# How to set up your own DNS server
## Introduction
Once the internet connection is set up in your home, it is usually configured to use the internet service provider’s DNS addresses. Using such DNS can lead to a number of inconveniences: longer website loading times, unwanted URL blocking, and query logging. All of these factors can make the browsing experience feel like a chore. Thankfully, there are various ways to overcome these hindrances, such as configuring a personal DNS server. A tool that allows you to do exactly this is [dnsmasq](https://en.wikipedia.org/wiki/Dnsmasq).
By using the free dnsmasq[ ](https://en.wikipedia.org/wiki/Dnsmasq)software, your device can function as a DNS forwarder and DHCP server. It has an integrated DNS caching feature. This means that any website that is saved in the cache will open nearly instantly. Such behavior leads to a much smoother and more enjoyable browsing experience. Additionally, you are in control of your DNS records, as you can monitor them directly on your device or disable logging altogether.
The drawback of dnsmasq is that it is designed to work only on the local network. However, with the addition of [Meshnet](https://nordvpn.com/meshnet/), you can use your dnsmasq configuration no matter how far away from home you are.
In this article, you will find instructions on how to set up a personal DNS server using dnsmasq on macOS and Linux.
{% hint style="info" %}
**Note**
Changing DNS addresses while using cellular data and keeping the Meshnet connection active is not possible. If you are using a mobile device with a cellular connection, you will need to use dnsmasq [with a VPN connection](#with-a-vpn-connection).
{% endhint %}
{% tabs %}
{% tab title="macOS" %}
## Before you begin
Because dnsmasq uses port 53 for its functionality, it is important to ensure that this port is available on your system before configuring dnsmasq. To do so, open Terminal and execute the following command:
{% code overflow="wrap" %}
```bash
sudo lsof -i -n -P | grep :53
```
{% endcode %}
If port 53 is being used, in the output, you will see the name of the process that is using it.
In case the port is occupied, you will need to free it up by killing the other process which is using port 53 or changing its port to a different one.
### Install Homebrew
To install dnsmasq, you can use the [Homebrew](https://brew.sh/) package manager. Install Homebrew by taking these steps:
1. Open **Terminal**.
2. Enter the following command:
\
For additional information about the installation process, refer to [Homebrew documentation](https://docs.brew.sh/Installation).
3. Follow the on-screen instructions to finish the installation.
### Find the Meshnet network interface
Communication between devices in Meshnet is done via the Meshnet network interface. The name of the interface can differ for each device. To find the correct name on your device:
1. [Enable Meshnet on macOS](https://meshnet.nordvpn.com/getting-started/how-to-start-using-meshnet/using-meshnet-on-macos#enable-meshnet-on-macos).
2. Open **Terminal**.
3. Run the following command:
ifconfig
4. Locate the interface with your Meshnet IP and note its name. For example, `utun4`.
## Install dnsmasq
To start configuring your DNS server, you will need to install dnsmasq on your machine.
1. Open **Terminal**.
2. Install dnsmasq by running the following command:
brew install dnsmasq
The dnsmasq application will be installed.
## Configure dnsmasq
Dnsmasq settings are controlled via its configuration file called `dnsmasq.conf`.
1. Open the `dnsmasq.conf` file using the Nano text editor by running this command in **Terminal**:\
\
For Intel Macs:
nano /usr/local/etc/dnsmasq.conf
\
For [Apple silicon Macs](https://support.apple.com/en-us/HT211814):
nano /opt/homebrew/etc/dnsmasq.conf
2. Using the **Control** ⌃ + **W** keyboard shortcut, locate and uncomment the following lines by removing the hash (#) symbol at the start:
* `domain-needed`
* `bogus-priv`
* `no-resolv`
3. Find the `cache-size` line, uncomment it, and change the value to 1000.
4. Locate the `interface` line, uncomment it, and append the name of the network interface from the [Find the Meshnet network interface](#find-the-meshnet-network-interface) section after the equals (=) sign.
5. Find the `#server=/localnet/192.168.0.1` line and replace it with the following two lines:
server=1.1.1.1
server=8.8.8.8
Instead of the `1.1.1.1` and `8.8.8.8` DNS addresses, you can use your preferred DNS provider for the upstream DNS.
6. Press **Control** ⌃ + **X**, **Y**, and **Return** to save changes and exit.
Start the dnsmasq process as the root user via the following command:
```bash
sudo brew services start dnsmasq
```
{% hint style="info" %}
**Note**
Detailed information about the altered parameters can be found in the Options section of the [dnsmasq manual page](https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html).
{% endhint %}
### Enable query logging (optional)
You can enable query logging in the `dnsmasq.conf` file to monitor for any failed DNS resolutions or inconsistencies in website loading.
1. Open **Terminal** and run the following command:\
\
For Intel Macs:
nano /usr/local/etc/dnsmasq.conf
For [Apple silicon Macs](https://support.apple.com/en-us/HT211814):
nano /opt/homebrew/etc/dnsmasq.conf
2. Locate the `log-queries` line and uncomment it by removing the hash (#) symbol at the start.
3. Append a new `log-facility=/usr/local/var/log/dnsmasq.log` line below `log-queries`.
4. Press **Control** + **X**, **Y**, and **Return** to save changes and exit.
5. Restart the dnsmasq process by running:
sudo brew services restart dnsmasq
All of the DNS queries will now be logged in the `/usr/local/var/log/dnsmasq.log` file.
## Test dnsmasq
To test if dnsmasq was configured properly and is working, do the following:
1. Open **Terminal**.
2. Check the status of the dnsmasq service via this command:
sudo brew services list
3. Check if the domain name resolution is working properly by using `dig`:
dig nordvpn.com @localhost
If you receive an answer to the `dig` command, it indicates that your DNS server is working properly and ready for use.
{% endtab %}
{% tab title="Linux" %}
## Before you begin
Because dnsmasq uses port 53 for its functionality, it is important to ensure that this port is available on your system before configuring dnsmasq. To do so, open Terminal and execute the following command:
{% code overflow="wrap" %}
```bash
sudo netstat -tulpn | grep :53
```
{% endcode %}
{% hint style="info" %}
**Note**
The `net-tools` package is required to use the `netstat` command.
It can be installed by running the following:
```bash
sudo apt install net-tools
```
{% endhint %}
If port 53 is being used, in the output, you will see the number and the name of the process that is using it.
In case the port is occupied, you will need to free it up by killing the other process which is using port 53 or changing its port to a different one.
### Free up port 53 used by systemd-resolve
Many Linux distributions use systemd-resolve for DNS query resolution. To disable the systemd-resolved service from binding to port 53:
1. Open **Terminal**.
2. Open the `resolved.conf` file using the Nano text editor by running this command
sudo nano /etc/systemd/resolved.conf
3. At the end of the file, append this line:
DNSStubListener=no
4. Press **Ctrl** + **X**, **Y**, and **Enter** to save changes and exit.
5. Run the following command to restart the systemd-resolved process:
sudo systemctl restart systemd-resolved
## Install dnsmasq
To start configuring your DNS server, you will need to install dnsmasq on your machine.
1. Open Terminal.
2. Update all of your repositories and install dnsmasq by running the following command:
sudo apt update && sudo apt install dnsmasq
The dnsmasq application will be installed and started automatically.
## Configure dnsmasq
Dnsmasq settings are controlled via its configuration file called `dnsmasq.conf`.
1. Open the `dnsmasq.conf` file using the Nano text editor by running this command in Terminal:
sudo nano /etc/dnsmasq.conf
2. Using the **Ctrl** + **W** keyboard shortcut, locate and uncomment the following lines by removing the hash (#) symbol at the start:
* `domain-needed`
* `bogus-priv`
* `no-resolv`
3. Find the `cache-size` line, uncomment it, and change the value to 1000.
4. Locate the `interface` line, uncomment it, and append `nordlynx` after the equals (=) sign.
5. Find the `#server=/localnet/192.168.0.1` line and replace it with the following two lines:
server=1.1.1.1
server=8.8.8.8
\
Instead of the `1.1.1.1` and `8.8.8.8` DNS addresses, you can use your preferred DNS provider for the upstream DNS.
6. Press **Ctrl** + **X**, **Y**, and **Enter** to save changes and exit.
To ensure that the changes are applied, restart the dnsmasq process via the following command:
{% code overflow="wrap" %}
```bash
sudo systemctl restart dnsmasq
```
{% endcode %}
### Enable query logging (optional)
You can enable query logging in the `dnsmasq.conf` file to monitor for any failed DNS resolutions or inconsistencies in website loading.
1. Open Terminal and run the following command:
sudo nano /etc/dnsmasq.conf
2. Locate the `log-queries` line and uncomment it by removing the hash (#) symbol at the start.
3. Append a new `log-facility=/var/log/dnsmasq.log` line below `log-queries`.
4. Press **Ctrl** + **X**, **Y**, and **Enter** to save changes and exit.
5. Restart the dnsmasq process by running:
sudo systemctl restart dnsmasq
All of the DNS queries will now be logged in the `/var/log/dnsmasq.log` file.
## Test dnsmasq
To test if dnsmasq was configured properly and is working, do the following:
1. Open Terminal.
2. Run the following command to check the syntax in the `dnsmasq.conf` file:
dnsmasq --test
3. Install the `dnsutils` tool by running this command:
sudo apt install dnsutils
4. Check if the domain name resolution is working properly by using `dig`:
dig nordvpn.com @localhost
If you receive an answer to the `dig` command, it indicates that your DNS server is working properly and ready for use.
{% endtab %}
{% endtabs %}
## Use your dnsmasq DNS over Meshnet
With dnsmasq fully set up, you can start using it on your devices. For usage via Meshnet, you must set the server device’s Meshnet IP address as the DNS server on each client device.
### Without a VPN connection
{% tabs %}
{% tab title="Windows" %}
### Windows 11
1. Right-click **Start** and select **Network connections**.
2. Choose the network type your device is using (Wi-Fi or Ethernet).
3. Find the **DNS server assignment** option and click **Edit**.
4. Choose **Manual** from the dropdown menu and enable **IPv4**.
5. Fill in the DNS fields.
* **Preferred DNS server**: the Meshnet IP of the dnsmasq device
* **Alternate DNS server**: the DNS address of another provider
6. Click **Save**
### Windows 10
1. Right-click **Start** and select **Network connections**.
2. Select **Change adapter options**.
3. Right-click your current network adapter (Wi-Fi or Ethernet) and choose **Properties**.
4. In the new window, select **Internet Protocol Version 4 (TCP/IPv4)** and click **Properties**.
5. Select **Use the following DNS server addresses** and fill in the fields underneath.
* **Preferred DNS server**: the Meshnet IP of the dnsmasq device.
* **Alternate DNS server**: the DNS address of another provider.
6. Click **OK** twice to apply the changes.
{% endtab %}
{% tab title="Android" %}
{% hint style="info" %}
**Note**
These instructions detail how to change your DNS addresses on Android 16. If you are using a different version of Android, consult your device's specific documentation for guidance, as the procedure may differ.
{% endhint %}
1. Open the **Settings** menu.
2. Go to **Network & internet** > **Internet**, find your current Wi-Fi network, and tap the gear button.
3. In the upper-right corner, select **Modify**.
4. Expand the **Advanced settings** dropdown, and change the **IP settings** value to **Static**.
5. Enter your device's local IP address, network gateway, and network prefix length.
6. Fill in the required DNS addresses.
* Under **DNS 1**, enter the Meshnet IP of the dnsmasq device.
* Under **DNS 2**, enter the DNS address of another provider.
7. Tap **Save**.
{% endtab %}
{% tab title="iOS" %}
1. Open **Settings**.
2. Tap **Wi-Fi**, find your current network, and tap the Info button.
3. Tap **Configure DNS** and choose **Manual**.
4. Select **Add server** and enter the Meshnet IP of the dnsmasq device.
5. Ensure that the added IP address is at the top.
6. Tap **Save**.
{% endtab %}
{% tab title="macOS" %}
### macOS Ventura 13 and newer
1. Go to **System settings** and click **Network**.
2. Select the network interface you use (Wi-Fi or Ethernet) and click **Details**.
3. Open the **DNS** tab and click the plus (+) button at the bottom to add the Meshnet IP address of the dnsmasq device.
4. Ensure that the added IP address is at the top.
5. Click **OK** to save the changes.
### macOS Monterey 12 and older
1. Go to **System preferences** and click **Network**.
2. Select the network interface you use (Wi-Fi or Ethernet) and click **Advanced.**
3. Open the **DNS** tab and add the Meshnet IP address of the dnsmasq device by clicking the plus (+) icon.
4. Ensure that the added IP address is at the top.
5. Click **OK** and then click **Apply**.
{% endtab %}
{% tab title="Linux" %}
### Method 1: Using Network Manager
1. Open **Settings**, and then select either **Network** or **Wi-Fi** based on your network type.
2. Click the gear button and go to the **IPv4** tab.
3. Next to **DNS**, turn off the **Automatic** toggle.
4. In the **DNS** field, enter the Meshnet IP of the dnsmasq device and the DNS of another provider, separated by a comma.
5. Click **Apply**.
6. Open **Terminal** and run the following command to restart the Network Manager daemon:
sudo systemctl restart NetworkManager
7. Enter your sudo password.
### Method 2: Using Terminal
1. Open **Terminal** and run the following command:
sudo nano /etc/systemd/resolved.conf
2. Locate the `DNS` and `FallbackDNS` lines.
3. Uncomment the lines by removing the hash (#) symbols.
4. Enter the appropriate DNS addresses after the equals (=) sign, as shown:\
\
`DNS=`\
`FallbackDNS=`
5. Press **Ctrl** + **X**, **Y**, and **Enter** to exit and save the changes.
6. Run the following command to ensure that the network changes are applied:
sudo systemctl restart systemd-resolved
7. Enter your sudo password.
{% hint style="info" %}
**Note**
Changes in the `/etc/systemd/resolved.conf` file take priority over settings in the Network Manager. Therefore, if you apply the DNS change directly via the Network Manager settings, ensure that there are no custom configurations in the previously mentioned `resolved.conf` file. Otherwise, the specified DNS addresses will not be used.
{% endhint %}
{% endtab %}
{% tab title="Android TV" %}
1. Open the Android TV **Settings** menu.
2. Select **Network & internet**.
3. Choose your network and change the **IP settings** value to **Static**.
4. Enter your device's local IP address, network gateway, and network prefix length.
5. Type in the DNS addresses:
* In the **DNS 1** field, enter the Meshnet IP address of your dnsmasq device.
* In the **DNS 2** field, enter the DNS address of another provider
{% endtab %}
{% endtabs %}
### With a VPN connection
Meshnet allows you to use your custom, self-hosted DNS server alongside a VPN connection via the NordVPN app. Follow these steps to use your dnsmasq DNS when connected to a VPN server:
{% tabs %}
{% tab title="Windows" %}
1. Open the **NordVPN** app.
2. Navigate to **Devices in Meshnet** and copy the Meshnet IP address of your dnsmasq device.
3. In the lower-left corner, click **Settings** .
4. Select the **Connection and security** section.
5. Turn on the **Use custom DNS** toggle and click the dropdown arrow.
6. In the first field, paste the copied Meshnet IP address.
7. Click the Save checkmark.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
{% hint style="info" %}
**Note**
In **Threat protection pro** > **Advanced browsing protection**, ensure that the **DNS filtering** toggle is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="Android" %}
1. Open the **NordVPN** app.
2. Navigate to **Products** > **Meshnet** > **Manage devices** and copy the Meshnet IP address of your dnsmasq device.
3. Go to the **Profile** menu, and then select **Settings** > **DNS**.
4. Select **Use custom DNS**, paste the copied Meshnet IP address, and tap **Add**.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
{% hint style="info" %}
**Note**
On the **Threat protection** tab, ensure that the **Use threat protection** option is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="iOS" %}
1. Open the **NordVPN** app.
2. Navigate to **Products** > **Meshnet** > **Manage devices** and copy the Meshnet IP address of your Pi-hole device by tapping it.
3. Go to the **Profile** menu and select **Settings** .
4. Under **VPN connection**, tap **Location and protocol**.
5. In the **Enter custom DNS address** field, paste the copied Meshnet IP address.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
{% hint style="info" %}
**Note**
On the **Threat protection** tab, ensure that threat protection is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="macOS" %}
{% hint style="info" %}
**Note**
The custom DNS feature is available only on the [direct download](https://nordvpn.com/download/mac/) version of the NordVPN app.
{% endhint %}
1. Open the **NordVPN** app.
2. Navigate to the **Meshnet** tab and copy the Meshnet IP address of your dnsmasq device.
3. In the upper-right corner, click **Profile** > **Settings** and go to **Custom DNS**.
4. Click **Add new DNS**.
5. In the new entry, paste the copied Meshnet IP address.
6. Turn on the **Enable custom DNS servers** toggle.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
{% hint style="info" %}
**Note**
In **Threat protection pro** > **Overview**, ensure that the **DNS filtering** toggle is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="Linux" %}
1. Open **Terminal**.
2. Run the following command, replacing `` with your dnsmasq device's Meshnet IP address:
nordvpn set dns <MeshnetIP>
**Example**
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
{% hint style="info" %}
**Note**
Make sure that **Threat protection lite** is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
To disable **Threat Protection lite**, use the `nordvpn set tplite off` command.
{% endhint %}
{% endtab %}
{% tab title="Android TV" %}
1. Open the **NordVPN** app.
2. Navigate to **Settings** > **DNS server**.
3. Choose **Custom** and select **Add server**.
4. Enter the Meshnet IP address of your dnsmasq device.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
{% hint style="info" %}
**Note**
In **Settings** > **Threat Protection**, ensure that the **Threat protection** toggle is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% endtabs %}
{% hint style="success" %}
**Tip**
If you're looking for alternate DNS addresses, here are some of the most popular free DNS providers:
* Google — `8.8.8.8` and `8.8.4.4`
* Cloudflare — `1.1.1.1` and `1.0.0.1`
* AdGuard — `94.140.14.14` and `94.140.15.15`
* Quad9 — `9.9.9.9` and `149.112.112.112`
* OpenDNS — `208.67.222.222` and `208.67.220.220`
You can also use the same upstream DNS addresses from the `dnsmasq.conf` file.
{% endhint %}
With the DNS changes applied, you have finished the setup process. Your personal DNS server can now be used remotely, with the help of Meshnet.
and select **Network connections**.
2. Choose the network type your device is using (Wi-Fi or Ethernet).
3. Find the **DNS server assignment** option and click **Edit**.
4. Choose **Manual** from the dropdown menu and enable **IPv4**.
5. Fill in the DNS fields.
* **Preferred DNS server**: the Meshnet IP of the dnsmasq device
* **Alternate DNS server**: the DNS address of another provider
and select **Network connections**.
2. Select **Change adapter options**.
3. Right-click your current network adapter (Wi-Fi or Ethernet) and choose **Properties**.
4. In the new window, select **Internet Protocol Version 4 (TCP/IPv4)** and click **Properties**.
5. Select **Use the following DNS server addresses** and fill in the fields underneath.
* **Preferred DNS server**: the Meshnet IP of the dnsmasq device.
* **Alternate DNS server**: the DNS address of another provider.
button.
3. Tap **Configure DNS** and choose **Manual**.
4. Select **Add server** and enter the Meshnet IP of the dnsmasq device.
and copy the Meshnet IP address of your dnsmasq device.
3. In the lower-left corner, click **Settings** 
.
4. Select the **Connection and security** section.
5. Turn on the **Use custom DNS** toggle and click the dropdown arrow.
6. In the first field, paste the copied Meshnet IP address.
> **Advanced browsing protection**, ensure that the **DNS filtering** toggle is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="Android" %}
1. Open the **NordVPN** app.
2. Navigate to **Products** 
> **Meshnet** 
menu, and then select **Settings** 
