DNSmasq是一個小巧且友善地用于配置DNS和DHCP的工具,适用于小型網絡。它提供了DNS功能和可選擇的DHCP功能可以取代dhcpd(DHCPD服務配置)和bind等服務,配置起來更簡單,更适用于虛拟化和大資料環境的部署。
dhcp服務
其中一些關鍵的配置如下,配置檔案/etc/dnsmasq.conf 中的注釋已經給出了非常詳細的解釋。
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | # 服務監聽的網絡接口位址 # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. #interface= # Or you can specify which interface _not_ to listen on #except-interface= # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) listen - address = 192.168.1.132 , 127.0.0.1 # dhcp動态配置設定的位址範圍 # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally a lease time dhcp - range = 192.168.1.50 , 192.168.1.150 , 48h # dhcp服務的靜态綁定 # Always set the name and ipaddr of the host with hardware address # dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201 # dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201,infinite 無限租期 dhcp - host = 00 : 0C : 29 : 5E : F2 : 6F , 192.168.1.201 , os02 dhcp - host = 00 : 0C : 29 : 15 : 63 : CF , 192.168.1.202 , os03 # 設定預設租期 # Set the limit on DHCP leases, the default is 150 #dhcp-lease-max=150 # 租期儲存在下面檔案 # The DHCP server needs somewhere on disk to keep its lease database. # This defaults to a sane location, but if you want to change it, use # the line below. #dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases # 通過/etc/hosts來配置設定對應的hostname # Enable the address given for "judge" in /etc/hosts # to be given to a machine presenting the name "judge" when # it asks for a DHCP lease. #dhcp-host=judge # 忽略下面MAC位址的DHCP請求 # Never offer DHCP service to a machine whose ethernet # address is 11:22:33:44:55:66 #dhcp-host=11:22:33:44:55:66,ignore # dhcp所在的domain # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" domain = debugo .com # 設定預設路由出口 # dhcp-option遵循RFC 2132(Options and BOOTP Vendor Extensions),可以通過dnsmasq --help dhcp來檢視具體的配置 # 很多進階的配置,如iSCSI連接配接配置等同樣可以由RFC 2132定義的dhcp-option中給出。 # option 3為default route # Override the default route supplied by dnsmasq, which assumes the # router is the same machine as the one running dnsmasq. dhcp - option = 3 , 192.168.0.1 # 設定NTP Server.這是使用option name而非選項名來進行設定 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5 |
注意:當為某一MAC位址同時靜态配置設定主機名和IP時,如果寫到兩條dhcp-host選項裡(如下所示),則隻會生效後面的一條。正确的選項寫法如上配置。
| 1 2 | dhcp - host = 00 : 0C : 29 : 5E : F2 : 6F , 192.168.1.201 dhcp - host = 00 : 0C : 29 : 5E : F2 : 6F , os02 |
重新啟動用戶端網卡。由于之前測試中用戶端網卡已經申請了DHCP租期。是以這裡需要修改租期檔案,讓用戶端重新獲得IP和hostname。
| 1 2 3 | [ root @ server ] vim / var / lib / dnsmasq / dnsmasq .leases 1400240493 00 : 0c : 29 : 5e : f2 : 6f 192.168.1.143 os02 * 1400240498 00 : 0c : 29 : 15 : 63 : cf 192.168.1.52 os01 * |
啟動dnsmasq服務(server的IP為192.168.1.132)
| 1 | [ root @ server ] dnsmasq |
下面在用戶端進行測試:
# 確定網絡接口配置使用dhcp方式
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | [ root @ localhost ] cat / etc / sysconfig / network - scripts / ifcfg - eth1 DEVICE = "eth1" BOOTPROTO = dhcp IPV6INIT = no NM_CONTROLLED = no ONBOOT = "yes" TYPE = "Ethernet" # 重新開機網絡服務 [ root @ localhost ] service network restart Shutting down interface eth0 : [ OK ] Shutting down loopback interface : [ OK ] Bringing up loopback interface : [ OK ] Bringing up interface eth0 : Determining IP information for eth1 . . . done . # 檢查IP位址 [ OK ] [ root @ os03 ] ifconfig eth1 Link encap : Ethernet HWaddr 00 : 0C : 29 : 15 : 63 : D9 inet addr : 192.168.1.202 Bcast : 192.168.1.255 Mask : 255.255.255.0 inet6 addr : fe80 :: 20c : 29ff : fe15 : 63d9 / 64 Scope : Link UP BROADCAST RUNNING MULTICAST MTU : 1500 Metric : 1 RX packets : 251 errors : 0 dropped : 0 overruns : 0 frame : 0 TX packets : 43 errors : 0 dropped : 0 overruns : 0 carrier : 0 collisions : 0 txqueuelen : 1000 RX bytes : 36077 ( 35.2 KiB ) TX bytes : 4598 ( 4.4 KiB ) . . . . . . # 檢查預設路由 [ root @ os03 ] route - n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth1 |
配置DNS服務
dnsmasq能夠緩存外部DNS記錄,同時提供本地DNS解析或者作為外部DNS的代理,即dnsmasq會首先查找/etc/hosts等本地解析檔案,然後再查找/etc/resolv.conf等外部nameserver配置檔案中定義的外部DNS。是以說dnsmasq是一個很不錯的DNS中繼。DNS配置同樣寫入dnsmasq.conf配置檔案裡。
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | # 本地解析檔案 # If you don't want dnsmasq to read /etc/hosts, uncomment the following line. #no-hosts # or if you want it to read another file, as well as /etc/hosts, use this. #addn-hosts=/etc/banner_add_hosts # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. # 例如,/etc/hosts中的os01将擴充成os01.debugo.com expand - hosts # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. local = / debugo .com / # 強制使用完整的解析名 # Never forward plain names (without a dot or domain part) domain - needed # 添加額外的上級DNS主機(nameserver)配置檔案 # Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf #resolv-file= # 不使用上級DNS主機配置檔案(/etc/resolv.conf和resolv-file) # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. no - resolv # 相應的,可以為特定的域名指定解析它的nameserver。一般是其他的内部DNS name server # Add other name servers here, with domain specs if they are for # non-public domains. # server=/myserver.com/192.168.0.1 # 設定DNS緩存大小(機關:DNS解析條數) #Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching. cache - size = 500 # 關于log的幾個選項 # For debugging purposes, log each DNS query as it passes through # dnsmasq. log - queries # Log lots of extra information about DHCP transactions. #log-dhcp # Log to this syslog facility or file. (defaults to DAEMON) log - facility = / var / log / dnsmasq .log # 異步log,緩解阻塞,提高性能。 # Enable asynchronous logging and optionally set the limit on the number of lines which will be queued by dnsmasq # when writing to the syslog is slow. # Dnsmasq can log asynchronously: this allows it to continue functioning without being blocked by syslog, # and allows syslog to use dnsmasq for DNS queries without risking deadlock. If the queue of log-lines becomes # full, dnsmasq will log the overflow, and the number of messages lost. # The default queue length is 5, a sane value would be 5-25, and a maximum limit of 100 is imposed. log - async = 20 # 指定domain的IP位址 # Add domains which you want to force to an IP address here. # The example below send any host in doubleclick.net to a local # webserver. address = / doubleclick .net / 127.0.0.1 address = / .phobos .apple .com / 202.175.5.114 |
配置完成後重新開機dnsmasq,然後在用戶端測試:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | [ root @ os03 ] nslookup os01 .debugo .com Server : 192.168.1.132 Address : 192.168.1.132 #53 Name : os01 .debugo .com Address : 192.168.1.132 [ root @ os03 ] nslookup os02 .debugo .com Server : 192.168.1.132 Address : 192.168.1.132 #53 Name : os02 .debugo .com Address : 192.168.1.201 [ root @ os03 ] nslookup doubleclick .net Server : 192.168.1.132 Address : 192.168.1.132 #53 Name : doubleclick .net Address : 127.0.0.1 #注意,由于address選項解析為127.0.0.1,而非server的192.168.1.132位址。 [ root @ os03 ] nslookup a1 .phobos .apple .com Server : 192.168.1.132 Address : 192.168.1.132 #53 Name : a1 .phobos .apple .com Address : 202.175.5.114 |
^^
![GitHub連夜封殺!這份阿裡 10W 字内部 Java 字面試手冊到底有多強?[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)