diff --git a/docker/dnsmasq.conf b/docker/dnsmasq.conf
new file mode 100644
index 000000000..c7e9a2211
--- /dev/null
+++ b/docker/dnsmasq.conf
@@ -0,0 +1,41 @@
+port=53
+
+# Using dnsmasq only for DNS resolution, not its DHCP server.
+no-dhcp-interface=eth0
+
+# If you don't want dnsmasq to read /etc/hosts, uncomment the following line.
+no-hosts
+
+# Prevent dnsmasq to read /etc/resolv.conf or any other file, getting its
+# servers from this file instead.
+no-resolv
+
+# Prevent dnsmasq to poll /etc/resolv.conf or other resolv files for changes and
+# re-read them.
+no-poll
+
+# Uses the upstream nameserver in the order they are provided. If the first
+# server doesn't reply, or can't answer, dnsmasq tries the next one and so on.
+strict-order
+
+# Prevent packets with malformed domain names from leaving the local network.
+domain-needed
+
+# Prevent packages with private IP addresses from leaving the local network.
+bogus-priv
+
+# Dnsmasq is not a DNSSEC validator, so it cannot perform the validation role of
+# the recursive nameserver, but it can pass through the validation results from
+# its own upstream nameservers. This option enables this behaviour.
+proxy-dnssec
+
+# If you want dnsmasq to change uid and gid to something other than the default,
+# edit the following lines.
+user=dnsmasq
+group=nogroup
+
+bind-interfaces
+log-queries
+
+# Include all files in a directory which end in .conf
+conf-dir=/etc/dnsmasq.d/,*.conf
diff --git a/docker/funkwhale.test.conf b/docker/funkwhale.test.conf
new file mode 100644
index 000000000..7730492a8
--- /dev/null
+++ b/docker/funkwhale.test.conf
@@ -0,0 +1,4 @@
+local=/test/
+address=/funkwhale.test/172.17.0.1
+rebind-domain-ok=/.test/
+domain=test
diff --git a/docker/traefik.yml b/docker/traefik.yml
index 8e07d16ba..dcd7aa623 100644
--- a/docker/traefik.yml
+++ b/docker/traefik.yml
@@ -7,11 +7,21 @@ services:
       - ./ssl/test.key:/ssl/traefik.key
       - ./ssl/test.crt:/ssl/traefik.crt
     ports:
-      - "80:80"
-      - "443:443"
-      - "8040:8040"
+      - "172.17.0.1:80:80"
+      - "172.17.0.1:443:443"
+      - "172.17.0.1:8040:8040"
     networks:
-      federation:
+      - federation
+
+  dnsmasq:
+    image: jamesmorrison/dnsmasq
+    ports:
+      - "172.17.0.1:53:53/udp"
+      - "172.17.0.1:53:53/tcp"
+    volumes:
+      - ./dnsmasq.conf:/etc/dnsmasq.conf
+      - ./funkwhale.test.conf:/etc/dnsmasq.d/funkwhale.test.conf
+    network_mode: bridge
 
 networks:
   federation: