共计 5817 个字符,预计需要花费 15 分钟才能阅读完成。
[v_act]简介[/v_act]
Dnsmasq 提供 DNS 缓存和 DHCP 服务功能。作为域名解析服务器(DNS),Dnsmasq可以通过缓存 DNS 请求来提高对访问过的网址的连接速度。作为DHCP 服务器,Dnsmasq 可以用于为局域网电脑分配内网ip地址和提供路由。DNS和DHCP两个功能可以同时或分别单独实现。Dnsmasq轻量且易配置,适用于小型网络。此外它还自带了一个 PXE 服务器。
[v_act]环境说明[/v_act]
系统:CentOS最小化安装;升级内核及软件补丁;关闭SELinux和防火墙。
[v_act]安装程序[/v_act]
1、安装Dnsmasq程序包及DNS命令Dig程序包:yum install -y dnsmasq bind-utils
[root@dnsmasq ~]# yum install -y dnsmasq bind-utils
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/5): epel/x86_64/group_gz | 96 kB 00:00:00
(2/5): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(3/5): extras/7/x86_64/primary_db | 242 kB 00:00:00
(4/5): epel/x86_64/primary_db | 6.9 MB 00:00:01
(5/5): updates/7/x86_64/primary_db | 8.0 MB 00:00:02
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.x86_64 32:9.11.4-26.P2.el7_9.5 will be installed
--> Processing Dependency: bind-libs-lite(x86-64) = 32:9.11.4-26.P2.el7_9.5 for package: 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64
--> Processing Dependency: bind-libs(x86-64) = 32:9.11.4-26.P2.el7_9.5 for package: 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64
--> Processing Dependency: liblwres.so.160()(64bit) for package: 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64
--> Processing Dependency: libbind9.so.160()(64bit) for package: 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64
---> Package dnsmasq.x86_64 0:2.76-17.el7_9.1 will be installed
--> Running transaction check
---> Package bind-libs.x86_64 32:9.11.4-26.P2.el7_9.5 will be installed
--> Processing Dependency: bind-license = 32:9.11.4-26.P2.el7_9.5 for package: 32:bind-libs-9.11.4-26.P2.el7_9.5.x86_64
---> Package bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.3 will be updated
---> Package bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.5 will be an update
--> Running transaction check
---> Package bind-license.noarch 32:9.11.4-26.P2.el7_9.3 will be updated
---> Package bind-license.noarch 32:9.11.4-26.P2.el7_9.5 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================
Installing:
bind-utils x86_64 32:9.11.4-26.P2.el7_9.5 updates 260 k
dnsmasq x86_64 2.76-17.el7_9.1 updates 280 k
Installing for dependencies:
bind-libs x86_64 32:9.11.4-26.P2.el7_9.5 updates 157 k
Updating for dependencies:
bind-libs-lite x86_64 32:9.11.4-26.P2.el7_9.5 updates 1.1 M
bind-license noarch 32:9.11.4-26.P2.el7_9.5 updates 91 k
Transaction Summary
========================================================================================================================================
Install 2 Packages (+1 Dependent package)
Upgrade ( 2 Dependent packages)
Total download size: 1.9 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/5): bind-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm | 157 kB 00:00:00
(2/5): bind-license-9.11.4-26.P2.el7_9.5.noarch.rpm | 91 kB 00:00:00
(3/5): bind-utils-9.11.4-26.P2.el7_9.5.x86_64.rpm | 260 kB 00:00:00
(4/5): dnsmasq-2.76-17.el7_9.1.x86_64.rpm | 280 kB 00:00:00
(5/5): bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64.rpm | 1.1 MB 00:00:00
----------------------------------------------------------------------------------------------------------------------------------------
Total 2.4 MB/s | 1.9 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 32:bind-license-9.11.4-26.P2.el7_9.5.noarch 1/7
Updating : 32:bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64 2/7
Installing : 32:bind-libs-9.11.4-26.P2.el7_9.5.x86_64 3/7
Installing : 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64 4/7
Installing : dnsmasq-2.76-17.el7_9.1.x86_64 5/7
Cleanup : 32:bind-libs-lite-9.11.4-26.P2.el7_9.3.x86_64 6/7
Cleanup : 32:bind-license-9.11.4-26.P2.el7_9.3.noarch 7/7
Verifying : 32:bind-libs-9.11.4-26.P2.el7_9.5.x86_64 1/7
Verifying : 32:bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64 2/7
Verifying : 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64 3/7
Verifying : 32:bind-license-9.11.4-26.P2.el7_9.5.noarch 4/7
Verifying : dnsmasq-2.76-17.el7_9.1.x86_64 5/7
Verifying : 32:bind-license-9.11.4-26.P2.el7_9.3.noarch 6/7
Verifying : 32:bind-libs-lite-9.11.4-26.P2.el7_9.3.x86_64 7/7
Installed:
bind-utils.x86_64 32:9.11.4-26.P2.el7_9.5 dnsmasq.x86_64 0:2.76-17.el7_9.1
Dependency Installed:
bind-libs.x86_64 32:9.11.4-26.P2.el7_9.5
Dependency Updated:
bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.5 bind-license.noarch 32:9.11.4-26.P2.el7_9.5
Complete!
2、Dnsmasq主配置文件(/etc/dnsmasq.conf)几乎都是注释说明,保持默认不变即可;也可以清空注释按照格式自定义配置;
[v_act]DNS基本配置[/v_act]
1、根据主配置文件默认的配置文件目录路径(conf-dir=/etc/dnsmasq.d)中创建配置DNS专属配置文件(vim /etc/dnsmasq.d/dns.conf)
no-resolv #配置Dnsmasq服务不读取resolv-file参数信息;即默认不从/etc/resolv.conf配置文件中获取上游DNS服务器地址;
server=DNS服务器地址 #自定义上游DNS服务器地址
listen-address=127.0.0.1,192.168.80.248 #定义Dnsmasq监听的地址(可选),默认即为监控本机的所有网卡上可不配置;
no-hosts #配置Dnsmasq服务不读取本地hosts配置文件(/etc/hosts)信息;即默认不从/etc/hosts配置文件中获取DNS解析记录;
addn-hosts=/etc/dnsmasq.hosts #自定义Dnsmasq服务DNS解析文件路径,可以多次指定。如果指定为目录,则读取目录中的所有文件;
vim /etc/dnsmasq.d/dns.conf
# 配置Dnsmasq服务不读取resolv-file参数信息;即默认不从/etc/resolv.conf配置文件中获取上游DNS服务器地址;
no-resolv
# 自定义上游DNS服务器地址
server=114.114.114.114
# 配置Dnsmasq服务不读取本地hosts配置文件(/etc/hosts)信息;即默认不从/etc/hosts配置文件中获取DNS解析记录;
no-hosts
# 自定义Dnsmasq服务DNS解析文件路径,可以多次指定。如果指定为目录,则读取目录中的所有文件;
addn-hosts=/etc/dnsmasq.hosts
2、根据刚定义的配置按需创建自定义配置文件:vim /etc/dnsmasq.hosts
[root@dnsmasq ~]# vim /etc/dnsmasq.hosts
1.1.1.1 abc.com
3、启动Dnsmasq程序并配置服务为自启动:systemctl start dnsmasq && systemctl enable dnsmasq
[root@dnsmasq ~]# systemctl start dnsmasq && systemctl enable dnsmasq
Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.
4、验证DNS配置
内网自定义DNS解析记录
[root@dnsmasq ~]# dig abc.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> abc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25109
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;abc.com. IN A
;; ANSWER SECTION:
abc.com. 0 IN A 1.1.1.1
;; Query time: 0 msec
;; SERVER: 192.168.80.248#53(192.168.80.248)
;; WHEN: Thu Jun 10 21:08:21 CST 2021
;; MSG SIZE rcvd: 52
外网公共DNS解析
[root@dnsmasq ~]# dig www.baidu.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18615
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1066 IN CNAME www.a.shifen.com.
www.a.shifen.com. 147 IN A 112.80.248.75
www.a.shifen.com. 147 IN A 112.80.248.76
;; Query time: 15 msec
;; SERVER: 192.168.80.248#53(192.168.80.248)
;; WHEN: Thu Jun 10 21:13:12 CST 2021
;; MSG SIZE rcvd: 101
[v_blue]通过验证得出不管是解析内网的自定义记录还是外网的公共域名,回复的服务器(SERVER)都是内网我们搭建搭建的DNS服务器,到此Dnsmasq关于DNS的基本配置完成;[/v_blue]
[v_act]DHCP基本配置[/v_act]
1、根据主配置文件默认的配置文件目录路径(conf-dir=/etc/dnsmasq.d)中创建配置DHCP专属配置文件(vim /etc/dnsmasq.d/dhcp.conf)
dhcp-lease-max=150 #定义分配地址的默认租期时间;默认为150秒
地址段配置方式:
dhcp-range=192.168.80.100,192.168.80.150,255.255.255.0,1h #定义可分配的ip地址段和租约时间
DHCP客户端Option选项配置方式:
dhcp-option=option:router,192.168.80.254 #定义分配地址的路由(网关)地址
dhcp-option=option:dns-server,192.168.80.248 #定义分配地址的DNS服务器地址,多地址用逗号分隔
[root@dnsmasq ~]# vim /etc/dnsmasq.d/dhcp.conf
# 定义分配地址的默认租期时间;默认为150秒
dhcp-lease-max=150
# 定义可分配的ip地址段和租约时间
dhcp-range=192.168.80.100,192.168.80.150,255.255.255.0,1h
# 定义分配地址的路由(网关)地址
dhcp-option=option:router,192.168.80.254
# 定义分配地址的DNS服务器地址,多地址用逗号分隔
dhcp-option=option:dns-server,192.168.80.248
2、重启Dnsmasq服务:systemctl restart dnsmasq.service
[root@dnsmasq ~]# systemctl restart dnsmasq.service
3、验证DHCP配置
DHCP客户机上查看已获取到IP地址等信息;
[root@localhost ~]# nmcli device show ens33
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:50:56:25:4A:A2
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/33
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 192.168.80.105/24
IP4.GATEWAY: 192.168.80.254
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.80.254, mt = 100
IP4.ROUTE[2]: dst = 192.168.80.0/24, nh = 0.0.0.0, mt = 100
IP4.DNS[1]: 192.168.80.248
IP6.ADDRESS[1]: fe80::6254:8bbf:4b13:9559/64
IP6.ADDRESS[2]: fe80::f019:9f72:6cd9:5795/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255
根据DHCP客户机上的MAC地址查看Dnsmasq的DHCP租赁文件比对
[root@dnsmasq ~]# cat /var/lib/dnsmasq/dnsmasq.leases
1623335294 00:50:56:25:4a:a2 192.168.80.105 * *
[v_blue]通过验证得出客户机获取的地址就是服务器分配的,到此Dnsmasq关于DHCP的基本配置完成;[/v_blue]