Skip to content

安装一个自已的DNS服务器dnsmasq

补发丢失贴子

centos下超简单

yum install dnsmasq

vim /etc/dnsmasq.conf

# 让dnsmasq读取目录内所有配置文件
# conf-dir=/etc/dnsmasq.d
# 让dnsmasq读取设定的resolv-file
# no-resolv
no-poll
strict-order
resolv-file=/etc/dnsmasq.d/resolv.dnsmasq.conf

# 不读取系统hosts,读取你设定的
no-hosts
addn-hosts=/etc/dnsmasq.d/dnsmasq.hosts
# dnsmasq日志设置
log-queries
# dnsmasq缓存设置
cache-size=1024
# 单设置127只为本机使用,加入本机IP为内部全网使用
listen-address=127.0.0.1,192.168.0.56

echo 'no-poll' >> /etc/dnsmasq.conf
echo 'strict-order' >> /etc/dnsmasq.conf
echo 'resolv-file=/etc/dnsmasq.d/resolv.dnsmasq.conf' >> /etc/dnsmasq.conf
echo 'addn-hosts=/etc/dnsmasq.d/dnsmasq.hosts' >> /etc/dnsmasq.conf
echo 'log-queries' >> /etc/dnsmasq.conf
echo 'cache-size=1024' >> /etc/dnsmasq.conf
echo 'listen-address=127.0.0.1,10.100.131.1' >> /etc/dnsmasq.conf


cp /etc/hosts /etc/dnsmasq.d/dnsmasq.hosts

vi /etc/resolv.conf
nameserver 127.0.0.1

vi /etc/dnsmasq.d/resolv.dnsmasq.conf
nameserver 114.114.114.114
nameserver 223.5.5.5



dnsmasq --test
dnsmasq: syntax check OK.


/etc/init.d/dnsmasq start

chkconfig dnsmasq on

iptables -A INPUT -p tcp -m state -s 192.168.0.0/24 --state NEW --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m state -s 192.168.0.0/24 --state NEW --dport 53 -j ACCEPT

/etc/init.d/iptables save

客户端
vi /etc/resolv.conf
nameserver 192.168.0.56

dnsmasq -v
Dnsmasq version 2.48 Copyright (C) 2000-2009 Simon Kelley
Compile time options IPv6 GNU-getopt DBus no-I18N DHCP TFTP “–bind-interfaces with SO_BINDTODEVICE”

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.

http://pub-shbt.s3.360.cn/cert-public-file/%E3%80%90360CERT%E3%80%91Dnsmasq__%E5%A4%9A%E4%B8%AA%E9%AB%98%E5%8D%B1%E6%BC%8F%E6%B4%9E%E9%A3%8E%E9%99%A9%E9%80%9A%E5%91%8A.pdf
修复安全漏洞,启动时加上 –dns-forward-max=100

vi /etc/init.d/dnsmasq


  start)
        if [ $UID -ne 0 ] ; then
            echo "User has insufficient privilege."
            exit 4
        fi
        echo -n "Starting dnsmasq: "
        daemon $dnsmasq --dns-forward-max=100 $OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/dnsmasq

重启
/etc/init.d/dnsmasq restart
验证
ps aux|grep dnsmasq

nobody 28688 0.0 0.0 12888 712 ? S 11:42 0:00 /usr/sbin/dnsmasq –dns-forward-max=100

开启日志

log-facility=/var/log/dnsmasq.log

vi /etc/logrotate.d/dnsmasq
输入:
/var/log/dnsmasq.log {
notifempty
weekly
dateext
rotate 58
sharedscripts
postrotate
[ ! -f /var/run/dnsmasq.pid ] || kill -USR2 cat /var/run/dnsmasq.pid
endscript
}

/usr/sbin/logrotate -vf /etc/logrotate.conf

统计dnsmasq的解析

cat /var/log/dnsmasq.log |grep ‘query[A]’|gawk ‘{print $6}’|sort|uniq -c|sort -nr

Posted in dns/dnsmasq.

Tagged with , .

By C1G 2023/02/28

No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

« »