DNSmasq – 配置DNS和DHCP

DNSmasq是一个小巧且方便地用于配置DNS和DHCP的工具，适用于小型网络。它提供了DNS功能和可选择的DHCP功能可以取代dhcpd(DHCPD服务配置)和bind等服务，配置起来更简单，更适用于虚拟化和大数据环境的部署。

dhcp服务

其中一些关键的配置如下,配置文件/etc/dnsmasq.conf 中的注释已经给出了非常详细的解释。

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566

# 服务监听的网络接口地址# If you want dnsmasq to listen for DHCP and DNS requests only on# specified interfaces (and the loopback) give the name of the# interface (eg eth0) here.# Repeat the line for more than one interface.#interface=# Or you can specify which interface _not_ to listen on#except-interface=# Or which to listen on by address (remember to include 127.0.0.1 if# you use this.)listen-address=192.168.1.132,127.0.0.1 # dhcp动态分配的地址范围# Uncomment this to enable the integrated DHCP server, you need# to supply the range of addresses available for lease and optionally a lease timedhcp-range=192.168.1.50,192.168.1.150,48h # dhcp服务的静态绑定# Always set the name and ipaddr of the host with hardware address# dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201# dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201,infinite 无限租期dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201,os02dhcp-host=00:0C:29:15:63:CF,192.168.1.202,os03 # 设置默认租期# Set the limit on DHCP leases, the default is 150#dhcp-lease-max=150 # 租期保存在下面文件# The DHCP server needs somewhere on disk to keep its lease database.# This defaults to a sane location, but if you want to change it, use# the line below.#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases # 通过/etc/hosts来分配对应的hostname# Enable the address given for "judge" in /etc/hosts# to be given to a machine presenting the name "judge" when# it asks for a DHCP lease.#dhcp-host=judge # 忽略下面MAC地址的DHCP请求# Never offer DHCP service to a machine whose ethernet# address is 11:22:33:44:55:66#dhcp-host=11:22:33:44:55:66,ignore # dhcp所在的domain# Set the domain for dnsmasq. this is optional, but if it is set, it# does the following things.# 1) Allows DHCP hosts to have fully qualified domain names, as long# as the domain part matches this setting.# 2) Sets the "domain" DHCP option thereby potentially setting the# domain of all systems configured by DHCP# 3) Provides the domain part for "expand-hosts"domain=debugo.com # 设置默认路由出口# dhcp-option遵循RFC 2132（Options and BOOTP Vendor Extensions),可以通过dnsmasq --help dhcp来查看具体的配置# 很多高级的配置，如iSCSI连接配置等同样可以由RFC 2132定义的dhcp-option中给出。# option 3为default route# Override the default route supplied by dnsmasq, which assumes the# router is the same machine as the one running dnsmasq.dhcp-option=3,192.168.0.1 # 设置NTP Server.这是使用option name而非选项名来进行设置# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5

注意:当为某一MAC地址同时静态分配主机名和IP时，如果写到两条dhcp-host选项里（如下所示），则只会生效后面的一条。正确的选项写法如上配置。

1 2	dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201 dhcp-host=00:0C:29:5E:F2:6F,os02

重新启动客户端网卡。由于之前测试中客户端网卡已经申请了DHCP租期。所以这里需要修改租期文件，让客户端重新获得IP和hostname。

123	[root@server] vim /var/lib/dnsmasq/dnsmasq.leases1400240493 00:0c:29:5e:f2:6f 192.168.1.143 os02 *1400240498 00:0c:29:15:63:cf 192.168.1.52 os01 *

启动dnsmasq服务（server的IP为192.168.1.132）

1	[root@server] dnsmasq

下面在客户端进行测试：

# 确保网络接口配置使用dhcp方式

12345678910111213141516171819202122232425262728293031

[root@localhost] cat /etc/sysconfig/network-scripts/ifcfg-eth1DEVICE="eth1"BOOTPROTO=dhcpIPV6INIT=noNM_CONTROLLED=noONBOOT="yes"TYPE="Ethernet"# 重启网络服务[root@localhost] service network restartShutting down interface eth0: [ OK ]Shutting down loopback interface: [ OK ]Bringing up loopback interface: [ OK ]Bringing up interface eth0: Determining IP information for eth1... done.# 检查IP地址 [ OK ][root@os03] ifconfigeth1 Link encap:Ethernet HWaddr 00:0C:29:15:63:D9 inet addr:192.168.1.202 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe15:63d9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:251 errors:0 dropped:0 overruns:0 frame:0 TX packets:43 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:36077 (35.2 KiB) TX bytes:4598 (4.4 KiB)......# 检查默认路由[root@os03] route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth1

配置DNS服务

dnsmasq能够缓存外部DNS记录，同时提供本地DNS解析或者作为外部DNS的代理，即dnsmasq会首先查找/etc/hosts等本地解析文件，然后再查找/etc/resolv.conf等外部nameserver配置文件中定义的外部DNS。所以说dnsmasq是一个很不错的DNS中继。DNS配置同样写入dnsmasq.conf配置文件里。

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63

# 本地解析文件 # If you don't want dnsmasq to read /etc/hosts, uncomment the following line. #no-hosts # or if you want it to read another file, as well as /etc/hosts, use this. #addn-hosts=/etc/banner_add_hosts # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. # 例如，/etc/hosts中的os01将扩展成os01.debugo.com expand-hosts # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. local=/debugo.com/ # 强制使用完整的解析名 # Never forward plain names (without a dot or domain part) domain-needed # 添加额外的上级DNS主机（nameserver）配置文件 # Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf #resolv-file= # 不使用上级DNS主机配置文件(/etc/resolv.conf和resolv-file） # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. no-resolv # 相应的，可以为特定的域名指定解析它的nameserver。一般是其他的内部DNS name server # Add other name servers here, with domain specs if they are for # non-public domains. # server=/myserver.com/192.168.0.1 # 设置DNS缓存大小（单位：DNS解析条数） #Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching. cache-size=500 # 关于log的几个选项 # For debugging purposes, log each DNS query as it passes through # dnsmasq. log-queries # Log lots of extra information about DHCP transactions. #log-dhcp # Log to this syslog facility or file. (defaults to DAEMON) log-facility=/var/log/dnsmasq.log # 异步log，缓解阻塞，提高性能。 # Enable asynchronous logging and optionally set the limit on the number of lines which will be queued by dnsmasq # when writing to the syslog is slow. # Dnsmasq can log asynchronously: this allows it to continue functioning without being blocked by syslog, # and allows syslog to use dnsmasq for DNS queries without risking deadlock. If the queue of log-lines becomes # full, dnsmasq will log the overflow, and the number of messages lost. # The default queue length is 5, a sane value would be 5-25, and a maximum limit of 100 is imposed. log-async=20 # 指定domain的IP地址 # Add domains which you want to force to an IP address here. # The example below send any host in doubleclick.net to a local # webserver. address=/doubleclick.net/127.0.0.1 address=/.phobos.apple.com/202.175.5.114

配置完成后重启dnsmasq，然后在客户端测试：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

[root@os03] nslookup os01.debugo.com Server: 192.168.1.132 Address: 192.168.1.132#53 Name: os01.debugo.com Address: 192.168.1.132 [root@os03] nslookup os02.debugo.com Server: 192.168.1.132 Address: 192.168.1.132#53 Name: os02.debugo.com Address: 192.168.1.201 [root@os03] nslookup doubleclick.net Server: 192.168.1.132 Address: 192.168.1.132#53 Name: doubleclick.net Address: 127.0.0.1 #注意，由于address选项解析为127.0.0.1，而非server的192.168.1.132地址。 [root@os03] nslookup a1.phobos.apple.com Server: 192.168.1.132 Address: 192.168.1.132#53 Name: a1.phobos.apple.com Address: 202.175.5.114

^^