Internal Domains with DNSMasq and Pi-Hole

stjohnjohnson

St. John Johnson

Posted on February 29, 2020

Internal Domains with DNSMasq and Pi-Hole

Running services inside your own household is an absolute blast. It usually starts with some application you need to keep running after you close your laptop. Before you know it, you have a Raspberry Pi in every room, at least one Intel NUC, and a small server rack in your Amazon shopping cart.

When going down this path myself, I noticed an interesting problem arose after I introduced the second server. Talking to one machine is easy, just memorize the static IP. But once you start to introduce multiple machines or multiple services on the same machine, it becomes a game of "what IP, what port, what path." And for the other people in the household, it's impossible to understand.

For me to continue, I needed my own DNS server. Luckily, I already introduced one into my ecosystem when I starting running Pi-Hole (for blocking tracking/ads).

In the next section, I'm going to show you how to quickly augment Pi-Hole to serve internal domains as well as block those pesky external domains.


1. DNSMasq

Pi-Hole, under the hood, is running DNSMasq. So we want to provide it with some additional hosts to resolve.

First is the additional configuration to run after Pi-Hole:

Second is the list of hosts and their static IPs:

2. File Placement

The .conf file should be placed in the /etc/dnsmasq.d/ folder. And the .list file should be placed in the /etc/pihole/ folder.

For this demonstration, we're going to manage Pi-Hole locally in a Docker container. Here is my docker-compose file that mounts those files correctly:

3. Validating

If we run Pi-Hole with those settings, we can validate they are accepted by using dig:

$ dig @127.0.0.1 haas.example.com +short
10.0.0.205
$ dig @127.0.0.1 pihole.example.com +short
10.0.0.205
$ dig @127.0.0.1 plex.example.com +short
10.0.0.210
$ dig @127.0.0.1 go +short
10.0.0.215
$ dig @127.0.0.1 modem +short
192.168.100.1
Enter fullscreen mode Exit fullscreen mode

And that external domains are still routed:

$ dig @127.0.0.1 google.com +short
172.217.5.206
$ dig @127.0.0.1 github.com +short
192.30.255.113
Enter fullscreen mode Exit fullscreen mode

Appendix

All of the steps and configurations you saw in this guide are available to checkout from my GitHub Gist:

$ git clone https://gist.github.com/d441e26e4d77a975fd3ebb4e6f19e3d6.git
...
$ cd d441e26e4d77a975fd3ebb4e6f19e3d6
$ make
...
Enter fullscreen mode Exit fullscreen mode
💖 💪 🙅 🚩
stjohnjohnson
St. John Johnson

Posted on February 29, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related