centos安装dnsmasq

jimmy 2018年03月18日 1,842次浏览

centos 安装dns解析服务dnsmasq

简介

默认情况下在大陆上网都是使用pppoe拨号的,即使现在用上了光钎,比如我的是500M的下行,20M的上行(可怜)还是用的PPPOE拨号来上网的。在拨号成功后,电信运营商会默认返回两个DNS地址,这样我们在浏览器输入的域名解析就有会有这两个DNS地址来负责将域名解析为IP。

当然我们也可以使用阿里云的DNS223.5.5.5和223.6.6.6,114DNS 114.114.114.114,百度180.76.76.76,中国互联网络信息中心(CNNIC)1.2.4.8和202.98.0.68,DNSPod的119.29.29.29和182.254.116.116。可以配置在自己的路由器中,也可以配置在自己的电脑中。

自己搭建DNS服务对于小型企业非常方便,可以防止DNS劫持。

安装

下载安装

[root@centos-vpn ~]# yum install -y dnsmasq
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
dnsmasq-2.76-2.el7_4.2.x86_64.rpm                                                   | 277 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在更新    : dnsmasq-2.76-2.el7_4.2.x86_64                                                          1/2 
  清理        : dnsmasq-2.66-21.el7.x86_64                                                             2/2 
  验证中      : dnsmasq-2.76-2.el7_4.2.x86_64                                                          1/2 
  验证中      : dnsmasq-2.66-21.el7.x86_64                                                             2/2 

更新完毕:
  dnsmasq.x86_64 0:2.76-2.el7_4.2                                                                          

完毕!

相关配置

配置文件路径在 /etc/dnsmasq.conf
这里我们修改如下几个配置

# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
resolv-file=/etc/resolv.dnsmasq.conf

# By  default,  dnsmasq  will  send queries to any of the upstream
# servers it knows about and tries to favour servers to are  known
# to  be  up.  Uncommenting this forces dnsmasq to try each query
# with  each  server  strictly  in  the  order  they   appear   in
# /etc/resolv.conf
strict-order

# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
log-queries

# Log lots of extra information about DHCP transactions.
log-dhcp

# new add
log-facility=/var/log/dnsmasq/dnsmasq.log

新建日志目录
[root@centos-vpn ~]# mkdir -p /var/log/dnsmasq/

修改listen-address让其监听本地,局域网的请求

listen-address=127.0.0.1,10.10.51.214

新建一个 /etc/resolv.dnsmasq.conf文件,并写入阿里的DNS进行测试

nameserver 223.5.5.5

启动

[root@centos-vpn ~]# systemctl status dnsmasq
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@centos-vpn ~]# systemctl enable dnsmasq
Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.
[root@centos-vpn ~]# systemctl start dnsmasq
[root@centos-vpn ~]# netstat -antp | grep LISTEN
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      2282/dnsmasq        
tcp6       0      0 :::53                   :::*                    LISTEN      2282/dnsmasq

测试

第一次解析时间是60ms,第二次由于缓存是0ms。

[root@centos-vpn ~]# dig izhong.me @127.0.0.1

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> izhong.me @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60107
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;izhong.me.			IN	A

;; AUTHORITY SECTION:
izhong.me.		600	IN	SOA	f1g1ns1.dnspod.net. freednsadmin.dnspod.com. 1521381610 3600 180 1209600 180

;; Query time: 60 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 日 3月 18 22:31:39 CST 2018
;; MSG SIZE  rcvd: 104

[root@centos-vpn ~]# dig izhong.me @127.0.0.1

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> izhong.me @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50208
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;izhong.me.			IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 日 3月 18 22:31:42 CST 2018
;; MSG SIZE  rcvd: 38

日志中也可以看到解析步骤,第一次转发给223.5.5.5解析,第二次从cache返回

Mar 18 22:31:39 dnsmasq[2700]: query[A] izhong.me from 127.0.0.1
Mar 18 22:31:39 dnsmasq[2700]: forwarded izhong.me to 223.5.5.5
Mar 18 22:31:39 dnsmasq[2700]: reply izhong.me is NODATA-IPv4
Mar 18 22:31:42 dnsmasq[2700]: query[A] izhong.me from 127.0.0.1
Mar 18 22:31:42 dnsmasq[2700]: cached izhong.me is NODATA-IPv4

如果我们将上游dns设置为chinadns解析,即有缓存,又加快了解析速度,又没有劫持和污染。