Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to deploy DNSmasq". In daily operation, I believe many people have doubts about how to deploy DNSmasq. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts about "how to deploy DNSmasq"! Next, please follow the editor to study!

DNSmasq is a lightweight and easy-to-use DNS service tool that can be applied to NAT translation of IP addresses when intranets and Internet connections are connected, and can also be used as DNS services for small networks.

1. Install directly using yum, and set to boot, and close SELinux [root@localhost] # yum install dnsmasq*-y [root@localhost] # chkconfig dnsmasq on2. Modify the local network profile

Modify the parameters of the network card

[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0TYPE=EthernetONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=noneIPADDR=172.19.30.250PREFIX=24GATEWAY=172.19.30.254DNS1=127.0.0.1DEFROUTE=yesIPV4_FAILURE_FATAL=yesIPV6INIT=noNAME= "System eth0"

* * modify * * hostname

[root@localhost] # vim / etc/sysconfig/networkNETWORKING=yesHOSTNAME=ad.cloud.comGATEWAY=172.19.30.2543. Modify iptables (just turn it off if it is troublesome) to allow port 53 of this machine to access $iptables-An INPUT-p udp-m udp-dport 53-j ACCEPT$ iptables-An INPUT-p tcp-m tcp-dport 53-j ACCEPT to forward DNS requests

# enable traffic forwarding

$echo'1' > / proc/sys/net/ipv4/ip_forward$ echo'1' > / proc/sys/net/ipv6/ip_forward # IPv6 user selection

# add traffic forwarding rules to map requests external to port 53 to port 53 of Dnsmasq server

$iptables-t nat-A PREROUTING-p udp-dport 53-j REDIRECT-to-ports 53$ iptables-t nat-A PREROUTING-p tcp-dport 53-j REDIRECT-to-ports 53

# if you want to restrict only private network requests, the method is as follows. If it is a network card, simply replace eth2 with eth0.

$iptables-t nat-A PREROUTING-I eth2-p upd-dport 53-j REDIRECT-to-port 53

Save the rule and restart $service iptables save $service iptables restart4. Modify / etc/dnsmasq.conf [root@localhost dnsmasq.d] # vim / etc/dnsmasq.conf and fill in the following content no-hosts

# do not load the local / etc/hosts file

Local-ttl=3600

# Local cache time, which is usually not required to cache locally, so that even if the hosts file is changed, it will take effect

Cache-size=1000000

# maximum number of cache entries

Dns-forward-max=1000000listen-address=127.0.0.1172.19.30.250

# if you want this server for resolution, fill in your own address and 127.0.0.1 address

Resolv-file=/etc/resolv.dnsmasq.conf

# this file can be customized, so I followed the stream, copied a copy of resolv.conf directly and changed its name to use it.

All-servers

# this statement means that if the local query is not found, then all the DNS queries in our resolv.dnsmasq.conf file will be used by whoever finds it quickly.

Log-queries

# enable logging option

Log-facility=/var/log/dnsmasq/dnsmasq.loglog-async=100

# Asynchronous log to ease blocking and improve performance. Default is 5, maximum is 100

Conf-dir=/etc/dnsmasq.d

# this should be the last sentence, and its function is to indicate that all .conf files in this directory need to be parsed

* * Tip: * * if there are multiple different domain names in our private network, we can add the above sentence so that we can classify the configuration file when we do the parsing.

5. Add resolv parsing file

Modify the configuration file we just copied and specify the DNS we normally need, so that our intranet can use the network normally, instead of using the self-built DNS, but can not access the Internet.

[root@localhost dnsmasq.d] # vim / etc/resolv.dnsmasq.confnameserver 202.106.0.20nameserver 192.168.59.241nameserver 114.114.114.114nameserver 8.8.8.8nameserver 168.95.1.1

# the last one is Taiwan's DNS, our Apple's official appstore downloads things faster, and Apple's online reinstallation system uses this DNS faster.

6. Add additional domain name resolution

Let's switch to this directory and add the resolution of our different internal domain names

[root@localhost dnsmasq.d] # cd / etc/dnsmasq.d/

Add a parsing file

[root@localhost dnsmasq.d] # vim cloud.conf [root@localhost dnsmasq.d] # lscloud.conf seccloud.conf7. Profile syntax rules

Normally, we add the following parsing content, and the syntax rules for resolving addresses are as follows:

Address=/domain/ip_ address [root @ localhost dnsmasq.d] # cat cloud.confaddress=/im.cloud.top/192.168.59.12address=/git.cloud.top/192.168.59.20address=/crm.cloud.top/192.168.59.11address=/ftp.cloud.top/172.19.2.253address=/note.cloud.top/172.19.30.2508. Start the dnsmasq service [root@localhost ~] # service dnsmasq start9. We conducted a test to verify:

Test the domain name access on your notebook:

Localhost:~ admin$ nslookup > git.cloud.topServer:172.19.30.250Address:172.19.30.250#53Name:git.cloud.topAddress: 192.168.59.20 > www.baidu.comServer:172.19.30.250Address:172.19.30.250#53Non-authoritative answer:www.baidu.comcanonical name = www.a.shifen.com.Name:www.a.shifen.comAddress: 61.135.169.121Name:www.a.shifen.comAddress: 61.135.169.125

Cache validation:

[root@ad] # dig www.baidu.com; > DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 > www.baidu.com;; global options: + cmd;; Got answer:;;-> > HEADER#53 (127.0.0.1); WHEN: Sat Jul 1 13:25:51 2017; MSG SIZE rcvd: 226 [root@ad] # dig www.baidu.com > DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 > www.baidu.com;; global options: + cmd;; Got answer:;;-> > HEADER#53 (127.0.0.1); WHEN: Sat Jul 1 13:25:59 2017; MSG SIZE rcvd: 93

We can see that the cache was retained in the last parse, and this time the parse read the cache file directly.

At this point, the study on "how to deploy DNSmasq" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.