How To Create Wildcard Subdomains With Dnsmasq?

Published September 7, 2024

Problem: Setting Up Wildcard Subdomains

Creating wildcard subdomains can be difficult, especially when using Dnsmasq. This process involves configuring a DNS server to respond to requests for any subdomain of a given domain. It can be complex for people who are not familiar with DNS management.

Configuring Wildcard Subdomains in Dnsmasq

Basic Syntax for Wildcard Subdomain Setup

The address directive in Dnsmasq is used to set up DNS entries, including wildcard subdomains. The basic syntax for this directive is:

address=/domain/ip-address

To create a wildcard subdomain, use the domain name without specifying any subdomain. Dnsmasq applies this rule to all subdomains. For example:

address=/example.com/192.168.0.1

This configuration will direct all requests for example.com and its subdomains (like sub1.example.com, sub2.example.com) to the IP address 192.168.0.1.

Multiple IP Addresses

You can set up multiple IP addresses for a single domain by adding more address directives. For example:

address=/example.com/192.168.0.1
address=/example.com/192.168.0.2

This will make Dnsmasq return both IP addresses for queries to example.com and its subdomains, enabling basic load balancing.

Step-by-Step Configuration Process

  1. Open the Dnsmasq configuration file: Use a text editor to open the Dnsmasq configuration file, usually located at /etc/dnsmasq.conf.

  2. Add the wildcard subdomain rule: Insert a new line with the address directive, using your domain and desired IP address:

    address=/yourdomain.com/your-ip-address
  3. Save the configuration file: Save the changes you made to the Dnsmasq configuration file.

  4. Restart the Dnsmasq service: To apply the changes, restart the Dnsmasq service using the appropriate command for your system. On many Linux distributions, you can use:

    sudo systemctl restart dnsmasq

After completing these steps, Dnsmasq will resolve all subdomains of your specified domain to the given IP address.

Common Misconceptions and Pitfalls

Leading Dots in Dnsmasq Configuration

When setting up Dnsmasq, some users think leading dots in domain patterns are important. However, Dnsmasq ignores leading dots in domain specifications. For example, these three configurations are the same:

address=/domain.tld/192.168.0.1
address=/.domain.tld/192.168.0.1
address=/......domain.tld/192.168.0.1

Dnsmasq treats all these patterns equally, applying the rule to the specified domain and its subdomains. Understanding this helps avoid confusion when setting up wildcard subdomains.

Tip: Consistency in Domain Patterns

When creating Dnsmasq configurations, stick to a consistent format for domain patterns. Using the pattern without leading dots (e.g., address=/domain.tld/192.168.0.1) improves readability and reduces potential confusion for other administrators who may work on the configuration in the future.

Limitations of Dnsmasq Wildcard Configurations

Dnsmasq has some limits with wildcard configurations:

  1. Single domain rules: Dnsmasq can't specify rules for a single domain name without affecting its subdomains. This applies to server, address, and ipset options.

  2. Subdomain-specific configurations: You can't create rules that apply only to subdomains of a domain without affecting the main domain.

These limits can make complex DNS configurations difficult. For example, if you want to direct only subdomains to a specific IP while keeping the main domain pointed elsewhere, you'll need workarounds or other DNS solutions.

To work around these limits, you can:

  • Override specific subdomains with more rules
  • Use other Dnsmasq options like host-record or srv-record for specific cases
  • Use a more flexible DNS server for complex setups

Knowing these limits helps you plan your DNS configuration and choose the right tools for your needs.

Example: Overriding Specific Subdomains

To direct subdomains to a specific IP while keeping the main domain pointed elsewhere:

# Set wildcard rule for domain and subdomains
address=/example.com/192.168.1.10

# Override specific subdomain
address=/sub.example.com/192.168.1.20

# Override main domain
address=/example.com/192.168.1.30

In this configuration, sub.example.com points to 192.168.1.20, example.com points to 192.168.1.30, and all other subdomains point to 192.168.1.10.

Alternative Approaches and Solutions

Overriding Specific Subdomains

Dnsmasq lets you set different IP addresses for specific subdomains, overriding the wildcard setup. This is useful when you need to direct certain subdomains to different servers or services.

To set different IPs for specific subdomains:

  1. Add the wildcard rule for the main domain and its subdomains.
  2. Add specific rules for individual subdomains below the wildcard rule.

Example of mixed setups:

# Wildcard rule for domain and subdomains
address=/example.com/192.168.1.10

# Specific rules for individual subdomains
address=/blog.example.com/192.168.1.20
address=/shop.example.com/192.168.1.30

In this setup, blog.example.com points to 192.168.1.20, shop.example.com points to 192.168.1.30, and all other subdomains of example.com point to 192.168.1.10.

Tip: Prioritize Specific Rules

Place specific subdomain rules after the wildcard rule in your Dnsmasq configuration. Dnsmasq processes rules from top to bottom, so more specific rules should come after general ones to override them.

Using Other Dnsmasq Options

Dnsmasq offers more options for specific DNS setups:

  1. host-record option: This option lets you set a hostname and its IP address. It's useful for creating specific DNS entries for individual hosts.

    Syntax:

    host-record=hostname,ip-address

    Example:

    host-record=server1.example.com,192.168.1.50
  2. srv-record option: This option is used to create Service (SRV) records, which are useful for specifying the location of specific services within your domain.

    Syntax:

    srv-record=_service._proto.name,target,port,priority,weight

    Example:

    srv-record=_sip._tcp.example.com,sip.example.com,5060,0,100

Use these alternatives when:

  • You need to create specific DNS entries for individual hosts (host-record).
  • You want to specify the location of services within your domain (srv-record).
  • You need more control over DNS resolution for specific hostnames or services.

These options provide more flexibility for complex DNS setups that go beyond simple wildcard subdomain setups.

Example: Load Balancing with SRV Records

srv-record=_web._tcp.example.com,web1.example.com,80,10,50
srv-record=_web._tcp.example.com,web2.example.com,80,10,50

This example shows how to use SRV records for basic load balancing between two web servers. Both servers have equal priority (10) and weight (50), so traffic will be distributed evenly between them.

Troubleshooting Wildcard Subdomain Issues

Common Problems and Solutions

Errors can occur when setting up wildcard subdomains in Dnsmasq. Here are some common issues and their solutions:

  1. Syntax errors: Check your Dnsmasq configuration file for typos or incorrect syntax. Make sure each line follows this format:

    address=/domain.com/ip-address
  2. Wrong IP address: Check that the IP address you're using is correct and accessible.

  3. Conflicting entries: Look for conflicting DNS entries in your configuration. Specific subdomain entries override wildcard entries, so check for unintended overrides.

  4. Permissions issues: Make sure Dnsmasq can read its configuration file and write to its log file.

Tip: Check Dnsmasq Logs

To troubleshoot issues, check the Dnsmasq logs for error messages. You can typically find these logs in '/var/log/dnsmasq.log' or by running 'journalctl -u dnsmasq' on systemd-based systems.

To fix conflicts with existing DNS entries:

  1. Review your Dnsmasq configuration for overlapping entries.
  2. Remove or change conflicting entries.
  3. Use specific entries to override general wildcard rules when needed.

Testing Your Wildcard Subdomain Setup

To check your DNS resolution:

  1. Use the 'dig' command:

    dig @localhost subdomain.yourdomain.com

    Replace 'localhost' with your Dnsmasq server's IP if it's not on the same machine.

  2. Try the 'nslookup' tool:

    nslookup subdomain.yourdomain.com localhost
  3. Use online DNS lookup tools like MXToolbox or Google's DNS lookup.

To check if your configuration works:

  1. Test several random subdomains to confirm the wildcard is working.
  2. Check that specific subdomain overrides work as expected.
  3. Verify that the main domain resolves correctly.
  4. Monitor Dnsmasq logs for any error messages or unexpected behavior.

If problems continue, review your Dnsmasq configuration, check system logs, and try restarting the Dnsmasq service.

Example: Testing with curl

You can use curl to test if your wildcard subdomains are resolving correctly:

curl -H "Host: randomsubdomain.yourdomain.com" http://your-server-ip

This command sends a request to your server IP with a custom Host header, simulating a request to a subdomain.