Update tech_docs/its_the_new_style_design.md
This commit is contained in:
@@ -1,3 +1,123 @@
|
||||
Here is a concise, step-by-step crash course that will get you productive with **dnsmasq** on a minimal Debian 12 server that you only reach via SSH.
|
||||
Everything is copy-paste friendly; run the commands in the order shown.
|
||||
|
||||
--------------------------------------------------------------------
|
||||
1. Prepare the OS (run once)
|
||||
--------------------------------------------------------------------
|
||||
```bash
|
||||
sudo apt update && sudo apt upgrade -y
|
||||
# Prevent Debian’s own stub resolver from clashing
|
||||
sudo systemctl disable --now systemd-resolved
|
||||
sudo unlink /etc/resolv.conf
|
||||
# Give the machine a working upstream DNS while we build our own
|
||||
echo -e "nameserver 1.1.1.1\nnameserver 8.8.8.8" | sudo tee /etc/resolv.conf
|
||||
```
|
||||
|
||||
--------------------------------------------------------------------
|
||||
2. Install dnsmasq
|
||||
--------------------------------------------------------------------
|
||||
```bash
|
||||
sudo apt install dnsmasq -y
|
||||
sudo systemctl enable --now dnsmasq
|
||||
```
|
||||
|
||||
--------------------------------------------------------------------
|
||||
3. Create a lean config file
|
||||
--------------------------------------------------------------------
|
||||
Back up the default and drop a new file in `/etc/dnsmasq.d/` so upgrades never overwrite your edits.
|
||||
|
||||
```bash
|
||||
sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak
|
||||
sudo nano /etc/dnsmasq.d/01-lab.conf
|
||||
```
|
||||
|
||||
Paste the following (edit interface/addresses to match your box):
|
||||
|
||||
```
|
||||
# Listen only on the LAN NIC and loopback
|
||||
interface=eth0 # or enp0s3, ens10, etc.
|
||||
listen-address=127.0.0.1,192.168.5.20 # <— your server IP
|
||||
|
||||
# DNS part
|
||||
cache-size=1000
|
||||
no-resolv
|
||||
server=1.1.1.1
|
||||
server=8.8.8.8
|
||||
expand-hosts
|
||||
domain=lab.local
|
||||
|
||||
# DHCP part (remove if you only want DNS)
|
||||
dhcp-range=192.168.5.50,192.168.5.150,24h
|
||||
dhcp-option=3,192.168.5.1 # default gateway
|
||||
dhcp-option=6,192.168.5.20 # dns server (this box)
|
||||
dhcp-authoritative
|
||||
```
|
||||
|
||||
Save, exit, then test and reload:
|
||||
|
||||
```bash
|
||||
sudo dnsmasq --test && sudo systemctl restart dnsmasq
|
||||
```
|
||||
|
||||
--------------------------------------------------------------------
|
||||
4. Add any static hostnames you like
|
||||
--------------------------------------------------------------------
|
||||
```bash
|
||||
sudo nano /etc/hosts
|
||||
# Example lines
|
||||
192.168.5.10 git.lab.local git
|
||||
192.168.5.11 db.lab.local db
|
||||
```
|
||||
After saving, the names are immediately resolvable by dnsmasq (no restart needed).
|
||||
|
||||
--------------------------------------------------------------------
|
||||
5. Make the server use its own dnsmasq
|
||||
--------------------------------------------------------------------
|
||||
```bash
|
||||
sudo nano /etc/resolv.conf
|
||||
# First nameserver must be localhost
|
||||
nameserver 127.0.0.1
|
||||
```
|
||||
|
||||
--------------------------------------------------------------------
|
||||
6. Verify from the server itself
|
||||
--------------------------------------------------------------------
|
||||
```bash
|
||||
dig +short git.lab.local # → 192.168.5.10
|
||||
dig +short debian.org # → some IP (proves upstream works)
|
||||
```
|
||||
|
||||
--------------------------------------------------------------------
|
||||
7. Open the firewall (if you use ufw)
|
||||
--------------------------------------------------------------------
|
||||
```bash
|
||||
sudo ufw allow from 192.168.5.0/24 to any port 53
|
||||
sudo ufw allow from 192.168.5.0/24 to any port 67 # only if you enabled DHCP
|
||||
```
|
||||
|
||||
--------------------------------------------------------------------
|
||||
8. Point a client at it (quick test from your laptop)
|
||||
--------------------------------------------------------------------
|
||||
Temporarily override your laptop’s DNS:
|
||||
|
||||
```bash
|
||||
# Linux / macOS
|
||||
sudo resolvectl dns eth0 192.168.5.20
|
||||
dig git.lab.local
|
||||
```
|
||||
|
||||
--------------------------------------------------------------------
|
||||
9. Watch the logs
|
||||
--------------------------------------------------------------------
|
||||
```bash
|
||||
sudo journalctl -fu dnsmasq
|
||||
```
|
||||
|
||||
That’s it—you now have a local DNS cache, custom domain names, and (optionally) a DHCP server running on your minimal Debian 12 box.
|
||||
For deeper tweaks, the heavily-commented `/etc/dnsmasq.conf` and any files under `/etc/dnsmasq.d/` are your playground.
|
||||
|
||||
---
|
||||
|
||||
Below is a single, opinionated, **Debian-only** decade scheme that you can clone into `/etc/linux-decades/` (or keep in Git and symlink).
|
||||
Everything is pure Debian tooling—`apt`, `debconf`, `systemd`, `sysctl.d`, `sudoers.d`, `nftables`, etc.—no network-centric artifacts.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user