Shulou(Shulou.com)06/01 Report--

This article is about how dnsmasq configures dns. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

DNSmasq is a lightweight and easy-to-use DNS service tool that can be applied to NAT translation of IP addresses when intranets and Internet connections are connected, and can also be used as DNS services for small networks.

Dnsmasq parses the hosts file first, and then parses the * .conf file under / etc/dnsmasq.d/, and these files take precedence over dnsmasq.conf. The DNS in our custom resolv.dnsmasq.conf is also called upstream DNS, which is the last to query and parse.

If we don't want to parse with hosts files, we can add no-hosts to / etc/dnsmasq.conf, so we can directly query the upstream DNS. If we don't want to do upstream query, we just don't want to do normal parsing, we can add no-reslov.

Bind is too large. If a department or service scope is relatively small, we can use dnsmasq. After all, it is simple and convenient to configure. Dnsmasq is used for conflicts between our company's internal domain name and public network domain name, or if our own domain name is special, it is better to use it, and it does not affect the normal public network resolution.

1. Install directly using yum, and set to boot, and close SELinux [root@localhost] # yum install dnsmasq*-y [root@localhost] # chkconfig dnsmasq on2. Modify the local network profile

Modify the parameters of the network card

[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0TYPE=EthernetONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=noneIPADDR=172.19.30.250PREFIX=24GATEWAY=172.19.30.254DNS1=127.0.0.1DEFROUTE=yesIPV4_FAILURE_FATAL=yesIPV6INIT=noNAME= "System eth0"

* * modify * * hostname

[root@localhost] # vim / etc/sysconfig/networkNETWORKING=yesHOSTNAME=ad.cloud.comGATEWAY=172.19.30.2543. Modify iptables (just turn it off if it is troublesome) to allow port 53 of this machine to access $iptables-An INPUT-p udp-m udp-dport 53-j ACCEPT$ iptables-An INPUT-p tcp-m tcp-dport 53-j ACCEPT to forward DNS requests

# enable traffic forwarding

$echo'1' > / proc/sys/net/ipv4/ip_forward$ echo'1' > / proc/sys/net/ipv6/ip_forward # IPv6 user selection

# add traffic forwarding rules to map requests external to port 53 to port 53 of Dnsmasq server

$iptables-t nat-A PREROUTING-p udp-dport 53-j REDIRECT-to-ports 53$ iptables-t nat-A PREROUTING-p tcp-dport 53-j REDIRECT-to-ports 53

# if you want to restrict only private network requests, the method is as follows. If it is a network card, simply replace eth2 with eth0.

$iptables-t nat-A PREROUTING-I eth2-p upd-dport 53-j REDIRECT-to-port 53

Save the rule and restart $service iptables save $service iptables restart4. Modify / etc/dnsmasq.conf [root@localhost dnsmasq.d] # vim / etc/dnsmasq.conf and fill in the following content no-hosts

# do not load the local / etc/hosts file

Local-ttl=3600

# Local cache time, which is usually not required to cache locally, so that even if the hosts file is changed, it will take effect

Cache-size=1000000

# maximum number of cache entries

Dns-forward-max=1000000listen-address=127.0.0.1172.19.30.250

# if you want this server for resolution, fill in your own address and 127.0.0.1 address

Resolv-file=/etc/resolv.dnsmasq.conf

# this file can be customized, so I followed the stream, copied a copy of resolv.conf directly and changed its name to use it.

All-servers

# this statement means that if the local query is not found, then all the DNS queries in our resolv.dnsmasq.conf file will be used by whoever finds it quickly.

Log-queries

# enable logging option

Log-facility=/var/log/dnsmasq/dnsmasq.loglog-async=100

# Asynchronous log to ease blocking and improve performance. Default is 5, maximum is 100

Conf-dir=/etc/dnsmasq.d

# this should be the last sentence, and its function is to indicate that all .conf files in this directory need to be parsed

* * Tip: * * if there are multiple different domain names in our private network, we can add the above sentence so that we can classify the configuration file when we do the parsing.

5. Add resolv parsing file

Modify the configuration file we just copied and specify the DNS we normally need, so that our intranet can use the network normally, instead of using the self-built DNS, but can not access the Internet.

[root@localhost dnsmasq.d] # vim / etc/resolv.dnsmasq.confnameserver 202.106.0.20nameserver 192.168.59.241nameserver 114.114.114.114nameserver 8.8.8.8nameserver 168.95.1.1

# the last one is Taiwan's DNS, our Apple's official appstore downloads things faster, and Apple's online reinstallation system uses this DNS faster.

6. Add additional domain name resolution

Let's switch to this directory and add the resolution of our different internal domain names

[root@localhost dnsmasq.d] # cd / etc/dnsmasq.d/

Add a parsing file

[root@localhost dnsmasq.d] # vim cloud.conf [root@localhost dnsmasq.d] # lscloud.conf seccloud.conf7. Profile syntax rules

Normally, we add the following parsing content, and the syntax rules for resolving addresses are as follows:

Address=/domain/ip_ address [root @ localhost dnsmasq.d] # cat cloud.confaddress=/im.cloud.top/192.168.59.12address=/git.cloud.top/192.168.59.20address=/crm.cloud.top/192.168.59.11address=/ftp.cloud.top/172.19.2.253address=/note.cloud.top/172.19.30.2508. Start the dnsmasq service [root@localhost ~] # service dnsmasq start9. We conducted a test to verify:

Test the domain name access on your notebook:

Localhost:~ admin$ nslookup > git.cloud.topServer:172.19.30.250Address:172.19.30.250#53Name:git.cloud.topAddress: 192.168.59.20 > www.baidu.comServer:172.19.30.250Address:172.19.30.250#53Non-authoritative answer:www.baidu.comcanonical name = www.a.shifen.com.Name:www.a.shifen.comAddress: 61.135.169.121Name:www.a.shifen.comAddress: 61.135.169.125

Cache validation:

[root@ad] # dig www.baidu.com; > DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 > www.baidu.com;; global options: + cmd;; Got answer:;;-> > HEADER#53 (127.0.0.1); WHEN: Sat Jul 1 13:25:51 2017; MSG SIZE rcvd: 226 [root@ad] # dig www.baidu.com > DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 > www.baidu.com;; global options: + cmd;; Got answer:;;-> > HEADER#53 (127.0.0.1); WHEN: Sat Jul 1 13:25:59 2017; MSG SIZE rcvd: 93

We can see that the cache was retained in the last parse, and this time the parse read the cache file directly.

Thank you for reading! This is the end of this article on "how to configure dns for dnsmasq". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.