We need a dns but not on port 53. If you tried to install a dnsmasq on the machine directly and use a port other than 53, your'd find it makes your server unable to resolve dns normally. Yes we have stuff like iptables. However, I can never remember it's parameters...
So, why not use docker?
1. Install docker
2. Get image (use port 27777)
docker run -d -p 27777:53/tcp -p 27777:53/udp --cap-add=NET_ADMIN --name dns-server andyshinn/dnsmasq:2.75
3. Revise upstream dns server
docker exec -it dns-server /bin/sh vi /etc/dnsmasq.conf
- Add to dnsmasq.conf:
docker restart dns-server