dnsmasq.conf配置

#这个是很有用的东西，因为你要做自定义dns控制的话，最好单独独立一份
#dns服务器地址清单，系统默认的/etc/resolv.conf是会变化的，尤其是新
#版本的linux系统会跟随网卡配置变化或者其他网络管理套件变化，为了可
#靠性，单独独立一份出来管理，所以需要打开这个配置
#resolv-file=
resolv-file=/etc/resolv.dnsmasq.conf


#配置内网其他dns服务器的域名解析，一般来说用dnsmasq的环境不是复杂环
#境，所以不需要那么多【不常用】
#server=/localnet/192.168.0.1
server=/testdns.com/172.16.0.1


#这个是好家伙，强制解析，类似写host的效果，这样可以做域名绑定，避免被
#dns污染，也支持泛解析*号，现在世界都很危险，还是要保留内心的一丝纯洁的
address=/www.test.com/192.168.0.12


#指定监听某个接口，例如某张网卡
#interface=
interface=p3p1


#这个是重要选项，监听地址，要写上ip地址加上127.0.0.1，因为IP地址是给你
#的client机用的，127.0.0.1是给dnsmasq用的，为什么呢，是因为你要做dns缓
#存，要访问自己即是本机，格式就是ip,127.0.0.1
#listen-address=
listen-address=127.0.0.1,172.16.0.1


#绑定了网卡之后会保证dnsmasq不去骚扰其他网卡，保证请求不乱发，一般跟
#interface一起使用
#bind-interfaces
bind-interfaces


#使用另外一个文件代替hosts，这样就可以不骚扰本机的host 从而保证服务器
#固有host不被影响，也可以给dnsmasq使用特别的hosts
#addn-hosts=/etc/banner_add_hosts
addn-hosts=/etc/dnsmasq.host


#这就是标准语法，分配c类网段，12h租约，支持多个subnet，多行写就行了，
#不过需要注意的是多个网段是需要dhcp中继的，dhcp中继请自行百度，大概就是
#独立一个网卡，监听dhcp的御用67 udp和tcp端口，连接主dhcp服务器
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
dhcp-range=172.16.0.30,172.16.1.254,255.255.128.0,30m


#这个是组合版，绑定某个mac对应fred名字，然后加上一个ip分配，并设置租约，
#这个只能说是灵活配置的参考，没啥实际意义
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
dhcp-host=B8:EE:65:D2:F9:B4,fred,172.16.1.139


dhcp-option=3,172.16.0.1
dhcp-option=19,0           # option ip-forwarding off IP转发关闭
dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
dhcp-option=45,0.0.0.0     # netbios datagram distribution server
dhcp-option=46,8           # netbios node type


#根据配置的subnet来配置这个值，这个就是dhcp分配的ip池
#dhcp-lease-max=150
dhcp-lease-max=500


#查看dhcp的log
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases


#配置dns缓存池的大小，默认150，嘛设置个1000也无所谓
#cache-size=150
cache-size=1000


dhcp-option=252,"\n"
           

配置DNS服务

        dnsmasq能够缓存外部DNS记录，同时提供本地DNS解析或者作为外部DNS的代理，即dnsmasq会首先查找/etc/hosts等本地解析文件，然后再查找/etc/resolv.conf等外部nameserver配置文件中定义的外部DNS。所以说dnsmasq是一个很不错的DNS中继。DNS配置同样写入dnsmasq.conf配置文件里。

# 本地解析文件
# If you don't want dnsmasq to read /etc/hosts, uncomment the following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use this.
#addn-hosts=/etc/banner_add_hosts
 
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
# 例如，/etc/hosts中的os01将扩展成os01.debugo.com
expand-hosts
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/debugo.com/
 
# 强制使用完整的解析名
# Never forward plain names (without a dot or domain part)
domain-needed
 
# 添加额外的上级DNS主机（nameserver）配置文件
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
#resolv-file=
 
# 不使用上级DNS主机配置文件(/etc/resolv.conf和resolv-file）
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv
# 相应的，可以为特定的域名指定解析它的nameserver。一般是其他的内部DNS name server
# Add other name servers here, with domain specs if they are for
# non-public domains.
# server=/myserver.com/192.168.0.1
 
# 设置DNS缓存大小（单位：DNS解析条数）
#Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
cache-size=500
 
# 关于log的几个选项
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
log-queries
 
# Log lots of extra information about DHCP transactions.
#log-dhcp
 
# Log to this syslog facility or file. (defaults to DAEMON)
log-facility=/var/log/dnsmasq.log
 
# 异步log，缓解阻塞，提高性能。
# Enable asynchronous logging and optionally set the limit on the number of lines which will be queued by dnsmasq
# when writing to the syslog is slow. 
# Dnsmasq can log asynchronously: this allows it to continue functioning without being blocked by syslog, 
# and allows syslog to use dnsmasq for DNS queries without risking deadlock. If the queue of log-lines becomes 
# full, dnsmasq will log the overflow, and the number of messages lost. 
# The default queue length is 5, a sane value would be 5-25, and a maximum limit of 100 is imposed.
log-async=20
 
# 指定domain的IP地址
# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
address=/doubleclick.net/127.0.0.1
address=/.phobos.apple.com/202.175.5.114