Configuring DNS Failover in dnsmasq: Setting Up Alternate DNS Servers for Kubuntu DHCP Clients


1 views 



When deploying dnsmasq as a DHCP server in a Kubuntu environment (~10,000 nodes), a common requirement is to implement DNS failover by specifying alternate DNS servers. The initial approach of simply adding:

server=192.168.0.90

only results in a single DNS entry being pushed to clients' /etc/resolv.conf, which doesn't provide true redundancy.



The correct syntax requires multiple server directives in your dnsmasq.conf:


# Primary DNS server
server=192.168.0.90
# Secondary DNS server  
server=192.168.0.91
# Tertiary DNS server
server=192.168.0.92




For more granular control, consider these additional parameters:


# Strict order forces sequential failover
strict-order
# Timeout for DNS queries (milliseconds)
dns-forward-max=150
query-port=0  # randomize source ports




When using dnsmasq as both DHCP and DNS server, ensure proper DHCP options:


# For IPv4:
dhcp-option=option:dns-server,192.168.0.90,192.168.0.91
# For IPv6:
dhcp-option=option6:dns-server,[2001:db8::1],[2001:db8::2]




After configuration:

1. Restart dnsmasq: sudo systemctl restart dnsmasq
2. On a test client: sudo dhclient -r && sudo dhclient
3. Check resolv.conf: cat /etc/resolv.conf

Expected output should show multiple DNS servers in order:


nameserver 192.168.0.90
nameserver 192.168.0.91
nameserver 192.168.0.92




If multiple servers aren't appearing:

1. Check for NetworkManager overwriting resolv.conf
2. Verify no other DHCP services are running
3. Inspect dnsmasq logs: journalctl -u dnsmasq -f
4. Test DNS resolution: dig +short example.com @192.168.0.90

When working with dnsmasq in production environments with thousands of Kubuntu clients, simply adding a single server= directive often proves insufficient for robust DNS resolution. The issue isn't just about adding secondary servers, but properly implementing a hierarchical resolution strategy.

For true failover capability, you should specify multiple upstream DNS servers with:

server=192.168.0.90
server=192.168.0.91
server=8.8.8.8

Consider these additional parameters for enterprise deployments:

# Strict order forces sequential querying
strict-order

# Timeout settings (in milliseconds)
dns-forward-max=150
server=/internal.example.com/192.168.0.90

For DHCP clients to receive multiple DNS servers, combine these settings:

dhcp-option=option:dns-server,192.168.0.90,192.168.0.91
dhcp-option=option6:dns-server,[2001:db8::1],[2001:db8::2]

After configuration reload, verify with:

systemctl restart dnsmasq
dig +short example.com @127.0.0.1
dhcp-lease-list

For large networks:

  • Set no-resolv when using explicit server lists
  • Adjust cache-size=10000 for heavy loads
  • Consider local-ttl=300 to reduce upstream queries