DNSmasq – 配置DNS和DHCP
DNSmasq是一个小巧且方便地用于配置DNS和DHCP的工具,适用于小型网络。它提供了DNS功能和可选择的DHCP功能可以取代dhcpd(DHCPD服务配置)和bind等服务,配置起来更简单,更适用于虚拟化和大数据环境的部署。
dhcp服务
其中一些关键的配置如下,配置文件/etc/dnsmasq.conf 中的注释已经给出了非常详细的解释。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
# 服务监听的网络接口地址
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen
-
address
=
192.168.1.132
,
127.0.0.1
# dhcp动态分配的地址范围
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally a lease time
dhcp
-
range
=
192.168.1.50
,
192.168.1.150
,
48h
# dhcp服务的静态绑定
# Always set the name and ipaddr of the host with hardware address
# dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201
# dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201,infinite 无限租期
dhcp
-
host
=
00
:
0C
:
29
:
5E
:
F2
:
6F
,
192.168.1.201
,
os02
dhcp
-
host
=
00
:
0C
:
29
:
15
:
63
:
CF
,
192.168.1.202
,
os03
# 设置默认租期
# Set the limit on DHCP leases, the default is 150
#dhcp-lease-max=150
# 租期保存在下面文件
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
# 通过/etc/hosts来分配对应的hostname
# Enable the address given for "judge" in /etc/hosts
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge
# 忽略下面MAC地址的DHCP请求
# Never offer DHCP service to a machine whose ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
# dhcp所在的domain
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
domain
=
debugo
.com
# 设置默认路由出口
# dhcp-option遵循RFC 2132(Options and BOOTP Vendor Extensions),可以通过dnsmasq --help dhcp来查看具体的配置
# 很多高级的配置,如iSCSI连接配置等同样可以由RFC 2132定义的dhcp-option中给出。
# option 3为default route
# Override the default route supplied by dnsmasq, which assumes the
# router is the same machine as the one running dnsmasq.
dhcp
-
option
=
3
,
192.168.0.1
# 设置NTP Server.这是使用option name而非选项名来进行设置
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
|
注意:当为某一MAC地址同时静态分配主机名和IP时,如果写到两条dhcp-host选项里(如下所示),则只会生效后面的一条。正确的选项写法如上配置。
|
1
2
|
dhcp
-
host
=
00
:
0C
:
29
:
5E
:
F2
:
6F
,
192.168.1.201
dhcp
-
host
=
00
:
0C
:
29
:
5E
:
F2
:
6F
,
os02
|
重新启动客户端网卡。由于之前测试中客户端网卡已经申请了DHCP租期。所以这里需要修改租期文件,让客户端重新获得IP和hostname。
|
1
2
3
|
[
root
@
server
]
vim
/
var
/
lib
/
dnsmasq
/
dnsmasq
.leases
1400240493
00
:
0c
:
29
:
5e
:
f2
:
6f
192.168.1.143
os02
*
1400240498
00
:
0c
:
29
:
15
:
63
:
cf
192.168.1.52
os01
*
|
启动dnsmasq服务(server的IP为192.168.1.132)
|
1
|
[
root
@
server
]
dnsmasq
|
下面在客户端进行测试:
# 确保网络接口配置使用dhcp方式
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[
root
@
localhost
]
cat
/
etc
/
sysconfig
/
network
-
scripts
/
ifcfg
-
eth1
DEVICE
=
"eth1"
BOOTPROTO
=
dhcp
IPV6INIT
=
no
NM_CONTROLLED
=
no
ONBOOT
=
"yes"
TYPE
=
"Ethernet"
# 重启网络服务
[
root
@
localhost
]
service
network
restart
Shutting
down
interface
eth0
:
[
OK
]
Shutting
down
loopback
interface
:
[
OK
]
Bringing
up
loopback
interface
:
[
OK
]
Bringing
up
interface
eth0
:
Determining
IP
information
for
eth1
.
.
.
done
.
# 检查IP地址 [ OK ]
[
root
@
os03
]
ifconfig
eth1
Link
encap
:
Ethernet
HWaddr
00
:
0C
:
29
:
15
:
63
:
D9
inet
addr
:
192.168.1.202
Bcast
:
192.168.1.255
Mask
:
255.255.255.0
inet6
addr
:
fe80
::
20c
:
29ff
:
fe15
:
63d9
/
64
Scope
:
Link
UP
BROADCAST
RUNNING
MULTICAST
MTU
:
1500
Metric
:
1
RX
packets
:
251
errors
:
0
dropped
:
0
overruns
:
0
frame
:
0
TX
packets
:
43
errors
:
0
dropped
:
0
overruns
:
0
carrier
:
0
collisions
:
0
txqueuelen
:
1000
RX
bytes
:
36077
(
35.2
KiB
)
TX
bytes
:
4598
(
4.4
KiB
)
.
.
.
.
.
.
# 检查默认路由
[
root
@
os03
]
route
-
n
Kernel
IP
routing
table
Destination
Gateway
Genmask
Flags
Metric
Ref
Use
Iface
192.168.1.0
0.0.0.0
255.255.255.0
U
0
0
0
eth1
169.254.0.0
0.0.0.0
255.255.0.0
U
1002
0
0
eth1
|
配置DNS服务
dnsmasq能够缓存外部DNS记录,同时提供本地DNS解析或者作为外部DNS的代理,即dnsmasq会首先查找/etc/hosts等本地解析文件,然后再查找/etc/resolv.conf等外部nameserver配置文件中定义的外部DNS。所以说dnsmasq是一个很不错的DNS中继。DNS配置同样写入dnsmasq.conf配置文件里。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# 本地解析文件
# If you don't want dnsmasq to read /etc/hosts, uncomment the following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use this.
#addn-hosts=/etc/banner_add_hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
# 例如,/etc/hosts中的os01将扩展成os01.debugo.com
expand
-
hosts
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local
=
/
debugo
.com
/
# 强制使用完整的解析名
# Never forward plain names (without a dot or domain part)
domain
-
needed
# 添加额外的上级DNS主机(nameserver)配置文件
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
#resolv-file=
# 不使用上级DNS主机配置文件(/etc/resolv.conf和resolv-file)
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no
-
resolv
# 相应的,可以为特定的域名指定解析它的nameserver。一般是其他的内部DNS name server
# Add other name servers here, with domain specs if they are for
# non-public domains.
# server=/myserver.com/192.168.0.1
# 设置DNS缓存大小(单位:DNS解析条数)
#Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
cache
-
size
=
500
# 关于log的几个选项
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
log
-
queries
# Log lots of extra information about DHCP transactions.
#log-dhcp
# Log to this syslog facility or file. (defaults to DAEMON)
log
-
facility
=
/
var
/
log
/
dnsmasq
.log
# 异步log,缓解阻塞,提高性能。
# Enable asynchronous logging and optionally set the limit on the number of lines which will be queued by dnsmasq
# when writing to the syslog is slow.
# Dnsmasq can log asynchronously: this allows it to continue functioning without being blocked by syslog,
# and allows syslog to use dnsmasq for DNS queries without risking deadlock. If the queue of log-lines becomes
# full, dnsmasq will log the overflow, and the number of messages lost.
# The default queue length is 5, a sane value would be 5-25, and a maximum limit of 100 is imposed.
log
-
async
=
20
# 指定domain的IP地址
# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
address
=
/
doubleclick
.net
/
127.0.0.1
address
=
/
.phobos
.apple
.com
/
202.175.5.114
|
配置完成后重启dnsmasq,然后在客户端测试:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[
root
@
os03
]
nslookup
os01
.debugo
.com
Server
:
192.168.1.132
Address
:
192.168.1.132
#53
Name
:
os01
.debugo
.com
Address
:
192.168.1.132
[
root
@
os03
]
nslookup
os02
.debugo
.com
Server
:
192.168.1.132
Address
:
192.168.1.132
#53
Name
:
os02
.debugo
.com
Address
:
192.168.1.201
[
root
@
os03
]
nslookup
doubleclick
.net
Server
:
192.168.1.132
Address
:
192.168.1.132
#53
Name
:
doubleclick
.net
Address
:
127.0.0.1
#注意,由于address选项解析为127.0.0.1,而非server的192.168.1.132地址。
[
root
@
os03
]
nslookup
a1
.phobos
.apple
.com
Server
:
192.168.1.132
Address
:
192.168.1.132
#53
Name
:
a1
.phobos
.apple
.com
Address
:
202.175.5.114
|
^^