在Ubuntu 22.04系统上安装和配置Dnsmasq的方法

本文介绍如何在Ubuntu 22.04 Linux系统上安装和配置Dnsmasq的方法。Dnsmasq是一个简单、轻量级、易于使用和管理的DNS服务器,适用于资源受限的路由器和防火墙,支持Lua脚本、IPv6、DNSSEC、PXE网络引导、BOOTP和TFTP。其实,Dnsmasq旨在为中小型网络环境提供DNS和可选的DHCP/TFTP服务,当它接收到DNS查询时,它将从本地缓存中回答它们,或者将它们转发到不同的递归DNS服务器,该服务器可以是BIND或任何其他DNS服务器。

在Ubuntu 22.04上安装Dnsmasq

Ubuntu 18.04+附带systemd解析,您需要禁用它,因为它绑定到端口53,这将与Dnsmasq端口冲突。

运行以下命令以禁用已解析的服务:

sudo systemctl disable systemd-resolved

sudo systemctl stop systemd-resolved

此外,删除符号链接的resolv.conf文件:

$ ls -lh /etc/resolv.conf 

lrwxrwxrwx 1 root root 39 Jan 2 15:52 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

$ sudo unlink /etc/resolv.conf

然后创建新的resolv.conf文件:

echo nameserver 8.8.8.8 | sudo tee /etc/resolv.conf

Dnsmasq在apt存储库中可用,可以通过运行以下命令轻松安装:

sudo apt update

sudo apt install dnsmasq

Dnsmasq的主配置文件是/etc/dnsmasq.conf。通过修改此文件来配置Dnsmasq:

sudo vim /etc/dnsmasq.conf

以下是最低配置:

# Listen on this specific port instead of the standard DNS port

# (53). Setting this to zero completely disables DNS function,

# leaving only DHCP and/or TFTP.

port=53

# Never forward plain names (without a dot or domain part)

domain-needed

# Never forward addresses in the non-routed address spaces.

bogus-priv

# By  default,  dnsmasq  will  send queries to any of the upstream

# servers it knows about and tries to favour servers to are  known

# to  be  up.  Uncommenting this forces dnsmasq to try each query

# with  each  server  strictly  in  the  order  they   appear   in

# /etc/resolv.conf

strict-order

# Set this (and domain: see below) if you want to have a domain

# automatically added to simple names in a hosts-file.

expand-hosts

# Set the domain for dnsmasq. this is optional, but if it is set, it

# does the following things.

# 1) Allows DHCP hosts to have fully qualified domain names, as long

#     as the domain part matches this setting.

# 2) Sets the "domain" DHCP option thereby potentially setting the

#    domain of all systems configured by DHCP

# 3) Provides the domain part for "expand-hosts"

#domain=thekelleys.org.uk

domain=example.com

# Set Listen address

listen-address=127.0.0.1 # Set to Server IP for network responses

如果要启用DNSSEC验证和缓存,请取消注释:

$ sudo dnssec

进行您认为相关的任何其他更改,完成后重新启动dnsmasq:

sudo systemctl restart dnsmasq

将DNS记录添加到Dnsmasq

在文件中添加DNS记录/etc/hosts。Dnsmasq将使用这些记录回复来自客户端的查询:

$ sudo vim /etc/hosts

10.1.3.4 server1.mypridomain.com

10.1.4.4 erp.mypridomain.com 

192.168.10.2 checkout.mypridomain.com 

192.168.4.3 hello.world

添加记录后,需要重新启动dnsmasq服务:

sudo systemctl restart dnsmasq

测试Dnsmasq DNS功能

要验证Dnsmasq是否响应我们添加的记录,请将服务器的DNS服务器指向Dnsmasq服务器。编辑/etc/network/interfaces进行持久配置,或在Ubuntu服务器上编辑/etc/netplan/文件。

由于这是一个测试,我将修改运行时文件/etc/resolv.conf:

$ sudo vim /etc/resolv.conf

nameserver 127.0.0.1

nameserver 8.8.8.8

使用dig进行测试:

$ dig A erp.mypridomain.com

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> A erp.mypridomain.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43392

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;erp.mypridomain.com. IN A

;; ANSWER SECTION:

erp.mypridomain.com. 0 IN A 10.1.4.4

;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; MSG SIZE  rcvd: 64

下面是另一个示例:

$ dig checkout.mypridomain.com A +noall +answer

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> checkout.mypridomain.com A +noall +answer

;; global options: +cmd

checkout.mypridomain.com. 0 IN A 192.168.10.2

您可以确认我们得到的响应已配置。

将Dnsmasq配置为DHCP服务器(可选)

您可以使用Dnsmasq为静态或动态客户端分配IP地址。

编辑文件/etc/dnsmasq.conf并提供DHCP选项。您需要提供:

1]、默认网关IP地址。

2]、DNS服务器IP地址(可能是Dnsmasq或不同的DNS服务器)。

3]、网络子网掩码。

4]、DHCP地址范围。

5]、NTP服务器。

参见以下示例:

dhcp-range=192.168.3.25,192.168.3.50,24h

dhcp-option=option:router,192.168.3.1

dhcp-option=option:ntp-server,192.168.3.5

dhcp-option=option:dns-server,192.168.3.5

dhcp-option=option:netmask,255.255.255.0

重新启动dnsmasq并配置客户端以从此服务器获取IP地址:

sudo systemctl restart dnsmasq

至此,将Dnsmasq配置为DHCP服务器完成。其实Dnsmasq是一个易于配置的DNS缓存,可以加快internet浏览和系统上域记录的解析,另外,您还可以享受其DHCP子系统,该子系统易于配置和用于小型网络。

栏目相关文章