>=
gatsby
+
+
erlang
+
crystal
+
rubymine
vue
+
keras
+
+
+
micronaut
+
+
+
http
+
+
rs
wasm
rocket
alpine
+
cdn
+
helm
+
prettier
atom
bsd
+
sse
http
koa
unix
f#
>=
+
+
stencil
numpy
zorin
+
elm
+
+
+
+
[]
+
+
cobol
erlang
+
ansible
+
#
+
+
+
pip
+
mocha
+
c#
+
+
+
stimulus
java
go
+
+
http
+
deno
bash
+
+
jasmine
+
nvim
+
+
Back to Blog
Setting Up Alpine Linux DNS Configuration 🌐
alpine-linux dns networking

Setting Up Alpine Linux DNS Configuration 🌐

Published Mar 25, 2025

Master DNS configuration on Alpine Linux. Learn to set up DNS clients, configure local DNS servers, implement DNS caching, and troubleshoot DNS issues.

12 min read
0 views
Table of Contents

Setting Up Alpine Linux DNS Configuration

DNS (Domain Name System) is crucial for network connectivity, translating domain names to IP addresses. Let’s configure DNS on Alpine Linux for optimal performance and reliability! 🚀

Understanding DNS in Alpine Linux

Alpine Linux DNS components:

  • resolv.conf: Primary DNS configuration file
  • hosts file: Local hostname resolution
  • nsswitch.conf: Name service switch configuration
  • DNS clients: Tools for DNS queries
  • Local DNS servers: Running your own DNS resolver

DNS Configuration Files

Key Configuration Locations

/etc/resolv.conf       # DNS resolver configuration
/etc/hosts            # Static hostname mappings
/etc/nsswitch.conf    # Name service order
/etc/hostname         # System hostname
/etc/conf.d/hostname  # Hostname service config

Step 1: Basic DNS Client Configuration

Configure resolv.conf

# Edit DNS configuration
sudo nano /etc/resolv.conf

Add DNS servers:

# Primary and secondary DNS servers
nameserver 8.8.8.8
nameserver 8.8.4.4

# Local domain search
search local.domain example.com

# DNS options
options timeout:2
options attempts:3
options rotate
options edns0

Make DNS Configuration Persistent

# Prevent DHCP from overwriting resolv.conf
sudo chattr +i /etc/resolv.conf

# Or use resolv.conf.head
cat > /etc/resolv.conf.head << EOF
# Custom DNS servers
nameserver 1.1.1.1
nameserver 1.0.0.1
EOF

Step 2: Configure Local Hostname Resolution

Edit hosts file

# Configure local hosts
sudo nano /etc/hosts

Add entries:

# IPv4 localhost
127.0.0.1       localhost
127.0.1.1       alpine.local alpine

# IPv6 localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

# Custom entries
192.168.1.10    server1.local server1
192.168.1.11    server2.local server2
192.168.1.100   nas.local nas

Set System Hostname

# Set hostname
sudo hostname alpine-server

# Make it persistent
echo "alpine-server" | sudo tee /etc/hostname

# Update hosts file
sudo sed -i "s/127.0.1.1.*/127.0.1.1\talpine-server/g" /etc/hosts

Step 3: Install DNS Tools

Essential DNS Utilities

# Install DNS tools
sudo apk add bind-tools

# Additional utilities
sudo apk add drill
sudo apk add ldns-tools

Test DNS Resolution

# Using nslookup
nslookup google.com

# Using dig
dig google.com
dig @8.8.8.8 google.com
dig +short google.com

# Using host
host google.com

# Using drill
drill google.com

Step 4: Configure DNS Caching

Install dnsmasq

# Install dnsmasq
sudo apk add dnsmasq

# Backup default config
sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak

Configure dnsmasq

# Edit dnsmasq configuration
sudo nano /etc/dnsmasq.conf

Add configuration:

# DNS Configuration
listen-address=127.0.0.1,192.168.1.1
bind-interfaces

# Upstream DNS servers
server=8.8.8.8
server=8.8.4.4
server=1.1.1.1

# Cache settings
cache-size=1000
neg-ttl=3600

# Domain configuration
local=/local/
domain=local
expand-hosts

# DHCP Configuration (optional)
dhcp-range=192.168.1.100,192.168.1.200,12h
dhcp-option=option:router,192.168.1.1
dhcp-option=option:dns-server,192.168.1.1

# Logging
log-queries
log-facility=/var/log/dnsmasq.log

Start dnsmasq Service

# Enable and start dnsmasq
sudo rc-update add dnsmasq default
sudo rc-service dnsmasq start

# Check status
sudo rc-service dnsmasq status

Step 5: Setup Unbound DNS Resolver

Install Unbound

# Install unbound
sudo apk add unbound unbound-doc

# Download root hints
sudo wget -O /etc/unbound/root.hints https://www.internic.net/domain/named.cache

Configure Unbound

# Edit unbound configuration
sudo nano /etc/unbound/unbound.conf

Add configuration:

server:
    # Network interfaces
    interface: 127.0.0.1
    interface: ::1
    interface: 192.168.1.1
    
    # Access control
    access-control: 127.0.0.0/8 allow
    access-control: 192.168.1.0/24 allow
    access-control: ::1 allow
    
    # Port configuration
    port: 53
    do-ip4: yes
    do-ip6: yes
    do-udp: yes
    do-tcp: yes
    
    # Root hints
    root-hints: "/etc/unbound/root.hints"
    
    # Security
    hide-identity: yes
    hide-version: yes
    harden-glue: yes
    harden-dnssec-stripped: yes
    
    # Performance
    num-threads: 2
    cache-min-ttl: 3600
    cache-max-ttl: 86400
    prefetch: yes
    prefetch-key: yes
    
    # Privacy
    qname-minimisation: yes
    rrset-roundrobin: yes
    minimal-responses: yes
    
    # Logging
    verbosity: 1
    log-queries: no
    
    # Local zones
    local-zone: "local." static
    local-data: "router.local. A 192.168.1.1"
    local-data: "nas.local. A 192.168.1.100"

# Forward zones (optional)
forward-zone:
    name: "."
    forward-addr: 8.8.8.8@853#dns.google
    forward-addr: 8.8.4.4@853#dns.google
    forward-tls-upstream: yes

Start Unbound

# Enable and start unbound
sudo rc-update add unbound default
sudo rc-service unbound start

# Test configuration
sudo unbound-checkconf

Step 6: Configure DNS over TLS/HTTPS

DNS over TLS with Unbound

# Add to unbound.conf
server:
    # DNS over TLS
    tls-upstream: yes
    tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt

forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 1.1.1.1@853#cloudflare-dns.com
    forward-addr: 1.0.0.1@853#cloudflare-dns.com
    forward-addr: 8.8.8.8@853#dns.google
    forward-addr: 8.8.4.4@853#dns.google

DNS over HTTPS with cloudflared

# Install cloudflared
cd /tmp
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
sudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflared
sudo chmod +x /usr/local/bin/cloudflared

# Create service
sudo nano /etc/init.d/cloudflared

Add service script:

#!/sbin/openrc-run

name="cloudflared"
description="Cloudflare DNS over HTTPS proxy"
command="/usr/local/bin/cloudflared"
command_args="proxy-dns --port 5053 --upstream https://1.1.1.1/dns-query"
command_background="yes"
pidfile="/run/${RC_SVCNAME}.pid"

depend() {
    need net
    after firewall
}

Enable service:

sudo chmod +x /etc/init.d/cloudflared
sudo rc-update add cloudflared default
sudo rc-service cloudflared start

Step 7: Configure Split DNS

Setup Split DNS with dnsmasq

# Corporate network DNS
server=/corp.example.com/192.168.1.10
server=/internal.local/192.168.1.10

# Public DNS for everything else
server=8.8.8.8
server=8.8.4.4

# Conditional forwarding
address=/router.local/192.168.1.1
address=/nas.local/192.168.1.100

Step 8: DNS Security Configuration

Enable DNSSEC

# In unbound.conf
server:
    # DNSSEC Configuration
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
    val-clean-additional: yes
    val-permissive-mode: no
    val-log-level: 2
    
    # DNSSEC trust anchors
    trust-anchor-file: "/etc/unbound/trusted-key.key"

Configure DNS Firewall

# Create DNS firewall rules
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT

# Rate limiting
sudo iptables -A INPUT -p udp --dport 53 -m recent --set --name DNS
sudo iptables -A INPUT -p udp --dport 53 -m recent --update --seconds 1 --hitcount 10 --name DNS -j DROP

Step 9: Monitoring and Troubleshooting

DNS Query Logging

# Enable query logging in dnsmasq
echo "log-queries" >> /etc/dnsmasq.conf
echo "log-facility=/var/log/dnsmasq.log" >> /etc/dnsmasq.conf

# Create log rotation
cat > /etc/logrotate.d/dnsmasq << EOF
/var/log/dnsmasq.log {
    daily
    rotate 7
    compress
    delaycompress
    postrotate
        /etc/init.d/dnsmasq restart
    endscript
}
EOF

DNS Monitoring Script

#!/bin/sh
# dns-monitor.sh - DNS health check script

DNS_SERVERS="8.8.8.8 1.1.1.1 192.168.1.1"
TEST_DOMAINS="google.com cloudflare.com github.com"

echo "=== DNS Health Check ==="
echo "Date: $(date)"
echo

for server in $DNS_SERVERS; do
    echo "Testing DNS server: $server"
    for domain in $TEST_DOMAINS; do
        result=$(dig @$server $domain +short +time=2 2>/dev/null)
        if [ -n "$result" ]; then
            echo "  ✓ $domain: OK"
        else
            echo "  ✗ $domain: FAILED"
        fi
    done
    echo
done

# Check cache statistics
if pgrep dnsmasq > /dev/null; then
    echo "=== DNSMasq Statistics ==="
    sudo pkill -USR1 dnsmasq
    tail -20 /var/log/messages | grep dnsmasq
fi

Troubleshooting Commands

# Test DNS resolution
dig google.com +trace
drill -T google.com

# Check DNS server response time
dig @8.8.8.8 google.com | grep "Query time"

# Test reverse DNS
dig -x 8.8.8.8

# Check DNSSEC validation
dig +dnssec google.com

# Flush DNS cache
# For dnsmasq
sudo rc-service dnsmasq restart

# For unbound
sudo unbound-control flush google.com

Step 10: Performance Optimization

Optimize DNS Caching

# dnsmasq optimization
cache-size=2000
min-cache-ttl=300
max-cache-ttl=3600
neg-ttl=300

# Prefetch popular domains
host-record=google.com,142.250.185.46
host-record=github.com,140.82.112.3

Network Performance

# Increase UDP buffer size
echo "net.core.rmem_max = 134217728" | sudo tee -a /etc/sysctl.conf
echo "net.core.wmem_max = 134217728" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Common DNS Issues and Solutions

Issue 1: Slow DNS Resolution

# Test DNS response time
time nslookup google.com

# Use faster DNS servers
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf

# Enable DNS caching
sudo apk add dnsmasq
sudo rc-service dnsmasq start

Issue 2: DNS Not Resolving

# Check connectivity
ping -c 1 8.8.8.8

# Verify resolv.conf
cat /etc/resolv.conf

# Test with specific server
nslookup google.com 8.8.8.8

Issue 3: Intermittent DNS Failures

# Check for duplicate DNS servers
cat /etc/resolv.conf | sort | uniq -d

# Monitor DNS queries
tcpdump -i any -n port 53

Best Practices

  1. Use Multiple DNS Servers: Always configure backup DNS servers
  2. Enable DNS Caching: Reduces latency and load
  3. Secure DNS Queries: Use DNS over TLS/HTTPS
  4. Monitor DNS Health: Set up regular health checks
  5. Document Configuration: Keep records of DNS settings
  6. Regular Updates: Keep DNS software updated
  7. Test Changes: Always test DNS changes before production

Conclusion

You’ve successfully mastered DNS configuration on Alpine Linux! You can now:

✅ Configure DNS clients and servers ✅ Set up DNS caching for performance ✅ Implement secure DNS with DoT/DoH ✅ Troubleshoot DNS issues effectively ✅ Monitor DNS health and performance

Proper DNS configuration is essential for reliable network connectivity. Keep your DNS infrastructure well-maintained! 🌐