsmasq by running the following command:
    brew install dnsmasq
The dnsmasq application will be installed.

Configure dnsmasq

Dnsmasq settings are controlled via its configuration file called dnsmasq.conf.
  1. 1.
    Open the dnsmasq.conf file using the Nano text editor by running this command in Terminal: For Intel Macs:
    nano /usr/local/etc/dnsmasq.conf
    nano /opt/homebrew/etc/dnsmasq.conf
  2. 2.
    Using the Control + W keyboard shortcut, locate and uncomment the following lines by removing the hash (#) symbol at the start: • domain-neededbogus-privno-resolv
    domain-needed and bogus-priv lines
    no-resolv line
  3. 3.
    Find the cache-size line, uncomment it, and change the value to 1000.
    cache-size line
  4. 4.
    Locate the interface line, uncomment it, and append the name of the network interface from the Find the Meshnet network interface section after the equals (=) sign.
    interface line with the Meshnet network interface name
  5. 5.
    Find the #server=/localnet/192.168.0.1 line and replace it with the following two lines:
    server=1.1.1.1
    server=8.8.8.8
    Edited server lines
    Instead of the 1.1.1.1 and 8.8.8.8 DNS addresses, you can use your preferred DNS provider for the upstream DNS.
  6. 6.
    Press Control ⌃ + X, Y, and Return to save changes and exit.
Start the dnsmasq process as the root user via the following command:
sudo brew services start dnsmasq
Note
Detailed information about the altered parameters can be found in the Options section of the dnsmasq manual page.

Enable query logging (optional)

You can enable query logging in the dnsmasq.conf file to monitor for any failed DNS resolutions or inconsistencies in website loading.
  1. 1.
    Open Terminal and run the following command: For Intel Macs:
    nano /usr/local/etc/dnsmasq.conf
    nano /opt/homebrew/etc/dnsmasq.conf
  2. 2.
    Locate the log-queries line and uncomment it by removing the hash (#) symbol at the start.
  3. 3.
    Append a new log-facility=/usr/local/var/log/dnsmasq.log line below log-queries.
    Lines for query logging
  4. 4.
    Press Control + X, Y, and Return to save changes and exit.
  5. 5.
    Restart the dnsmasq process by running:
    sudo brew services restart dnsmasq
All of the DNS queries will now be logged in the /usr/local/var/log/dnsmasq.log file.

Test dnsmasq

To test if dnsmasq was configured properly and is working, do the following:
  1. 1.
    Open Terminal.
  2. 2.
    Check the status of the dnsmasq service via this command:
    sudo brew services list
    Status of the dnsmasq service
  3. 3.
    Check if the domain name resolution is working properly by using dig:
    dig nordvpn.com @localhost
    Output of the 'dig' command
If you receive an answer to the dig command, it indicates that your DNS server is working properly and ready for use.

Before you begin

Because dnsmasq uses port 53 for its functionality, it is important to ensure that this port is available on your system before configuring dnsmasq. To do so, open Terminal and execute the following command:
sudo netstat -tulpn | grep :53
Note
The net-tools package is required to use the netstat command.
It can be installed by running the following:
sudo apt install net-tools
If port 53 is being used, in the output, you will see the name of the process that is using it.
For example, in the screenshot below, you can see that the systemd-resolve is listening on port 53.
Systemd-resolved listening on port 53
In case the port is occupied, you will need to free it up by killing the other process which is using port 53 or changing its port to a different one.

Free up port 53 used by systemd-resolve

Many Linux distributions use systemd-resolve for DNS query resolution. To disable the systemd-resolved service from binding to port 53:
  1. 1.
    Open Terminal.
  2. 2.
    Open the resolved.conf file using the Nano text editor by running this command:
    sudo nano /etc/systemd/resolved.conf
  3. 3.
    At the end of the file, append this line:
    DNSStubListener=no
    DNSStubListener line
  4. 4.
    Press Ctrl + X, Y, and Enter to save changes and exit.
  5. 5.
    Run the following command to restart the systemd-resolved process:
    sudo systemctl restart systemd-resolved

Install dnsmasq

To start configuring your DNS server, you will need to install dnsmasq on your machine.
  1. 1.
    Open Terminal.
  2. 2.
    Update all of your repositories and install dnsmasq by running the following command:
    sudo apt update && sudo apt install dnsmasq
The dnsmasq application will be installed and started automatically.

Configure dnsmasq

Dnsmasq settings are controlled via its configuration file called dnsmasq.conf.
  1. 1.
    Open the dnsmasq.conf file using the Nano text editor by running this command in Terminal:
    sudo nano /etc/dnsmasq.conf
  2. 2.
    Using the Ctrl + W keyboard shortcut, locate and uncomment the following lines by removing the hash (#) symbol at the start: • domain-neededbogus-privno-resolv
    domain-needed and bogus-priv lines
    no-resolv line
  3. 3.
    Find the cache-size line, uncomment it, and change the value to 1000.
    cache-size line
  4. 4.
    Locate the interface line, uncomment it, and append nordlynx after the equals (=) sign.
    interface line with 'nordlynx' appended
  5. 5.
    Find the #server=/localnet/192.168.0.1 line and replace it with the following two lines:
    server=1.1.1.1
    server=8.8.8.8
    Edited server lines
    Instead of the 1.1.1.1 and 8.8.8.8 DNS addresses, you can use your preferred DNS provider for the upstream DNS.
  6. 6.
    Press Ctrl + X, Y, and Enter to save changes and exit.
To ensure that the changes are applied, restart the dnsmasq process via the following command:
sudo systemctl restart dnsmasq

Enable query logging (optional)

You can enable query logging in the dnsmasq.conf file to monitor for any failed DNS resolutions or inconsistencies in website loading.
  1. 1.
    Open Terminal and run the following command:
    sudo nano /etc/dnsmasq.conf
  2. 2.
    Locate the log-queries line and uncomment it by removing the hash (#) symbol at the start.
  3. 3.
    Append a new log-facility=/var/log/dnsmasq.log line below log-queries.
    Lines for query logging
  4. 4.
    Press Ctrl + X, Y, and Enter to save changes and exit.
  5. 5.
    Restart the dnsmasq process by running:
    sudo systemctl restart dnsmasq
All of the DNS queries will now be logged in the /var/log/dnsmasq.log file.

Test dnsmasq

To test if dnsmasq was configured properly and is working, do the following:
  1. 1.
    Open Terminal.
  2. 2.
    Run the following command to check the syntax in the dnsmasq.conf file:
    dnsmasq --test
    dnsmasq syntax check
  3. 3.
    Install the dnsutils tool by running this command:
    sudo apt install dnsutils
  4. 4.
    Check if the domain name resolution is working properly by using dig:
    dig nordvpn.com @localhost
    Output of the 'dig' command
If you receive an answer to the dig command, it indicates that your DNS server is working properly and ready for use.

Use your dnsmasq DNS over Meshnet

With dnsmasq fully set up, you can start using it on your devices. For usage via Meshnet, you must set the server device’s Meshnet IP address as the DNS server on each client device.

Without a VPN connection

Windows
Android
iOS
macOS
Linux
Android TV

Windows 11

  1. 1.
    Right-click Start
    and select Network connections.
  2. 2.
    Choose the network type your device is using (Wi-Fi or Ethernet).
  3. 3.
    Find the DNS server assignment option and click Edit.
  4. 4.
    Choose Manual from the dropdown menu and enable IPv4.
  5. 5.
    Fill in the DNS fields.
    • Under Preferred DNS, enter the Meshnet IP of the dnsmasq device.
    • Under Alternate DNS, enter the DNS address of another provider.
      dnsmasq and alternate DNS addresses entered in Windows settings.
  6. 6.
    Click Save.

Windows 10

  1. 1.
    Right-click Start
    and select Network connections.
  2. 2.
    Select Change adapter options.
  3. 3.
    Right-click your current network adapter (Wi-Fi or Ethernet) and choose Properties.
  4. 4.
    In the new window, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
  5. 5.
    Select Use the following DNS server addresses and fill in the fields underneath.
    • Preferred DNS server: the Meshnet IP of the dnsmasq device.
    • Alternate DNS server: the DNS address of another provider.
    dnsmasq and alternate DNS addresses entered.
  6. 6.
    Click OK twice to apply the changes.
  1. 1.
    Open the Settings menu.
  2. 2.
    Go to Connections and select Wi-Fi.
  3. 3.
    Find your current Wi-Fi network and tap the gear button.
  4. 4.
    Go to Advanced/View more.
  5. 5.
    Change the IP settings value to Static.
  6. 6.
    Fill in the required DNS addresses:
    • Under DNS 1, enter the Meshnet IP of the dnsmasq device.
    • Under DNS 2, enter the DNS address of another provider.
      dnsmasq and alternate DNS entered in Android settings.
  7. 7.
    Tap Save (if such a button is present).
  1. 1.
    Open Settings.
  2. 2.
    Tap Wi-Fi, find your current network, and tap the Info
    button.
  3. 3.
    Tap Configure DNS and choose Manual.
  4. 4.
    Select Add server and enter the Meshnet IP of the dnsmasq device.
    dnsmasq Meshnet IP entered in iOS DNS settings.
  5. 5.
    Ensure that the added IP address is at the top.
  6. 6.
    Tap Save.

macOS Ventura 13 and newer

  1. 1.
    Go to System settings and click Network.
  2. 2.
    Select the network interface you use (Wi-Fi or Ethernet) and click Details.
  3. 3.
    Open the DNS tab and click the plus (+) button at the bottom to add the Meshnet IP address of the dnsmasq device.
  4. 4.
    Ensure that the added IP address is at the top.
    dnsmasq Meshnet IP entered in macOS DNS settings.
  5. 5.
    Click OK to save the changes.

macOS Monterey 12 and older

  1. 1.
    Go to System preferences and click Network.
  2. 2.
    Select the network interface you use (Wi-Fi or Ethernet) and click Advanced.
  3. 3.
    Open the DNS tab and add the Meshnet IP address of the dnsmasq device by clicking the plus (+) icon.
  4. 4.
    Ensure that the added IP address is at the top.
    dnsmasq Meshnet IP entered in macOS DNS settings.
  5. 5.
    Click OK and then click Apply.

Method 1: Using Network Manager

  1. 1.
    Open Settings, and then select either Network or Wi-Fi based on your network type.
  2. 2.
    Click the gear button and go to the IPv4 tab.
  3. 3.
    Next to DNS, disable the Automatic toggle.
  4. 4.
    In the DNS field, enter the Meshnet IP of the dnsmasq device and the DNS of another provider, separated by a comma.
    dnsmasq Meshnet IP and alternate DNS address entered in Linux network settings.
  5. 5.
    Click Apply.
  6. 6.
    Open Terminal and run the following command to restart the Network Manager daemon:
    sudo systemctl restart NetworkManager
  7. 7.
    Enter your sudo password.

Method 2: Using Terminal

  1. 1.
    Open Terminal and run the following command:
    sudo nano /etc/systemd/resolved.conf
  2. 2.
    Locate the DNS and FallbackDNS lines.
  3. 3.
    Uncomment the lines by removing the hash (#) symbols.
  4. 4.
    Enter the appropriate DNS addresses after the equals (=) sign, as shown: DNS=<Meshnet IP of the dnsmasq device> FallbackDNS=<DNS of another provider>
    Changed DNS on Linux
  5. 5.
    Press Ctrl + X, Y, and Enter to exit and save the changes.
  6. 6.
    Run the following command to ensure that the network changes are applied:
    sudo systemctl restart systemd-resolved
  7. 7.
    Enter your sudo password.
Note
Changes in the /etc/systemd/resolved.conf file take priority over settings in the Network Manager. Therefore, if you apply the DNS change directly via the Network Manager settings, ensure that there are no custom configurations in the previously mentioned resolved.conf file. Otherwise, the specified DNS addresses will not be used.
  1. 1.
    Open the Android TV Settings menu.
  2. 2.
    Select Network & internet.
  3. 3.
    Choose your network and change the IP settings value to Static.
  4. 4.
    Enter your device's local IP address, network gateway, and network prefix length.
  5. 5.
    Type in the DNS addresses:
    • In the DNS 1 field, enter the Meshnet IP address of your dnsmasq device.
      Meshnet IP address entered in the DNS 1 field.
    • In the DNS 2 field, enter the DNS address of another provider.

With a VPN connection

Meshnet allows you to use your custom, self-hosted DNS server alongside a VPN connection via the NordVPN app. Follow these steps to use your dnsmasq DNS when connected to a VPN server:
Windows
Android
iOS
macOS
Linux
Android TV
  1. 1.
    Open the NordVPN app.
  2. 2.
    Navigate to Meshnet
    and copy the Meshnet IP address of your dnsmasq device.
  3. 3.
    In the lower-left corner, click Settings
    .
  4. 4.
    Select the Connection section.
  5. 5.
    Enable the Use custom DNS toggle and click the dropdown arrow.
  6. 6.
    In the first field, paste the copied Meshnet IP address.
    Entering the Meshnet IP address in the Use custom DNS section in the NordVPN app settings.
  7. 7.
    On the right, click the Save
    checkmark.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
Note
On the Threat protection
page, make sure that the Threat protection lite toggle is disabled. Otherwise, the custom DNS change will be overwritten by the Threat Protection feature.
  1. 1.
    Open the NordVPN app.
  2. 2.
    Navigate to the Meshnet
    tab and copy the Meshnet IP address of your dnsmasq device.
  3. 3.
    In the lower-right corner, tap Profile, and then select Settings.
  4. 4.
    Under VPN and security, tap DNS.
  5. 5.
    Select Custom, paste the copied Meshnet IP address, and tap Add.
    Entering the Meshnet IP address as the custom DNS server in the NordVPN app.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
Note
In the Settings menu, make sure that the Threat protection lite toggle is disabled. Otherwise, the custom DNS change will be overwritten by the Threat Protection feature.
  1. 1.
    Open the NordVPN app.
  2. 2.
    Navigate to Meshnet
    and copy the Meshnet IP address of your dnsmasq device by tapping it.
    Tapping the Meshnet IP address of the peer device to copy it.
  3. 3.
    In the lower-right corner, tap Profile
    .
  4. 4.
    In the upper-right corner, select Settings
    .
  5. 5.
    Under VPN connection, tap Protocol.
  6. 6.
    In the Enter custom DNS address field, paste the copied Meshnet IP address.
    Entering the Meshnet IP address as the custom DNS server in the NordVPN app.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
Note
In the Profile
menu, make sure that the Threat protection lite toggle is disabled. Otherwise, the custom DNS change will be overwritten by the Threat Protection feature.
Note
The custom DNS feature is available only on the sideload version of the NordVPN app.
  1. 1.
    Open the NordVPN app.
  2. 2.
    Navigate to Meshnet
    and copy the Meshnet IP address of your dnsmasq device.
    Clicking the Meshnet IP address of the peer device to copy it to the clipboard.
  3. 3.
    In the lower-left corner, click Settings
    .
  4. 4.
    On the left, select the DNS section.
  5. 5.
    Click Add new DNS.
  6. 6.
    In the new entry, paste the copied Meshnet IP address.
  7. 7.
    Turn on the Enable custom DNS servers toggle.
    Enabling the custom DNS toggle in the NordVPN app settings.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
Note
On the Threat protection
tab, make sure that the Use lite version toggle is disabled. Otherwise, the custom DNS change will be overwritten by the Threat Protection feature.
  1. 1.
    Open Terminal.
  2. 2.
    Run the following command, replacing <MeshnetIP> with your dnsmasq device's Meshnet IP address:
    nordvpn set dns <MeshnetIP>
    Example
    Running the 'nordvpn set dns' command with the Meshnet IP address of the DNS server.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
Note
Make sure that Threat protection lite is disabled. Otherwise, the custom DNS change will be overwritten by NordVPN’s Threat Protection feature.
To disable Threat Protection lite, use the nordvpn set tplite off command.
  1. 1.
    Open the NordVPN app.
  2. 2.
    Scroll down to the Settings section and select the Settings card.
  3. 3.
    Choose DNS and select Custom.
  4. 4.
    Enter the Meshnet IP address of your dnsmasq device.
    Meshnet IP written in the 'Enter DNS server address' field.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
Note
In the Settings menu, make sure that the Threat protection lite option is turned off. Otherwise, the custom DNS change will be overwritten by NordVPN’s Threat Protection feature.
Tip
If you're looking for alternate DNS addresses, here are some of the most popular free DNS providers:
  • Google — 8.8.8.8 and 8.8.4.4
  • Cloudflare — 1.1.1.1 and 1.0.0.1
  • AdGuard — 176.103.130.130 and 176.103.130.131
  • Quad9 — 9.9.9.9 and 149.112.112.112
  • OpenDNS — 208.67.222.222 and 208.67.220.220
You can also use the same upstream DNS addresses from the dnsmasq.conf file.
With the DNS changes applied, you have finished the setup process. Your personal DNS server can now be used remotely, with the help of Meshnet.
© 2023 Nord Security. All Rights Reserved.