简介
Dnsmasq 提供 DNS 缓存和 DHCP 服务功能。作为域名解析服务器(DNS),Dnsmasq可以通过缓存 DNS 请求来提高对访问过的网址的连接速度。作为DHCP 服务器,Dnsmasq 可以用于为局域网电脑分配内网ip地址和提供路由。DNS和DHCP两个功能可以同时或分别单独实现。Dnsmasq轻量且易配置,适用于小型网络。此外它还自带了一个 PXE 服务器。
环境说明
系统:CentOS最小化安装;升级内核及软件补丁;关闭SELinux和防火墙。
安装程序
1、安装Dnsmasq程序包及DNS命令Dig程序包:yum install -y dnsmasq bind-utils
[root@dnsmasq ~]# yum install -y dnsmasq bind-utils Loaded plugins: fastestmirror Determining fastest mirrors * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/5): epel/x86_64/group_gz | 96 kB 00:00:00 (2/5): epel/x86_64/updateinfo | 1.0 MB 00:00:00 (3/5): extras/7/x86_64/primary_db | 242 kB 00:00:00 (4/5): epel/x86_64/primary_db | 6.9 MB 00:00:01 (5/5): updates/7/x86_64/primary_db | 8.0 MB 00:00:02 Resolving Dependencies --> Running transaction check ---> Package bind-utils.x86_64 32:9.11.4-26.P2.el7_9.5 will be installed --> Processing Dependency: bind-libs-lite(x86-64) = 32:9.11.4-26.P2.el7_9.5 for package: 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64 --> Processing Dependency: bind-libs(x86-64) = 32:9.11.4-26.P2.el7_9.5 for package: 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64 --> Processing Dependency: liblwres.so.160()(64bit) for package: 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64 --> Processing Dependency: libbind9.so.160()(64bit) for package: 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64 ---> Package dnsmasq.x86_64 0:2.76-17.el7_9.1 will be installed --> Running transaction check ---> Package bind-libs.x86_64 32:9.11.4-26.P2.el7_9.5 will be installed --> Processing Dependency: bind-license = 32:9.11.4-26.P2.el7_9.5 for package: 32:bind-libs-9.11.4-26.P2.el7_9.5.x86_64 ---> Package bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.3 will be updated ---> Package bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.5 will be an update --> Running transaction check ---> Package bind-license.noarch 32:9.11.4-26.P2.el7_9.3 will be updated ---> Package bind-license.noarch 32:9.11.4-26.P2.el7_9.5 will be an update --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================================== Package Arch Version Repository Size ======================================================================================================================================== Installing: bind-utils x86_64 32:9.11.4-26.P2.el7_9.5 updates 260 k dnsmasq x86_64 2.76-17.el7_9.1 updates 280 k Installing for dependencies: bind-libs x86_64 32:9.11.4-26.P2.el7_9.5 updates 157 k Updating for dependencies: bind-libs-lite x86_64 32:9.11.4-26.P2.el7_9.5 updates 1.1 M bind-license noarch 32:9.11.4-26.P2.el7_9.5 updates 91 k Transaction Summary ======================================================================================================================================== Install 2 Packages (+1 Dependent package) Upgrade ( 2 Dependent packages) Total download size: 1.9 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/5): bind-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm | 157 kB 00:00:00 (2/5): bind-license-9.11.4-26.P2.el7_9.5.noarch.rpm | 91 kB 00:00:00 (3/5): bind-utils-9.11.4-26.P2.el7_9.5.x86_64.rpm | 260 kB 00:00:00 (4/5): dnsmasq-2.76-17.el7_9.1.x86_64.rpm | 280 kB 00:00:00 (5/5): bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64.rpm | 1.1 MB 00:00:00 ---------------------------------------------------------------------------------------------------------------------------------------- Total 2.4 MB/s | 1.9 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : 32:bind-license-9.11.4-26.P2.el7_9.5.noarch 1/7 Updating : 32:bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64 2/7 Installing : 32:bind-libs-9.11.4-26.P2.el7_9.5.x86_64 3/7 Installing : 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64 4/7 Installing : dnsmasq-2.76-17.el7_9.1.x86_64 5/7 Cleanup : 32:bind-libs-lite-9.11.4-26.P2.el7_9.3.x86_64 6/7 Cleanup : 32:bind-license-9.11.4-26.P2.el7_9.3.noarch 7/7 Verifying : 32:bind-libs-9.11.4-26.P2.el7_9.5.x86_64 1/7 Verifying : 32:bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64 2/7 Verifying : 32:bind-utils-9.11.4-26.P2.el7_9.5.x86_64 3/7 Verifying : 32:bind-license-9.11.4-26.P2.el7_9.5.noarch 4/7 Verifying : dnsmasq-2.76-17.el7_9.1.x86_64 5/7 Verifying : 32:bind-license-9.11.4-26.P2.el7_9.3.noarch 6/7 Verifying : 32:bind-libs-lite-9.11.4-26.P2.el7_9.3.x86_64 7/7 Installed: bind-utils.x86_64 32:9.11.4-26.P2.el7_9.5 dnsmasq.x86_64 0:2.76-17.el7_9.1 Dependency Installed: bind-libs.x86_64 32:9.11.4-26.P2.el7_9.5 Dependency Updated: bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.5 bind-license.noarch 32:9.11.4-26.P2.el7_9.5 Complete!
2、Dnsmasq主配置文件(/etc/dnsmasq.conf)几乎都是注释说明,保持默认不变即可;也可以清空注释按照格式自定义配置;
DNS基本配置
1、根据主配置文件默认的配置文件目录路径(conf-dir=/etc/dnsmasq.d)中创建配置DNS专属配置文件(vim /etc/dnsmasq.d/dns.conf)
port=53 #指定DNS端口(可选),默认即为53端口可不配置;
no-resolv #配置Dnsmasq服务不读取resolv-file参数信息;即默认不从/etc/resolv.conf配置文件中获取上游DNS服务器地址;
server=DNS服务器地址 #自定义上游DNS服务器地址
listen-address=127.0.0.1,192.168.80.248 #定义Dnsmasq监听的地址(可选),默认即为监控本机的所有网卡上可不配置;
no-hosts #配置Dnsmasq服务不读取本地hosts配置文件(/etc/hosts)信息;即默认不从/etc/hosts配置文件中获取DNS解析记录;
addn-hosts=/etc/dnsmasq.hosts #自定义Dnsmasq服务DNS解析文件路径,可以多次指定。如果指定为目录,则读取目录中的所有文件;
no-resolv #配置Dnsmasq服务不读取resolv-file参数信息;即默认不从/etc/resolv.conf配置文件中获取上游DNS服务器地址;
server=DNS服务器地址 #自定义上游DNS服务器地址
listen-address=127.0.0.1,192.168.80.248 #定义Dnsmasq监听的地址(可选),默认即为监控本机的所有网卡上可不配置;
no-hosts #配置Dnsmasq服务不读取本地hosts配置文件(/etc/hosts)信息;即默认不从/etc/hosts配置文件中获取DNS解析记录;
addn-hosts=/etc/dnsmasq.hosts #自定义Dnsmasq服务DNS解析文件路径,可以多次指定。如果指定为目录,则读取目录中的所有文件;
vim /etc/dnsmasq.d/dns.conf
# 配置Dnsmasq服务不读取resolv-file参数信息;即默认不从/etc/resolv.conf配置文件中获取上游DNS服务器地址; no-resolv # 自定义上游DNS服务器地址 server=114.114.114.114 # 配置Dnsmasq服务不读取本地hosts配置文件(/etc/hosts)信息;即默认不从/etc/hosts配置文件中获取DNS解析记录; no-hosts # 自定义Dnsmasq服务DNS解析文件路径,可以多次指定。如果指定为目录,则读取目录中的所有文件; addn-hosts=/etc/dnsmasq.hosts
2、根据刚定义的配置按需创建自定义配置文件:vim /etc/dnsmasq.hosts
[root@dnsmasq ~]# vim /etc/dnsmasq.hosts
1.1.1.1 abc.com
3、启动Dnsmasq程序并配置服务为自启动:systemctl start dnsmasq && systemctl enable dnsmasq
[root@dnsmasq ~]# systemctl start dnsmasq && systemctl enable dnsmasq Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.
4、验证DNS配置
内网自定义DNS解析记录
[root@dnsmasq ~]# dig abc.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> abc.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25109 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;abc.com. IN A ;; ANSWER SECTION: abc.com. 0 IN A 1.1.1.1 ;; Query time: 0 msec ;; SERVER: 192.168.80.248#53(192.168.80.248) ;; WHEN: Thu Jun 10 21:08:21 CST 2021 ;; MSG SIZE rcvd: 52
外网公共DNS解析
[root@dnsmasq ~]# dig www.baidu.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18615 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 1066 IN CNAME www.a.shifen.com. www.a.shifen.com. 147 IN A 112.80.248.75 www.a.shifen.com. 147 IN A 112.80.248.76 ;; Query time: 15 msec ;; SERVER: 192.168.80.248#53(192.168.80.248) ;; WHEN: Thu Jun 10 21:13:12 CST 2021 ;; MSG SIZE rcvd: 101
通过验证得出不管是解析内网的自定义记录还是外网的公共域名,回复的服务器(SERVER)都是内网我们搭建搭建的DNS服务器,到此Dnsmasq关于DNS的基本配置完成;
DHCP基本配置
1、根据主配置文件默认的配置文件目录路径(conf-dir=/etc/dnsmasq.d)中创建配置DHCP专属配置文件(vim /etc/dnsmasq.d/dhcp.conf)
全局配置方式:
dhcp-lease-max=150 #定义分配地址的默认租期时间;默认为150秒
地址段配置方式:
dhcp-range=192.168.80.100,192.168.80.150,255.255.255.0,1h #定义可分配的ip地址段和租约时间
DHCP客户端Option选项配置方式:
dhcp-option=option:router,192.168.80.254 #定义分配地址的路由(网关)地址
dhcp-option=option:dns-server,192.168.80.248 #定义分配地址的DNS服务器地址,多地址用逗号分隔
dhcp-lease-max=150 #定义分配地址的默认租期时间;默认为150秒
地址段配置方式:
dhcp-range=192.168.80.100,192.168.80.150,255.255.255.0,1h #定义可分配的ip地址段和租约时间
DHCP客户端Option选项配置方式:
dhcp-option=option:router,192.168.80.254 #定义分配地址的路由(网关)地址
dhcp-option=option:dns-server,192.168.80.248 #定义分配地址的DNS服务器地址,多地址用逗号分隔
[root@dnsmasq ~]# vim /etc/dnsmasq.d/dhcp.conf
# 定义分配地址的默认租期时间;默认为150秒 dhcp-lease-max=150 # 定义可分配的ip地址段和租约时间 dhcp-range=192.168.80.100,192.168.80.150,255.255.255.0,1h # 定义分配地址的路由(网关)地址 dhcp-option=option:router,192.168.80.254 # 定义分配地址的DNS服务器地址,多地址用逗号分隔 dhcp-option=option:dns-server,192.168.80.248
2、重启Dnsmasq服务:systemctl restart dnsmasq.service
[root@dnsmasq ~]# systemctl restart dnsmasq.service
3、验证DHCP配置
DHCP客户机上查看已获取到IP地址等信息;
[root@localhost ~]# nmcli device show ens33 GENERAL.DEVICE: ens33 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:50:56:25:4A:A2 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: ens33 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/33 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.80.105/24 IP4.GATEWAY: 192.168.80.254 IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.80.254, mt = 100 IP4.ROUTE[2]: dst = 192.168.80.0/24, nh = 0.0.0.0, mt = 100 IP4.DNS[1]: 192.168.80.248 IP6.ADDRESS[1]: fe80::6254:8bbf:4b13:9559/64 IP6.ADDRESS[2]: fe80::f019:9f72:6cd9:5795/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100 IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255
根据DHCP客户机上的MAC地址查看Dnsmasq的DHCP租赁文件比对
[root@dnsmasq ~]# cat /var/lib/dnsmasq/dnsmasq.leases 1623335294 00:50:56:25:4a:a2 192.168.80.105 * *
通过验证得出客户机获取的地址就是服务器分配的,到此Dnsmasq关于DHCP的基本配置完成;