port=53

# Using dnsmasq only for DNS resolution, not its DHCP server.
no-dhcp-interface=eth0

# If you don't want dnsmasq to read /etc/hosts, uncomment the following line.
no-hosts

# Prevent dnsmasq to read /etc/resolv.conf or any other file, getting its
# servers from this file instead.
no-resolv

# Prevent dnsmasq to poll /etc/resolv.conf or other resolv files for changes and
# re-read them.
no-poll

# Uses the upstream nameserver in the order they are provided. If the first
# server doesn't reply, or can't answer, dnsmasq tries the next one and so on.
strict-order

# Prevent packets with malformed domain names from leaving the local network.
domain-needed

# Prevent packages with private IP addresses from leaving the local network.
bogus-priv

# Dnsmasq is not a DNSSEC validator, so it cannot perform the validation role of
# the recursive nameserver, but it can pass through the validation results from
# its own upstream nameservers. This option enables this behaviour.
proxy-dnssec

# If you want dnsmasq to change uid and gid to something other than the default,
# edit the following lines.
user=dnsmasq
group=nogroup

bind-interfaces
log-queries

# Include all files in a directory which end in .conf
conf-dir=/etc/dnsmasq.d/,*.conf