ubuntu14.04 dnsmasq搭建本地名字服务器
时间： 21:04:54
&&&& 阅读：629
&&&& 评论：
&&&& 收藏：0
标签：&&&&&&&&&&&&&&&&&&&&&&&&&&&1 修改dnsmasq配置文件/etc/dnsmasq.conf
在/etc/dnsmasq.conf文件底部增加
#++++++++++++++++++++++++++++++++++++++++
# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
#如果你想让dns从某个地方（而不是/etc/resolv.conf）获得上游服务
resolv-file=/etc/dnsmasq/resolv.conf ##从/etc/dnsmasq/resolv.conf文件中获得上游DNS服务的IP地址
# By default, dnsmasq will send queries to any of the upstream servers it knows about
# 默认dnsmasq会把查询请求发送到它知道的任意一个上游DNS服务器
# and tries to favour servers to are known to be up.
# Uncommenting this forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf
# 解注该行，强制dnsmasq严格以/etc/resolv.conf文件中每个服务的出现顺序尝试查询
strict-order
# Or which to listen on by address (remember to include 127.0.0.1 if you use this.)
listen-address=192.168.145.131,127.0.0.1
# For debugging purposes, log each DNS query as it passes through dnsmasq.
log-queries
# If you don‘t want dnsmasq to read /etc/hosts, uncomment the following line.
# or if you want it to read another file, as well as /etc/hosts, use this.
addn-hosts=/etc/dnsmasq/hosts.conf
listen-address=127.0.0.1，表示这个 dnsmasq 本机自己使用有效。
注意：如果你想让本机所在的局域网的其它电脑也能够使用上Dnsmasq，应该把本机的局域网IP加上去：listen-address=192.168.1.123,127.0.0.1
2 保持/etc/resolv.conf文件设置的时本地名字服务器地址
grid_hd@hadoop1:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1 ##指定先在本地缓存中进行解析域名，找不到是再到/etc/dnsmasq/resolv.conf文件指定的上游名字服务查找
3 配置真正的DNS域名服务器地址
grid_hd@hadoop1:~$ cat /etc/dnsmasq/resolv.conf
nameserver 192.168.145.2
nameserver 8.8.8.8
nameserver 8.8.4.4
4 安装后，dnsmasq默认使用文件/var/run/dnsmasq/resolv.conf作为上游名字服务列表文件
grid_hd@hd1:~$ ps -ef | grep dns
19:30 ? 00:00:00 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -r /var/run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d
/var/run/dnsmasq/resolv.conf文件内容为空
要让dnsmasq服务进程启动时加载我们配置的上游名字服务列表文件/etc/dnsmasq/resolv.conf
有2种方法：
1）取消dnsmasq开机启动，我们手动启动时指定加载/etc/dnsmasq/resolv.conf文件
取消dnsmasq的默认开机启动
sudo apt-get install sysv-rc-conf
sudo sysv-rc-conf
/etc/rc.local脚本会在每个多用户运行级别启动结束后运行
grid_hd@hadoop1:~$ sudo cat /etc/rc.local
#!/bin/sh -e
# rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other value on error.
# In order to enable or disable this script just change the execution bits.
# By default this script does nothing.
dnsmasq -u dnsmasq -r /etc/resolv.dnsmasq
grid_hd@hadoop1:~/Desktop$ ps -ef | grep dnsmasq
19:00 ? 00:00:00 dnsmasq -u dnsmasq -r /etc/dnsmasq/resolv.conf ##已加载指定的上游名字服务列表文件
2）更改dnsmasq环境变量配置文件，解注IGNORE_RESOLVCONF=yes
/etc/init.d/dnsmasq文件中的一部分：
# RESOLV_CONF:
# If the resolvconf package is installed then use the resolv conf file that it provides as the default.
# Otherwise use /etc/resolv.conf as the default.
# If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit filename is set there
# then this inhibits the use of the resolvconf-provided information.
# Note that if the resolvconf package is installed
# it is not possible to override it just by configuration in /etc/dnsmasq.conf,
# it is necessary to set IGNORE_RESOLVCONF=yes in /etc/default/dnsmasq.
if [ ! "$RESOLV_CONF" ] &&
[ "$IGNORE_RESOLVCONF" != "yes" ] &&
[ -x /sbin/resolvconf ]
&&&&RESOLV_CONF=/var/run/dnsmasq/resolv.conf
/etc/default/dnsmasq文件内容：
# This file has five functions: 该文件有5个功能
# 1) to completely disable starting dnsmasq, 完全禁用dnsmasq
# 2) to set DOMAIN_SUFFIX by running `dnsdomainname` 设置domain_suffix
# 3) to select an alternative config file 选择一个替代的配置文件 dnsmassq_opts
# by setting DNSMASQ_OPTS to --conf-file=&file&
# 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for more configuration variables.
# 告诉dnsmasq读/etc/dnsmasq.d目录下的文件以获得更多的配置变量
# 5) to stop the resolvconf package from controlling dnsmasq‘s idea of which upstream nameservers to use.
# For upgraders from very old versions,
# all the shell variables set here in previous versions are still honored by the init script
# so if you just keep your old version of this file nothing will break.
#DOMAIN_SUFFIX=`dnsdomainname`
#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
# Whether or not to ru set to 0 to disable.
# By default search this drop directory for configuration options.
# Libvirt leaves a file here to make the system dnsmasq play nice.
# Comment out this line if you don‘t want this. The dpkg-* are file
# endings which cause dnsmasq to skip that file. This avoids pulling
# in backups made by dpkg.
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
# If the resolvconf package is installed, dnsmasq will use its output rather than the contents of /etc/resolv.conf to find upstream nameservers.
# 如果安装了resolvconf包，dnsmasq将会使用resolvconf的输出，而不是使用/etc/resolv.conf文件的内容，去发现上游名字服务器
# Uncommenting this line inhibits this behaviour.
# Not that including a "resolv-file=&filename&" line in
# /etc/dnsmasq.conf is not enough to override resolvconf if it is
# installed: the line below must be uncommented.
IGNORE_RESOLVCONF=yes
rid_hd@hd1:~$ sudo service dnsmasq restart
* Restarting DNS forwarder and DHCP server dnsmasq [ OK ]
grid_hd@hd1:~$ ps -ef | grep dns
19:48 ? 00:00:00 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
19:48 pts/12 00:00:00 grep --color=auto dns
从指定的文件中获取上游名字服务的地址（而不是）
提供DNS缓存和DHCP服务功能。
作为域名解析服务器(DNS)，dnsmasq可以通过缓存DNS请求来提高对访问过的网址的连接速度。
作为DHCP服务器，dnsmasq可以为局域网电脑提供内网ip地址和路由，DNS和DHCP两个功能可以同时或分别单独实现。
dnsmasq轻量且易配置，此外它还自带了一个PXE服务器。本文对这两项功能做比较实用的使用说明，有自己也有他人的经验。Dnsmasq的默认的配置文件中有许多选项，而且在设置上有很当灵活。
dns与dhcp的许多功能它都具备。
它可服务于那些只在本地适用的域名，这些域名是不会在全球DNS服务器中出现的(私有域名)。
DHCP服务器和DNS服务器结合，并且允许DHCP分配的地址能在DNS中正常解析，而这些DHCP分配的地址和相关命令可以配置到每台主机中，也可以配置到一台核心设备中(比如路由器)，DNSmasq支持静态和动态两种DHCP配置方式。一般情况下，我们可以用bind解决dns的问题，dhcpd解决dhcp的问题，可用dnsmasq解决下面的一些维护问题：1、局域网有很多机器希望使用一致的hosts文件，你需要经常维护这份列表。2、你希望局域网的人访问某个域名时，拦截下来到指定的ip，做缓存节省带宽或者其它用途都可以。优先使用本地自定义dns。3、阻止对某个域名的正常解析。---------------------------DNS配置要在本机上以守护进程方式启动dnsmasq做DNS缓存服务器，编辑/etc/dnsmasq.conf，添加监听地址：listen-address=127.0.0.1如果用此计算机作为一组主机的默认 DNS，就需要使用固定 IP 地址：listen-address=192.168.1.1 # Example IP其它主机的dns设置使用这个ip为dns服务器(/etc/resolv.conf)。默认情况下：resolv-file=
/etc/resolv.dnsmasq
指定dnsmasq从哪里获取上行DNS Server， 默认是从/etc/resolv.conf获取。
配置 dnsmasq 的上游 dns 服务器，(因为这是一个 dns 缓存, 那么其还是需要有上级服务器进行一次域名解析的来源)addn-hosts指定dnsmasq从哪个文件中读取"地址 域名"记录， 默认是系统文件/etc/hosts。配置系统的 dns 服务器, 将 dnsmasq 设置在首位寻找。1、首先配置 resolv-file=/etc/resolv.dnsmasq
表示 dnsmasq 会从这个指定的文件中寻找上级 dns 服务器列表，而不是从本机的(resolv.conf)中读取dns服务器列表，如果机器的地址是通过dhcp取得的话，该文件容易受到影响从而影响dnsmasq。系统首先寻找本地的 dnsmasq 服务器 取消注释的 strict-order 表示严格安装 resolv-file 文件中的顺序从上到下进行 DNS 解析, 直到第一个成功解析成功为止2、no-hosts, 默认情况下这是注释掉的, dnsmasq 会首先寻找本地的 hosts 文件，再去寻找缓存下来的域名, 最后去上级 dns 服务器中寻找；
而addn-hosts可以使用额外的hosts文件。所以说dnsmasq是一个很不错的外部DNS中继。3、设置 listen-address=127.0.0.1,192.168.0.1 表示该 dnsmasq 服务可以在哪些地址上侦听，127那个地址即本机，对外提供服务的话要写上对应的网口所有的地址。4、其他配置项:cache-size=1024 设置缓存大小log-queries 开启debug模式，记录客户端查询记录到/var/log/debug中5、客户端机器配置 --- 使用上面配置好的DNS域名解析服务
编辑/etc/resolv.conf ，调整内容为 ‘nameserver 192.168.0.1‘ (其中该IP是内部dns的IP，也即dnsmasq的地址)客户端测试域名是否生效：nslookup www.freeoa.net检查解析的IP即可，或使用dig指令。
6自定义主机名的ip地址指向 -- 在DNS域名解析服务所在的主机先在‘/etc/hosts‘文件里加入两行：192.168.0.1 gateway192.168.0.8 home.freeoa.net编辑dnsmasq.conf，找到如下配置行：# Add local-only domains here, queries in these domains are answered from /etc/hosts or DHCP only.local=/localnet/# Add domains which you want to force to an IP address here. ##增加一些域名，你希望强制这些域名到一个指定的IP地址# The example below send any host in doubleclick.net to a local webserver.#address=/doubleclick.net/127.0.0.1
##任何发送到域名doubleclick.net的任何主机定位到一个本地web服务器address=//192.168.0.2重启dnsmasq即可，我们可在局域网另外一个机器用dig命令测试。$ dig gateway; &&&& DiG 9.8.4-rpz2+rl005.12-P1 &&&& gateway;; global options: +cmd;; Got answer:;; -&&HEADER&&- opcode: QUERY, status: NOERROR, id: 43215;; flags: QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;gateway.&& &&& &&& &IN&& &A;; ANSWER SECTION:gateway.&& &&& &0&& &IN&& &A&& &192.168.0.1;; Query time: 2 msec由于默认的本机所使用的dns服务是dnsmasq所的机器，所以上面的查询是有效的。
$ dig gateway @8.8.8.8; &&&& DiG 9.8.4-rpz2+rl005.12-P1 &&&& gateway @8.8.8.8;; global options: +cmd;; Got answer:;; -&&HEADER&&- opcode: QUERY, status: NXDOMAIN, id: 31552;; flags: QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;gateway.&& &&& &&& &IN&& &A;; AUTHORITY SECTION:.&& &&& &&& &910&& &IN&& &SOA&& &a.root-servers.net. nstld..
800 86400;; Query time: 35 msec
上面是使用google的dns所返回的结果，明显是没有找到，另外从‘Query time‘也可看出，使用了dnsmasq后性能提高了不少。在来看一下拦截并修改过的dns记录。
$ dig home.freeoa.net; &&&& DiG 9.8.4-rpz2+rl005.12-P1 &&&& home.freeoa.net;; QUESTION SECTION:;home.freeoa.net.&& &&& &IN&& &A;; ANSWER SECTION:home.freeoa.net.&& &0&& &IN&& &A&& &192.168.0.8 ##内部nat地址
$ dig home.freeoa.net @8.8.4.4; &&&& DiG 9.8.4-rpz2+rl005.12-P1 &&&& home.freeoa.net @8.8.4.4;; QUESTION SECTION:;home.freeoa.net.&& &&& &IN&& &A;; ANSWER SECTION:home.freeoa.net.&& &199&& &IN&& &A&& &180.158.255.10
##公网地址
---------------------------DHCP配置dnsmasq 配置文件(/etc/dnsmasq.conf)，必要的配置如下：#选定需要侦听的网口# Only listen to routers‘ LAN NIC.& # Doing so opens up tcp/udp port 53 to localhost and udp port 67 to world:interface=&LAN-NIC&# dnsmasq will open tcp/udp port 53 and udp port 67 to world to help with dynamic interfaces (assigning dynamic ips).# Dnsmasq will discard world requests to them,# but the paranoid might like to close them and let thekernel handle them:# bind-interfaces# Dynamic range of IPs to make available to LAN pc #设定可分配的ip地址段和租约时间dhcp-range=192.168.1.50,192.168.1.100,12h#绑定某些机器的ip-mac地址对，使其具有固定的ip地址# If you‘d like to have dnsmasq assign static IPs, bind the LAN computer‘s NIC MAC address:dhcp-host=aa:bb:cc:dd:ee:ff,192.168.1.50dhcp-host=00:0e:7b:ca:1c:6e,daunbook,192.168.0.12 #为192.168.0.12设置主机名：dannbook总结相关的配置选项如下：expand-hostsdomain=freeoa.netdhcp-range=192.168.0.20,192.168.0.100,12hdhcp-option=3,192.168.0.1以上配置选项开启了DHCP服务，并且设置domain为"freeoa.net"。
DHCP服务提供地址范围为 ‘192.168.0.20到 192.168.0.100‘ 续订期为12个小时。最后的一个选项指定了默认网关。如果要配置静态地址，可以对dhcp-host选项作以下设置：dhcp-host=00:0e:7b:ca:1c:6e,daunbook,192.168.0.12这样就会对MAC地址 11:22:33:44:55:66 赋主机名为 daunbook (.freeoa.net) IP 地址 192.168.0.12。
dnsmasq另外一个特性是能够提供tftp服务，让网络启动(PXE)也得以实现。它可以设定默认MX记录，多种caching。提LDAP使用的SRV记录信息，PTR、SPF甚至是zeroconf记录等。测试测试一下 DNS 查询然后测量响应时间：$ dig archlinux.org | grep "Query time"
查看日志/var/log/syslog
Jul 29 22:04:57 hadoop1 dnsmasq[3805]: query[A] hadoop1 from 172.17.0.2
Jul 29 22:04:57 hadoop1 dnsmasq[3805]: /etc/hosts hadoop1 is 192.168.145.131
Jul 29 22:04:57 hadoop1 dnsmasq[3805]: query[PTR] 131.145.168.192.in-addr.arpa from 172.17.0.2
Jul 29 22:04:57 hadoop1 dnsmasq[3805]: /etc/hosts 192.168.145.131 is
============================================
参考&http://blogging.dragon.org.uk/howto-setup-dnsmasq-as-dns-dhcp/
HOWTO: Setup dnsmasq as DNS DHCP
dnsmasq&is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. &
It is intended to provide coupled DNS and DHCP service to a LAN.&
Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server.
dnsmasq接受DNS查询，或者从本地的缓存中回答他们，或把查询请求转发个一个真实的上游DNS服务器
It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS can be resolved and also answers DNS queries for DHCP configured hosts.
加载/etc/hosts，以便为出现在全局DNS中的本地主机名能够被解析，还能够回答对DHCP配置的hosts的DNS查询
It can also act as the authoritative DNS server for one or more domains, allowing local names to appear in the global DNS.
还可以为一个、多个域名充当一个官方的DNS服务器，允许本地的名字出现在全局的DNS中
The dnsmasq DHCP server supports static address assignments and multiple networks.
It automatically sends a sensible default set of DHCP options, and can be configured to send any desired set of DHCP options, including vendor-encapsulated options.
It includes a secure, read-only, TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP.
The PXE support is full featured, and includes a proxy mode which supplies PXE information to clients whilst DHCP address allocation is done by another server.
The dnsmasq DHCPv6 server provides the same set of features as the DHCPv4 server,
and in addition, it includes router advertisements and a neat feature which allows naming for clients which use DHCPv4 and stateless auto-configuration only for IPv6 configuration.
There is support for doing address allocation (both DHCPv6 and RA) from subnets which are dynamically delegated via DHCPv6 prefix delegation.
Dnsmasq is coded with small embedded systems in mind.
It aims for the smallest possible memory footprint compatible with the supported functions, and allows unneeded functions to be omitted from the compiled binary.
In short, IT IS EXCELLENT!!
Installing dnsmasq is just a case of using apt-get or yum
sudo apt-get install dnsmasq
Looking at the file&/etc/dnsmasq.conf&first.
The lines are listed are those that I changed from their defaults.
Just uncomment and amend them as necessary. (Remove the &#& from the beginning of the line).
sudo nano /etc/dnsmasq.conf
domain-needed
bogus-priv
server=//192.168.0.5
server=8.8.8.8
server=208.67.220.220
address=/doubleclick.net/127.0.0.1
addn-hosts=/etc/dnsmasq.d/hosts.conf
expand-hosts
dhcp-range=192.168.0.20,192.168.0.50,72h
dhcp-range=tftp,192.168.0.250,192.168.0.254&
hcp-host=mylaptop,192.168.0.199,36h
dhcp-option=option:router,192.168.0.1
dhcp-option=option:ntp-server,192.168.0.5
dhcp-option=19,0 # ip-forwarding off
dhcp-option=44,192.168.0.5 # set netbios-over-TCP/IP aka WINS
dhcp-option=45,192.168.0.5 # netbios datagram distribution server
dhcp-option=46,8&&&&&&&&&& # netbios node type
What these lines will do for you.
domain-needed&
This tells dnsmasq to never pass short names to the upstream DNS servers. &If the name is not in the local /etc/hosts file then &not found& will be returned.
告诉dnsmasq不要把短名传给上游DNS服务器，如果短名不在/etc/hosts文件中，返回not found
bogus-priv&
All reverse IP (192.168.x.x) lookups that are not found in /etc/hosts will be returned as &no such domain& and not forwarded to the upstream servers.
ip反查域名
no-resolv&
Do not read resolv.conf to find the servers where to lookup dns. 不读/etc/resolv.conf文件发现名字服务
Do not poll resolv.conf for changes& 不要轮询/etc/resolv.conf的更改
server=8.8.8.8&
Set one or more DNS servers to use when addresses are not local. &当地址不是本地时，设置一个、多个DNS服务器
These are open DNS servers.
Our local domain, queries in these domains are answered from /etc/hosts or the static-hosts files.
address=/doubleclick.net/127.0.0.1&
Use this force an address for the specified domains. 给指定的域名强制一个IP地址
e.g to block adverts force doubleclck.net to localhost
This options stops dnsmasq using the local /etc/hosts file as a source for lookups . 停止dnsmasq使用本地的/etc/hosts文件作为一个查询源
addn-hosts=/etc/dnsmasq.d/static/hosts.conf&
Force dnsmasq to use this file for lookups.
It is in the same format as /etc/hosts.
expand_hosts&
So we can see our local hosts via our home domain without having to repeatedly specify the domain in our /etc/hosts file.
通过home域，本地hosts可见，无需在/etc/hosts文件中重复指定
This is your local domain name.
It will tell the DHCP server which host to give out IP addresses for.
dhcp-range&
This is the range of IPs that DHCP will serve: 192.168.0.20 to 192.168.0.50, with a lease time of 72 hours.
The lease time is how long that IP will be linked to a host.
dhcp-range=tftp,192.168.0.250,192.168.0.255&
For tftp connections use this range of IP addresses
dhcp-host=mylaptop,192.168.0.199,36h&
Any machine saying they are hostname = &mylaptop& gets this IP address
dhcp-option=option:router,192.168.0.1&
When a host is requesting an IP address via DHCP also tell it the gateway to use.
dhcp-option=option:ntp-server,192.168.0.5&
When a host is requesting an IP address via DHCP also tell it the NTP to use.
In the file&/etc/dnsmasq.d/hosts.conf&you can add a list of local machines with static IP addresses in the same format as the hosts file. It is also an easy way of creating aliases or CNAME records.
192.168.0.8& mail
192.168.0.9& smtp
192.168.0.120 mythtvbox
Starting and stopping the service
sudo service dnsmasq start
sudo service dnsmasq stop
sudo service dnsmasq restart
Useful links
===========================
resolvconf命令
-- 相关配置文件
resolvconf - manage nameserver information
cat FILE | resolvconf -a IFACE.PROG
resolvconf -d IFACE.PROG
resolvconf -u
resolvconf --enable-updates | --disable-updates | --updates-are-enabled | --create-runtime-directories | --wipe-runtime-directories
DESCRIPTION
The resolvconf package comprises a simple database for run-time nameserver information 运行时名字服务器信息的数据库
and a simple framework for notifying applications of changes in that information. 通知应用关于运行时名字服务器信息的改变
Resolvconf thus sets itself up as the intermediary between programs that supply nameserver information and applications that use that information.
Information is added to or removed from the database using the resolvconf program. 使用resolvconf命令，向数据库中添加信息、从数据库中移除信息
See the OPTIONS section below for a discussion of the available options.
SUPPLIERS OF NAMESERVER INFORMATION suppliers of nameserver information
Normally the resolvconf program is run only by network interface configuration programs such as pppd(8) (for ppp interfaces);
by DHCP clients such as dhclient(8); by ifup(8) and by DNS caches such as dnsmasq(8) (for the loopback interface).
These programs obtain nameserver information from some source and push it to resolvconf.
The dhclient program, for example, may receive nameserver addresses and domain search list information during its negotiation with the DHCP
if so, its hook script /etc/dhcp/dhclient-enter-hooks.d/resolvconf pushes this information to resolvconf.
The ifup program can be used to configure network interfaces according to settings in /etc/network/interfaces.
To make ifup push nameserver information to resolvconf when it configures an interface
the administrator must add dns- option lines to the relevant iface stanza in interfaces(5).
The following option names are supported: dns-nameservers, dns-search, and dns-sortlist.
The dns-domain option is deprecated in favor of dns-search.
To add nameserver addresses, add a single line beginning with dns-nameservers.
dns-nameservers 192.168.1.254 8.8.8.8
Note that one or more addresses can be given on this line, separated by spaces, and note the "s" at the end of the option name,
in contrast with the resolv.conf(5) option name nameserver.
Remember that in interfaces(5) each option can be used at most once per stanza.
To add search domain names, add a line beginning with dns-search.
dns-search foo.
The resulting stanza might look like the following example.
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.254 8.8.8.8
dns-search foo.
N.B.: On a machine where resolvconf has just been or is about to be installed and which previously relied on a static /etc/resolv.conf file,
the nameserver information in that static file should be migrated to the appropriate iface stanza(s) in interfaces(5).
Command line
The administrator can run resolvconf from the command line to add or delete nameserver information, but this is not normally necessary or advisable.
CONSUMERS OF NAMESERVER INFORMATION consumer of nameserver information名字服务器信息消费者
Nameserver information provided to resolvconf is stored for use by subscribers to resolvconf‘s notification service.
Subscriber packages that need to know when nameserver information has changed
should install a script in /etc/resolv conf/update.d/ (or in /etc/resolvconf/update-libc.d/: see below).
For example, DNS caches such as dnsmasq(8) and pdnsd(8) subscribe to the notification service so that they know whither to forward queries.
Client hook scripts will find the files containing nameserver information in the current directory.
The most important software package that subscribes to the notification service is the GNU C Library resolver(3).
This library is used by many applications that need to resolve domain names.
When nameserver information is updated,
the script /etc/resolvconf/update.d/libc generates a new version of the resolver configuration file, /run/resolvconf/resolv.conf, as described below.
If the new version of the file differs from the previously generated one, then the hook scripts found in /etc/resolvconf/update-libc.d/ are executed.
The dynamically generated resolver configuration file
always starts with the contents of /etc/resolvconf/resolv.conf.d/head and ends with the contents of /etc/resolvconf/resolv.conf.d/tail.
Between head and tail the libc script inserts dynamic nameserver information compiled from, first, information provided for c
second, static information from /etc/resolvconf/resolv.conf.d/base.
Specifically, it writes:
1) up to three nameserver lines, ordered according to /etc/resolvconf/interface-order, possibly fewer if one of the
addresses is a loopback address and the TRUNCATE_NAMESERVER_LIST_AFTER_LOOPBACK_ADDRESS environment variable is affirmatively set,
as discussed in the ENVIRONMENT VARIABLES
2) up to one search line containing the combined domain search list from all "domain" and "search" input lines,
also ordered according to interface-order(5);
3) all other non-comment input lines.
To make the resolver use this dynamically generated resolver configuration file
the administrator should ensure that /etc/resolv.conf is a symbolic link to /run/resolvconf/resolv.conf.
This link is normally created on installation of the resolvconf package.
The link is never modified by the resolvconf program itself.
If you find that /etc/resolv.conf is not being updated, please check to make sure that the link is intact.
The GNU C Library resolver library isn‘t the only resolver library available.
However, any resolver library that reads /etc/resolv.conf (and most of them do, in order to be compatible) should work fine with resolvconf.
Subscriber packages that need to know only when the resolver configuration file has changed should install a script in
/etc/resolvconf/update-libc.d/ rather than in /etc/resolvconf/update.d/.
(For example, two packages that install update-libc.d/ hook scripts are fetchmail and squid.)
This is important for synchronization purposes: scripts in update-libc.d/ are run after resolv.c the same is not necessarily true of scripts in update.d/.
-a IFACE.PROG
Add or overwrite the record IFACE.PROG then run the update scripts if updating is enabled.
When this option is used the information must be provided to resolvconf on its standard input in the format of the resolv.conf(5) file.
Each line in the file must be terminated by a newline.
-d IFACE.PROG
Delete the record IFACE.PROG then run the update scripts if updating is enabled.
The string IFACE.PROG may not contain spaces, slashes, an initial dot, an initial hyphen or an initial tilde. ‐
It is conventionally formed from IFACE, the name of the interface involved, a dot, and IPROG, the name of the interface configuration
program, e.g., "eth0.dhclient".
-u Just run the update scripts (if updating is enabled).
With -a, -d or -u:
if updating is not enabled, schedule a delayed update.
The delayed update will be carried out when updates are enabled.
--enable-updates
Set the flag indicating that resolvconf should run update scripts when invoked in the future with -a, -d or -u.
If a delayed update was scheduled then run update scripts.
--disable-updates
Clear the flag.
--updates-are-enabled
Return 0 if the flag is set, otherwise return 1.
--create-runtime-directories
Create the directories where resolver information records and other run-time files are stored.
--wipe-runtime-directories
Delete everything in the directories where resolver information records and other run-time files are stored.
ENVIRONMENT VARIABLES
The following variables can be set in the configuration file /etc/default/resolvconf.
If the file does not exist you will have to create it.
REPORT_ABSENT_SYMLINK
If set to "yes" then resolvconf will print a message when /etc/resolv.conf is not a symbolic link to the resolvconf generated resolver configuration file.
Set to "no" to prevent the printing of this message. The default is "yes".
TRUNCATE_NAMESERVER_LIST_AFTER_LOOPBACK_ADDRESS truncate_nameserver_list_after_loopback_address
If set to "yes" then the libc script will include no more nameserver addresses after the first nameserver address that is a loopback address.
(In IPv4 a loopback address is any one that starts with "127.". In IPv6 the loopback address is "::1".)
The advantage of truncating the nameserver list after a loopback address is that doing so inhibits unnecessary changes to resolv.conf
and thus reduces the number of instances in which the update-libc.d/ scripts have to be run.
When an interface is brought up or down the local caching nameserver that listens on the loopback address is still informed of the change an
the clients of the resolver which use the local caching nameserver do not need to be notified of the change.
A disadvantage of this mode of operation is that applications have no secondary or tertiary nameserver address to fall back on should the local caching nameserver crash.
Insofar as a local nameserver crash can be regarded as an unlikely event, this is a relatively minor disadvantage.
Set to "no" to disable truncation.
The default is "yes".
A deprecated synonym for this variable is TRUNCATE_NAMESERVER_LIST_AFTER_127.
/etc/default/resolvconf
See the ENVIRONMENT VARIABLES section.
/etc/resolvconf/interface-order
Determines the order of precedence of nameserver addresses and search domain names. See above and interface-order(5).
/etc/resolvconf/resolv.conf.d/base
File containing basic resolver information.
The lines in this file are included in the resolver configuration file even when no interfaces are configured.
/etc/resolvconf/resolv.conf.d/head
File to be prepended to the dynamically generated resolver configuration file. Normally this is just a comment line.
/etc/resolvconf/resolv.conf.d/tail
File to be appended to the dynamically generated resolver configuration file. To append nothing, make this an empty file.
This file is a good place to put a resolver options line if one is needed, e.g., options inet6
/etc/resolvconf/resolv.conf.d/original
Copy of the /etc/resolv.conf file before the resolvconf package was installed. ‐
This file has no effect on the funct
it is retained so that /etc/resolv.conf can be restored to its original state if the resolvconf package is removed.
Note also that a copy of this file is included in the database until the first reboot after installation of th
this ensures that nameservers reachable before installation of resolvconf are still reachable after installation of resolvconf
even though at that point not all suppliers of nameserver information may have supplied their information to resolvconf(8).
Note also that the administrator can choose to create a symbolic link in /etc/resolvconf/resolv.conf.d/ from tail to original
so that the contents of original are always added to the end of the dynamically generated file.
Currently resolvconf does not check the sanity of the information provided to it.
Written by Thomas Hood && with contributions by Nathan Stratton Treadway.
Copyright &
Thomas Hood.
T see the source for copying conditions.
interface-order(5), resolv.conf(5), resolver(3).
Read the resolvconf package README file for more in-depth information.
ubuntu14.04
主机名配置（带搜索域）
/etc/hostname
/etc/hosts
127.0.0.1&&&&&&&&localhost
127.0.0.1&&&&&&&&&&&&hd1
/etc/resolv.conf
nameserver&&&&127.0.0.1
search&&&&&&&&
======================
make install
/usr/local/sbin/dnsmasqmake install
/etc/resolv.conf/etc/hosts
/etc/dnsmasq.conf
/etc/resolv.conf
serverresolv-file
/etc/ppp/resolv.conf
/etc/resolv.confresolv-file=/etc/ppp/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-ippp0
/etc/ppp/resolv.conf/etc/resolv.conf[x] Modify DNS when connected/etc/ppp/resolv.conf/etc/resolv.conf/etc/sysconfig/network/config
/etc/resolv.conf
dhcpcd.exe$DNS
echo -n &|/etc/dhcpc/resolv.conf
dnsservs=${DNS//,/ }
for serv in $ do
echo "nameserver $serv" &&/etc/dhcpc/resolv.conf
-R/etc/resolv.conf
resolv-file=/etc/ppp/resolv.conf resolv-file=/etc/dhcpc/resolv.confboth&files and use whichever was updated last. The result is automatic switching between DNS servers.
/etc/hosts/etc/hosts
domain-suffix
mx-hostmx-target
192.168.10.1
server=//192.168.10.1
localserver
local=/localnet/
.localnet/etc/hosts
bogus-nxdomain=64.94.110.11bogus-nxdomain
interfaceaddress
filterwin2k
/etc/hosts/etc/resolv.conf
/var/log/syslog/var/log/messages
log-queries
=======================
Automating dnsmasq and resolvconf
Posted on 07 November 2013
I‘ve been working a lot with&&for DNS forwarding recently, and have hit enough problems that I thought it would be worth writing about them.
On my current project, we‘re using Ubuntu 12.04, which uses dnsmasq as a local DNS cacher and forwarder, and&&(the service as opposed to the resolv.conf file) to manage DNS server configuration.
Dnsmasq is a simple DNS forwarder.
It proxies multiple upstream DNS servers, add caching, and can even serve up A records from an&/etc/hosts-style configuration file.
Dnsmasq is configured by giving it an&/etc/resolv.conf-style file with a list of nameservers.
It will regularly poll this file for changes, and change its forwarding behaviour accordingly. 会定期轮询该文件的改变，相应更改转发行为
Dnsmasq can also be configured to direct requests for particular domains t 还可以配置，把特定域的请求转发到特定的名字服务器
for example, if you want everything in
to go to your internal office server, but everything else to go to public DNS servers, dnsmasq can do that for you.
Dnsmasq does NOT perform recursive DNS
you will still need some form of recursive DNS server in order to achieve full DNS functionality.
resolvconf
resolvconf is part of the ubuntu-minimal install, which means that it‘s considered a pretty core part of the distribution these days. It‘s an evolution from the traditional&/etc/resolv.conf&file, which lists nameservers and search domains to use when resolving DNS names to IP addresses.
You associate a nameserver with a particular network interface with a line such as:
echo nameserver 192.0.2.6 | resolvconf -a IFACE.PROGNAME
where IFACE is an interface, and PROGNAME is the name of an associated program.
For example, dnsmasq itself registers itself with resolvconf by associating with the lo.dnsmasq entry.
You can remove entries with&resolvconf -d.
Generally, you don‘t call
instead, it is called automatically as part of bringing up a network interface, or starting a DNS service, or similar.
Each time an interface is added or removed, resolvconf updates associated configuration files by running scripts in the/etc/resolvconf/update.d& one of these,&libc, updates the traditional&/etc/resolv.conf&file.
The problem
This is where I get to the problem I was facing.
I was trying to install and configure dnsmasq in a puppet run.
However, immediately after dnsmasq was installed, I would start getting name resolution errors, and the rest of the puppet run would fail.
But by the time I had logged onto the box to investigate, name resolution was working again! What was going on?
It turns out there‘s a bit of a race condition when starting dnsmasq, particularly for the first time. What happens is this:
/etc/init.d/dnsmasq starts the dnsmasq daemon.
Dnsmasq, in its default configuration on ubuntu, looks for upstream nameservers in /var/run/dnsmasq/resolv.conf.
Dnsmasq checks for the file, finds it missing, and gives up for the moment. It will poll again later.
Once dnsmasq has started and returned, the init.d script registers 127.0.0.1 with lo.dnsmasq in resolvconf.
resolvconf runs its updates, generating configuration for dnsmasq in /var/run/dnsmasq/resolv.conf and also changing the standard libc resolver file /etc/resolv.conf to&only&refer to 127.0.0.1, the dnsmasq process
At this point, the dnsmasq service is the sole DNS server that the local resolver can see, but dnsmasq itself hasn‘t yet seen any upstream nameservers. Therefore it can‘t give any useful answers. At this point, my puppet run starts failing.
After a few seconds, dnsmasq polls the /var/run/dnsmasq/resolv.conf file again and finally finds the upstream nameservers left for it by resolvconf in step #3 above.
I log into the machine, try to resolve a name, and everything works.
标签：&&&&&&&&&&&&&&&&&&&&&&&&&&&原文：/asnjudy/p/4687193.html
教程昨日排行
&&国之画&&&& &&&&&&
&& &&&&&&&&&&&&&&
鲁ICP备号-4
打开技术之扣，分享程序人生！