diff --git a/tech_docs/its_the_new_style_design.md b/tech_docs/its_the_new_style_design.md index cc90d94..5aaf72f 100644 --- a/tech_docs/its_the_new_style_design.md +++ b/tech_docs/its_the_new_style_design.md @@ -1,3 +1,123 @@ +Here is a concise, step-by-step crash course that will get you productive with **dnsmasq** on a minimal Debian 12 server that you only reach via SSH. +Everything is copy-paste friendly; run the commands in the order shown. + +-------------------------------------------------------------------- +1. Prepare the OS (run once) +-------------------------------------------------------------------- +```bash +sudo apt update && sudo apt upgrade -y +# Prevent Debian’s own stub resolver from clashing +sudo systemctl disable --now systemd-resolved +sudo unlink /etc/resolv.conf +# Give the machine a working upstream DNS while we build our own +echo -e "nameserver 1.1.1.1\nnameserver 8.8.8.8" | sudo tee /etc/resolv.conf +``` + +-------------------------------------------------------------------- +2. Install dnsmasq +-------------------------------------------------------------------- +```bash +sudo apt install dnsmasq -y +sudo systemctl enable --now dnsmasq +``` + +-------------------------------------------------------------------- +3. Create a lean config file +-------------------------------------------------------------------- +Back up the default and drop a new file in `/etc/dnsmasq.d/` so upgrades never overwrite your edits. + +```bash +sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak +sudo nano /etc/dnsmasq.d/01-lab.conf +``` + +Paste the following (edit interface/addresses to match your box): + +``` +# Listen only on the LAN NIC and loopback +interface=eth0 # or enp0s3, ens10, etc. +listen-address=127.0.0.1,192.168.5.20 # <— your server IP + +# DNS part +cache-size=1000 +no-resolv +server=1.1.1.1 +server=8.8.8.8 +expand-hosts +domain=lab.local + +# DHCP part (remove if you only want DNS) +dhcp-range=192.168.5.50,192.168.5.150,24h +dhcp-option=3,192.168.5.1 # default gateway +dhcp-option=6,192.168.5.20 # dns server (this box) +dhcp-authoritative +``` + +Save, exit, then test and reload: + +```bash +sudo dnsmasq --test && sudo systemctl restart dnsmasq +``` + +-------------------------------------------------------------------- +4. Add any static hostnames you like +-------------------------------------------------------------------- +```bash +sudo nano /etc/hosts +# Example lines +192.168.5.10 git.lab.local git +192.168.5.11 db.lab.local db +``` +After saving, the names are immediately resolvable by dnsmasq (no restart needed). + +-------------------------------------------------------------------- +5. Make the server use its own dnsmasq +-------------------------------------------------------------------- +```bash +sudo nano /etc/resolv.conf +# First nameserver must be localhost +nameserver 127.0.0.1 +``` + +-------------------------------------------------------------------- +6. Verify from the server itself +-------------------------------------------------------------------- +```bash +dig +short git.lab.local # → 192.168.5.10 +dig +short debian.org # → some IP (proves upstream works) +``` + +-------------------------------------------------------------------- +7. Open the firewall (if you use ufw) +-------------------------------------------------------------------- +```bash +sudo ufw allow from 192.168.5.0/24 to any port 53 +sudo ufw allow from 192.168.5.0/24 to any port 67 # only if you enabled DHCP +``` + +-------------------------------------------------------------------- +8. Point a client at it (quick test from your laptop) +-------------------------------------------------------------------- +Temporarily override your laptop’s DNS: + +```bash +# Linux / macOS +sudo resolvectl dns eth0 192.168.5.20 +dig git.lab.local +``` + +-------------------------------------------------------------------- +9. Watch the logs +-------------------------------------------------------------------- +```bash +sudo journalctl -fu dnsmasq +``` + +That’s it—you now have a local DNS cache, custom domain names, and (optionally) a DHCP server running on your minimal Debian 12 box. +For deeper tweaks, the heavily-commented `/etc/dnsmasq.conf` and any files under `/etc/dnsmasq.d/` are your playground. + +--- + Below is a single, opinionated, **Debian-only** decade scheme that you can clone into `/etc/linux-decades/` (or keep in Git and symlink). Everything is pure Debian tooling—`apt`, `debconf`, `systemd`, `sysctl.d`, `sudoers.d`, `nftables`, etc.—no network-centric artifacts.