Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks. Supported platforms include Linux (with glibc and uclibc), Android, *BSD, and Mac OS X. Dnsmasq is included in most Linux distributions and the ports systems of FreeBSD, OpenBSD and NetBSD. Dnsmasq provides full IPv6 support.

More information at the Dnsmasq web site

1. Log in to your TrueNAS server as root using SSH or the Shell option of the TrueNAS Web Portal.

2. Make some decisions and define some variables.

# Tailor each of these examples for your own situation
JAIL_NAME="net" # name of the jail that will contain the instance of dnsmasq

3. Install the software.

jexec "ioc-${JAIL_NAME:?}" pkg update
jexec "ioc-${JAIL_NAME:?} "pkg install dnsmasq

4. Prepare the dnsmasq configuration file structure.

jexec "ioc-${JAIL_NAME:?}" mkdir /usr/local/etc/dnsmasq.d
jexec "ioc-${JAIL_NAME:?}" mv /usr/local/etc/dnsmasq.conf /usr/local/etc/dnsmasq.d/1-original.conf
jexec "ioc-${JAIL_NAME:?}" touch /usr/local/etc/dnsmasq.d/2-standard.conf
jexec "ioc-${JAIL_NAME:?}" touch /usr/local/etc/dnsmasq.d/3-generated.conf
jexec "ioc-${JAIL_NAME:?}" touch /usr/local/etc/dnsmasq.d/4-bespoke.conf
jexec "ioc-${JAIL_NAME:?}" rm /usr/local/etc/dnsmasq.conf.sample

5. Configure dnsmasq to use this file structure.

jexec "ioc-${JAIL_NAME:?}" /bin/sh -c \
"cat >| /usr/local/etc/dnsmasq.conf" \
<<END
# Configuration file for dnsmasq
# Include all files in a directory which end in .conf
conf-dir=/usr/local/etc/dnsmasq.d/,*.conf
END

6. Configure the “standard” options common to nearly all installations.

jexec "ioc-${JAIL_NAME:?}" /bin/sh -c \
"cat >| /usr/local/etc/dnsmasq.d/2-standard.conf" \
<<END
# Standard configuration file for dnsmasq

# Never forward plain names (without a dot or domain part)
domain-needed

# Never forward addresses in the non-routed address spaces.
bogus-priv

# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv

# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
no-poll

# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
no-hosts

# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore

END

7. Configure the “bespoke” options specific to your needs.

jexec "ioc-${JAIL_NAME:?}" /bin/sh -c \
"cat >| /usr/local/etc/dnsmasq.d/4-bespoke.conf" \
<<END
# Bespoke configuration file for dnsmasq
END

8. The “generated” options are created by an tool I am currently developing. More information coming soon.

9. Start the Dnsmasq server now, and also when the jail boots up.

jexec "ioc-${JAIL_NAME:?}" sysrc dnsmasq_enable="YES"
jexec "ioc-${JAIL_NAME:?}" service dnsmasq start