feiyang's blog

费洋的博客

0%

DNS

Posted on Edited on In Disqus:

DNSMasq 搭建自己的DNS服务器

Update history

2021-01-10 初稿。最近拼多多搞得太过分了,打工人们要联合起来呀

Dnsmasq

为什么要安装 DNS 呢? 因为上一篇 blog, 自定义的 domain 需要在每台机器上修改 hosts,有一点麻烦,干脆就直接在测试环境,搭建一个 DNS 服务器

stop systemd-resolve

  1. 从源头上修改,这样每次上面 networkmanager 生成的话也是正确的 https://ma.ttias.be/centos-7-networkmanager-keeps-overwriting-etcresolv-conf/
  2. 禁止 networkmanager 修改 dns 参考 https://wiseindy.com/blog/linux/how-to-set-dns-in-centos-rhel-7-prevent-network-manager-from-overwriting-etc-resolv-conf/
1
2
3
4
5
6
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved

sudo rm /etc/resolv.conf

echo nameserver 8.8.8.8 | sudo tee /etc/resolv.conf

Install

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
sudo apt-get install dnsmasq

vim /etc/dnsmasq.conf


# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
port=53
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# By  default,  dnsmasq  will  send queries to any of the upstream
# servers it knows about and tries to favour servers to are  known
# to  be  up.  Uncommenting this forces dnsmasq to try each query
# with  each  server  strictly  in  the  order  they   appear   in
# /etc/resolv.conf
strict-order
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=thekelleys.org.uk 这里的是主域名,方便在 /etc/hosts 配置的时候,只写前缀即可
domain=feiyang.com

# Set Liste address
listen-address=127.0.0.1,192.168.17.5 # Set to Server IP for network responses

Adding DNS records

因为我们没有修改 resolv-file, 默认的就是 /etc/hosts

1
2
3
4
5
6
7
8
9
10
11
12
root@ubuntu20:/home/feiyang# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu20
192.168.17.3 gitlab.feiyang.com
233.233.233.233 haha  #因为有expand-hosts, 这里是 haha.feiyang.com
1.1.1.1 free.dns.com
# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

重启 dnsmasq

1
systemctl restart dnsmasq

test

Ubuntu 20 为 DNS 服务器, 用 Ubuntu18 和 centos7 来进行测试,结果如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
root@ubuntu18:/home/feiyang# nslookup haha.feiyang.com
Server:		192.168.17.5
Address:	192.168.17.5#53

Name:	haha.feiyang.com
Address: 233.233.233.233


[jy576@centos7 ~]$ nslookup gitlab.feiyang.com
Server:		192.168.17.5
Address:	192.168.17.5#53

Name:	gitlab.feiyang.com
Address: 192.168.17.3


[jy576@centos7 ~]$ nslookup free.dns.com
Server:		192.168.17.5
Address:	192.168.17.5#53

Name:	free.dns.com
Address: 1.1.1.1

Reference

DNS takeover