Learn how to set up your personal DNS server on Linux and macOS and use it remotely over Meshnet.
Last updated
Was this helpful?
Once the internet connection is set up in your home, it is usually configured to use the internet service provider’s DNS addresses. Using such DNS can lead to a number of inconveniences: longer website loading times, unwanted URL blocking, and query logging. All of these factors can make the browsing experience feel like a chore. Thankfully, there are various ways to overcome these hindrances, such as configuring a personal DNS server. A tool that allows you to do exactly this is dnsmasq.
By using the free dnsmasq software, your device can function as a DNS forwarder and DHCP server. It has an integrated DNS caching feature. This means that any website that is saved in the cache will open nearly instantly. Such behavior leads to a much smoother and more enjoyable browsing experience. Additionally, you are in control of your DNS records, as you can monitor them directly on your device or disable logging altogether.
The drawback of dnsmasq is that it is designed to work only on the local network. However, with the addition of Meshnet, you can use your dnsmasq configuration no matter how far away from home you are.
In this article, you will find instructions on how to set up a personal DNS server using dnsmasq on macOS and Linux.
Note
Changing DNS addresses while using cellular data and keeping the Meshnet connection active is not possible. If you are using a mobile device with a cellular connection, you will need to use dnsmasq with a VPN connection.
Because dnsmasq uses port 53 for its functionality, it is important to ensure that this port is available on your system before configuring dnsmasq. To do so, open Terminal and execute the following command:
If port 53 is being used, in the output, you will see the name of the process that is using it.
In case the port is occupied, you will need to free it up by killing the other process which is using port 53 or changing its port to a different one.
To install dnsmasq, you can use the Homebrew package manager. Install Homebrew by taking these steps:
Open Terminal.
Enter the following command:
For additional information about the installation process, refer to Homebrew documentation.
Follow the on-screen instructions to finish the installation.
Communication between devices in Meshnet is done via the Meshnet network interface. The name of the interface can differ for each device. To find the correct name on your device:
Open Terminal.
Run the following command:
Locate the interface with your Meshnet IP and note its name. For example, utun3.
To start configuring your DNS server, you will need to install dnsmasq on your machine.
Open Terminal.
Install dnsmasq by running the following command:
The dnsmasq application will be installed.
Dnsmasq settings are controlled via its configuration file called dnsmasq.conf.
Open the dnsmasq.conf file using the Nano text editor by running this command in Terminal:
For Intel Macs:
For Apple silicon Macs:
Using the Control ⌃ + W keyboard shortcut, locate and uncomment the following lines by removing the hash (#) symbol at the start:
• domain-needed
• bogus-priv
• no-resolv
Find the cache-size line, uncomment it, and change the value to 1000.
Locate the interface line, uncomment it, and append the name of the network interface from the Find the Meshnet network interface section after the equals (=) sign.
Find the #server=/localnet/192.168.0.1 line and replace it with the following two lines:
Instead of the 1.1.1.1 and 8.8.8.8 DNS addresses, you can use your preferred DNS provider for the upstream DNS.
Press Control ⌃ + X, Y, and Return to save changes and exit.
Start the dnsmasq process as the root user via the following command:
Note
Detailed information about the altered parameters can be found in the Options section of the dnsmasq manual page.
You can enable query logging in the dnsmasq.conf file to monitor for any failed DNS resolutions or inconsistencies in website loading.
Locate the log-queries line and uncomment it by removing the hash (#) symbol at the start.
Append a new log-facility=/usr/local/var/log/dnsmasq.log line below log-queries.
Press Control + X, Y, and Return to save changes and exit.
Restart the dnsmasq process by running:
All of the DNS queries will now be logged in the /usr/local/var/log/dnsmasq.log file.
To test if dnsmasq was configured properly and is working, do the following:
Open Terminal.
Check the status of the dnsmasq service via this command:
Check if the domain name resolution is working properly by using dig:
If you receive an answer to the dig command, it indicates that your DNS server is working properly and ready for use.
With dnsmasq fully set up, you can start using it on your devices. For usage via Meshnet, you must set the server device’s Meshnet IP address as the DNS server on each client device.
Choose the network type your device is using (Wi-Fi or Ethernet).
Find the DNS server assignment option and click Edit.
Choose Manual from the dropdown menu and enable IPv4.
Fill in the DNS fields.
Under Preferred DNS, enter the Meshnet IP of the dnsmasq device.
Under Alternate DNS, enter the DNS address of another provider.
Click Save.
Select Change adapter options.
Right-click your current network adapter (Wi-Fi or Ethernet) and choose Properties.
In the new window, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Select Use the following DNS server addresses and fill in the fields underneath.
Preferred DNS server: the Meshnet IP of the dnsmasq device.
Alternate DNS server: the DNS address of another provider.
Click OK twice to apply the changes.
Meshnet allows you to use your custom, self-hosted DNS server alongside a VPN connection via the NordVPN app. Follow these steps to use your dnsmasq DNS when connected to a VPN server:
Open the NordVPN app.
Select the Connection section.
Turn on the Use custom DNS toggle and click the dropdown arrow.
In the first field, paste the copied Meshnet IP address.
Click the Save checkmark.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
Note
Tip
If you're looking for alternate DNS addresses, here are some of the most popular free DNS providers:
Google — 8.8.8.8 and 8.8.4.4
Cloudflare — 1.1.1.1 and 1.0.0.1
AdGuard — 94.140.14.14 and 94.140.15.15
Quad9 — 9.9.9.9 and 149.112.112.112
OpenDNS — 208.67.222.222 and 208.67.220.220
You can also use the same upstream DNS addresses from the dnsmasq.conf file.
With the DNS changes applied, you have finished the setup process. Your personal DNS server can now be used remotely, with the help of Meshnet.
Right-click Start and select Network connections.
Right-click Start and select Network connections.
Tap Wi-Fi, find your current network, and tap the Info button.
Navigate to Devices in Meshnet and copy the Meshnet IP address of your dnsmasq device.
In the lower-left corner, click Settings .
In Threat protection pro > Advanced browsing protection, ensure that the DNS filtering toggle is turned off. Otherwise, the Threat Protection feature will overwrite the custom DNS change.
Navigate to Profile > Meshnet > Manage devices and copy the Meshnet IP address of your dnsmasq device.
Go back to the Profile menu, and then select Settings .
Select Custom, paste the copied Meshnet IP address, and tap Add.
On the Threat protection tab, ensure that the Use threat protection option is turned off. Otherwise, the Threat Protection feature will overwrite the custom DNS change.
Navigate to Profile > Meshnet > Manage devices and copy the Meshnet IP address of your Pi-hole device by tapping it.
Go back to the Profile menu and select Settings .
On the Threat protection tab, ensure that threat protection is turned off. Otherwise, the Threat Protection feature will overwrite the custom DNS change.
Navigate to Meshnet and copy the Meshnet IP address of your dnsmasq device.
In the lower-left corner, click Settings .
In Threat protection pro > Overview, ensure that the DNS filtering toggle is turned off. Otherwise, the Threat Protection feature will overwrite the custom DNS change.
Navigate to the Settings tab.
On the Settings tab, under App settings, ensure that the Threat protection lite option is turned off. Otherwise, the Threat Protection feature will overwrite the custom DNS change.
