更新时间:2023-01-03 15:41:12浏览次数:784+次
本文介绍如何在Ubuntu 22.04 Linux系统上安装和配置Dnsmasq的方法。Dnsmasq是一个简单、轻量级、易于使用和管理的DNS服务器,适用于资源受限的路由器和防火墙,支持Lua脚本、IPv6、DNSSEC、PXE网络引导、BOOTP和TFTP。其实,Dnsmasq旨在为中小型网络环境提供DNS和可选的DHCP/TFTP服务,当它接收到DNS查询时,它将从本地缓存中回答它们,或者将它们转发到不同的递归DNS服务器,该服务器可以是BIND或任何其他DNS服务器。
在Ubuntu 22.04上安装Dnsmasq
Ubuntu 18.04+附带systemd解析,您需要禁用它,因为它绑定到端口53,这将与Dnsmasq端口冲突。
运行以下命令以禁用已解析的服务:
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
此外,删除符号链接的resolv.conf文件:
$ ls -lh /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Jan 2 15:52 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
$ sudo unlink /etc/resolv.conf
然后创建新的resolv.conf文件:
echo nameserver 8.8.8.8 | sudo tee /etc/resolv.conf
Dnsmasq在apt存储库中可用,可以通过运行以下命令轻松安装:
sudo apt update
sudo apt install dnsmasq
Dnsmasq的主配置文件是/etc/dnsmasq.conf。通过修改此文件来配置Dnsmasq:
sudo vim /etc/dnsmasq.conf
以下是最低配置:
# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
port=53
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
strict-order
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=thekelleys.org.uk
domain=example.com
# Set Listen address
listen-address=127.0.0.1 # Set to Server IP for network responses
如果要启用DNSSEC验证和缓存,请取消注释:
$ sudo dnssec
进行您认为相关的任何其他更改,完成后重新启动dnsmasq:
sudo systemctl restart dnsmasq
将DNS记录添加到Dnsmasq
在文件中添加DNS记录/etc/hosts。Dnsmasq将使用这些记录回复来自客户端的查询:
$ sudo vim /etc/hosts
10.1.3.4 server1.mypridomain.com
10.1.4.4 erp.mypridomain.com
192.168.10.2 checkout.mypridomain.com
192.168.4.3 hello.world
添加记录后,需要重新启动dnsmasq服务:
sudo systemctl restart dnsmasq
测试Dnsmasq DNS功能
要验证Dnsmasq是否响应我们添加的记录,请将服务器的DNS服务器指向Dnsmasq服务器。编辑/etc/network/interfaces进行持久配置,或在Ubuntu服务器上编辑/etc/netplan/文件。
由于这是一个测试,我将修改运行时文件/etc/resolv.conf:
$ sudo vim /etc/resolv.conf
nameserver 127.0.0.1
nameserver 8.8.8.8
使用dig进行测试:
$ dig A erp.mypridomain.com
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> A erp.mypridomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43392
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;erp.mypridomain.com. IN A
;; ANSWER SECTION:
erp.mypridomain.com. 0 IN A 10.1.4.4
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; MSG SIZE rcvd: 64
下面是另一个示例:
$ dig checkout.mypridomain.com A +noall +answer
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> checkout.mypridomain.com A +noall +answer
;; global options: +cmd
checkout.mypridomain.com. 0 IN A 192.168.10.2
您可以确认我们得到的响应已配置。
将Dnsmasq配置为DHCP服务器(可选)
您可以使用Dnsmasq为静态或动态客户端分配IP地址。
编辑文件/etc/dnsmasq.conf并提供DHCP选项。您需要提供:
1]、默认网关IP地址。
2]、DNS服务器IP地址(可能是Dnsmasq或不同的DNS服务器)。
3]、网络子网掩码。
4]、DHCP地址范围。
5]、NTP服务器。
参见以下示例:
dhcp-range=192.168.3.25,192.168.3.50,24h
dhcp-option=option:router,192.168.3.1
dhcp-option=option:ntp-server,192.168.3.5
dhcp-option=option:dns-server,192.168.3.5
dhcp-option=option:netmask,255.255.255.0
重新启动dnsmasq并配置客户端以从此服务器获取IP地址:
sudo systemctl restart dnsmasq
至此,将Dnsmasq配置为DHCP服务器完成。其实Dnsmasq是一个易于配置的DNS缓存,可以加快internet浏览和系统上域记录的解析,另外,您还可以享受其DHCP子系统,该子系统易于配置和用于小型网络。
相关资讯