Dnsmasq
dnsmasq jest prostym serwerem DHCP/DNS, który może być użyty w sieciach lokalnych obsługujących do 1000 klientów. Najważniejsze cechy to łatwa konfiguracja i mały ślad systemowy. Wspiera również IPv6.
Instalacja
Flagi USE
Dokonaj właściwego wyboru flag USE:
USE flags for net-dns/dnsmasq Small forwarding DNS server
+dhcp
|
Enable support for acting as a DHCP server. |
+dumpfile
|
Include code to dump packets to a libpcap-format file for debugging |
+inotify
|
Enable inotify filesystem monitoring support |
+loop
|
Include functionality to probe for and remove DNS forwarding loops |
auth-dns
|
Add support for acting as an authorative DNS server. |
conntrack
|
Add support for Linux conntrack connection marking. |
dbus
|
Enable dbus support for anything that needs it (gpsd, gnomemeeting, etc) |
dhcp-tools
|
Install extra command line tools for manually managing DHCP leases. |
dnssec
|
Enable support DNSSEC validation and caching. |
id
|
Whether report *.bind CHAOS info to clients, otherwise forward such requests upstream instead |
idn
|
Enable support for Internationalized Domain Names |
ipv6
|
Add support for IP version 6 |
libidn2
|
Enable support for Internationalized Domain Names, via net-dns/libidn2 rather than net-dns/libidn |
lua
|
Enable Lua scripting support |
nettlehash
|
Use hashing functions from dev-libs/nettle |
nls
|
Add Native Language Support (using gettext - GNU locale utilities) |
script
|
Enable support for calling scripts when leases change. |
selinux
|
!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur |
static
|
!!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically |
tftp
|
Enables built in TFTP server for netbooting. |
Emerge
Następnie zainstaluj paczkę net-dns/dnsmasq:
root #emerge --ask net-dns/dnsmasqKonfiguracja
Istnieją różne zasoby, które mogą być modyfikowane, aby zmienić zachowanie dnsmasq. Należą do nich
- opcje wiersza poleceń dostarczone przez /etc/conf.d/dnsmasq
- główny plik konfiguracyjny (/etc/dnsmasq.conf)
Usługi
OpenRC
Dodaj dnsmasq do domyślnego poziomu uruchamiania, jeśli trzeba go uruchomić automatycznie:
root #rc-update add dnsmasq defaultAby uruchomić usługę teraz:
root #service dnsmasq startKonfiguracja usługi
In /etc/conf.d/dnsmasq, the command line options passed on to the dnsmasq daemon at start-up can be configured.
/etc/conf.d/dnsmasqPrzykładowa konfiguracja serwisu dnsmasqDNSMASQ_OPTS="--user=dnsmasq --group=dnsmasq -H /srv/virt/gentoo/hosts --max-cache-ttl=10"
Główny plik konfiguracyjny
The main configuration of dnsmasq is done through its configuration file, /etc/dnsmasq.conf. The file uses a key[=value] syntax and the one provided by the package is well documented and recommended to read through. Inside the file, or through the command line options, additional resources can be referred to (such as a DHCP hosts file).
Poniżej znajduje się przykładowy plik konfiguracyjny:
/etc/dnsmasq.conf# Nasłuchuj tylko na tym interfejsie
interface=eth1
# Przydziel nazwy bazując na adresie MAC
dhcp-host=00:1e:68:c2:ff:ee,endor,192.168.0.54,24h
# Wszystkie inne zapytania DHCP dostają adres IP z tego przedziału
dhcp-range=eth1,192.168.0.100,192.168.0.120,12h
# Włącz serwer TFTP i ustaw główny katalog dla plików dostępnych przez TFTP.
enable-tftp
tftp-root=/var/lib/tftpboot
dhcp-boot=/pxelinux.0
Po edycji pliku konfiguracyjnego, usługa musi być uruchomiona ponownie - ponowne ładowanie jest wspierane, ale dla innych zasobów.
root #/etc/init.d/dnsmasq restartPlik hosts
Aplikacja dnsmasq używa pliku /etc/hosts jako jednego z swoich źródeł do dostarczania usług DNS. Wyjątkiem jest użycie argumentu polecenia -h (--no-hosts).
If the /etc/hosts file is updated, the dnsmasq service needs to receive a SIGHUP signal in order to reload the settings. This is also supported through the init scripts' reload command:
root #/etc/init.d/dnsmasq reloadThis behavior can also be disabled through the no-hosts parameter in the configuration file.
Dodatkowe pliki host
It is possible to refer to an (additional) hosts file to use as source for DNS queries. To do so, add the -H /path/to/hostsfile (--addn-hosts=/path/to/hostsfile) command line option. It is also possible to pass a directory; in that case, all files inside that directory will be treated as additional hosts files.
Podobnie do standardowego pliku hosts, sygnał SIGHUP przeładowuje plik.
This behavior can also be set through the addn-hosts parameter in the configuration file.
Upstream nameservers
By default, dnsmasq uses the name servers specified in /etc/resolv.conf as its upstream nameservers.
A different file can be used through the -r (--resolv-file) command line option.
This behavior can also be set through the resolv-file parameter in the configuration file.
Features
Dnsmasq supports DNS, TFTP, PXE, router advertisements and DHCP services. As such, it is a versatile network management tool for small and medium-sized networks.
Usługi DNS
In order to (only) provide DNS services, first identify the upstream nameserver to use. If this is the same nameserver as specified in /etc/resolv.conf then no additional steps need to be taken. Otherwise, point dnsmasq to the proper resolv.conf file through the -r (--resolv-file) command line. Its syntax is the one used by the /etc/resolv.conf file, although dnsmasq only looks at the nameserver definitions.
For instance:
root #echo "nameserver 8.8.8.8" >> /etc/dnsmasq.conf.resolvNext point dnsmasq to this file through the configuration file:
/etc/dnsmasq.confConfiguring a custom resolv fileresolv-file=/etc/dnsmasq.conf.resolv
To verify that the service is running (after restarting as the configuration file has just been changed), use the dig command (provided through net-dns/bind-tools), asking the DNS server (running on localhost in the following example) to resolve a local or remote address:
user $dig @localhost +short www.gentoo.orgwww-bytemark-v4v6.gentoo.org. 89.16.167.134
DNSSEC
Dnsmasq can validate DNSSEC data while passing through data. This can be accomplished by adding these lines to the config file (remember to enable dnssec USE flag):
/etc/dnsmasq.confEnabling DNSSEC# Uncomment these to enable DNSSEC validation and caching:
# (Requires dnsmasq to be built with DNSSEC option.)
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
# Replies which are not DNSSEC signed may be legitimate, because the domain
# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
# check that an unsigned reply is OK, by finding a secure proof that a DS
# record somewhere between the root and the domain does not exist.
# The cost of setting this is that even queries in unsigned domains will need
# one or more extra DNS queries to verify.
dnssec-check-unsigned
After this change dnsmasq will return SERVFAIL and no DNS data if the validation fails. If the validation succeeds it sets the ad ("authenticated data") flag. In case the domain does not support DNSSEC dnsmasq behaves as before.
Usługi DHCP
In order to enable the DHCP services of dnsmasq, use the dhcp-range configuration setting.
For instance, to enable IPv6 address configuration through router advertisement (RA) with infinite lease time, and IPv4 address configuration also with infinite lease time:
/etc/dnsmasq.confEnabling IPv6 and IPv4 leasesdhcp-range=2001:db8:81:e2::,ra-only,infinite
dhcp-range=192.168.100.100,192.168.100.149,infinite
It is possible to use static definitions for known hosts, either through the main configuration file (dhcp-host= settings) or through a separate file. If a separate file is used, point dnsmasq to it through the --dhcp-hostsfile command line option. The advantage of the latter approach is that it is sufficient to send a SIGHUP signal (or reload the service) in order to reread the entries, whereas definitions in the configuration file require a full service restart.
For more information about the syntax of the dhcp-host parameter please refer to the manual page or configuration file as its syntax is very extensive.
Usage
This section covers various usage scenarios (maintenance and operational tasks) for the dnsmasq service.
Resetting leases
Clients that had a network interface update which results in a different MAC address might not get the intended IP address immediately. This is because the dnsmasq service has provided this IP address to the old MAC address, and will wait until the lease of this address has expired before re-assigning it.
The dnsmasq service stores its leases in /var/lib/misc/dnsmasq.leases. If the lease needs to be removed faster, shut down the dnsmasq service, remove the lease from the dnsmasq.leases file and start the service again.
root #/etc/init.d/dnsmasq stop
root #nano -w /var/lib/misc/dnsmasq.leases
root #/etc/init.d/dnsmasq startReloading non-main configuration settings
Next to the dnsmasq.conf file, the dnsmasq service can use external definitions for the following services:
- DHCP host configuration entries (through
--dhcp-hostsfilecommand line option) - DHCP options (through
--dhcp-optsfilecommand line option)
When these files are modified, a SIGHUP signal has dnsmasq reload these configuration files.
The resolv.conf files are by default polled by dnsmasq; changes on these files are automatically picked up unless the
-n (--no-poll) command line option is set or the no-poll configuration parameter is used.