dns在机器上的解析流程:
1.在浏览器上输入 www.prthonav.cn, 操作系统会先检查自己本地的 /etc/hosts 文件,是否存在了写死的对应关系。优先读取 hosts 文件,读取到了记录则进行解析,没有则进行下一步。
2. 如果 hosts 文件没有写死的记录,操作系统会再去查看本地的 dns 缓存。是否有解析关系,如果有就进行返回,如果没有就进行下一步。
3. 如果 hosts 文件和本地 dns 缓存都没有解析关系,那么操作系统会去我们在网络配置(/etc/resolv.conf) 文件中定义的 dns 服务器地址去查找,www.pythonav.cn 比如:223.5.5.5 223.6.6.6 8.8.8.8 如果请求走到了 dns 服务器,dns 服务器进行查询是否存在 www.pythonav.cn 的记录。
找到了表示该域名在公网中注册了,找不到表示该域名未注册,不存在。
dns服务器一般主流是安装 bind 服务 大公司都是用这个dns服务,这是一个非常重型的,很厉害的一个 DNS 服务
如果是小型的域名公司解析需求,使用 dnsmasq 即可
dnsmasq 搭建 dns 局域网
1.首先需要安装该软件
# centos 系统 安装 dnsmasq
yum install dnsmasq -y
# ubuntu 系统 安装 dnsmasq
root@ubuntu:~# dnsmasq
Command 'dnsmasq' not found, but can be installed with:
apt install dnsmasq-base # version 2.86-1.1ubuntu0.3, or
apt install dnsmasq-base-lua # version 2.86-1.1ubuntu0.3
# 先安装依赖 dnsmasq-base 和 dnsmasq-base-lua
root@ubuntu:~# apt install dnsmasq-base
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
dnsmasq-base is already the newest version (2.90-0ubuntu0.22.04.1).
dnsmasq-base set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 17 not upgraded.
# 安装依赖 dnsmasq-base-lua
root@ubuntu:~# apt install dnsmasq-base-lua
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
dnsmasq-base
The following NEW packages will be installed:
dnsmasq-base-lua
0 upgraded, 1 newly installed, 1 to remove and 17 not upgraded.
Need to get 469 kB of archives.
After this operation, 16.4 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/universe amd64 dnsmasq-base-lua amd64 2.90-0ubuntu0.22.04.1 [469 kB]
Fetched 469 kB in 3s (177 kB/s)
dpkg: dnsmasq-base: dependency problems, but removing anyway as you requested:
dnsmasq depends on dnsmasq-base.
dnsmasq depends on dnsmasq-base.
(Reading database ... 92847 files and directories currently installed.)
Removing dnsmasq-base (2.90-0ubuntu0.22.04.1) ...
Selecting previously unselected package dnsmasq-base-lua.
(Reading database ... 92830 files and directories currently installed.)
Preparing to unpack .../dnsmasq-base-lua_2.90-0ubuntu0.22.04.1_amd64.deb ...
Unpacking dnsmasq-base-lua (2.90-0ubuntu0.22.04.1) ...
Setting up dnsmasq-base-lua (2.90-0ubuntu0.22.04.1) ...
Processing triggers for dbus (1.12.20-2ubuntu4.1) ...
Processing triggers for man-db (2.10.2-1) ...
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
# 再安装 dnsmasq 软件
root@ubuntu:~# apt install dnsmasq -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
dnsmasq is already the newest version (2.90-0ubuntu0.22.04.1).
0 upgraded, 0 newly installed, 0 to remove and 17 not upgraded.
root@ubuntu:~#
2. dnsmasq 主配置文件 /etc/dnsmasq.conf
root@ubuntu:~# grep -v '^#' /etc/dnsmasq.conf | grep -v '^$'
/etc/dnsmasq.conf
/etc/dnsmasq.host
/etc/resolv.dnsmasq.conf
3. dnsmasq 内部解析所需要的 ip 和域名。也就是用户所需要自定义的域名和 ip 的对应关系编写。
/etc/dnsmasq.host 该文件需要手动去创建
4. 是 dnsmasq 的上游 DNS 服务器地址
/etc/resolv.dnsmasq.conf 该文件需要手动去创建
三个重要的配置文件
/etc/dnsmasq.conf
/etc/dnsmasq.host
/etc/resolv.dnsmasq.conf
# 修改 vin /etc/dnsmasq.conf主配置文件,大概是如下参数
vim /etc/dnsmasq.conf # 打开且修改如下参数
# 1. 指定上游 dns 服务器地址的参数, /resolv-file
resolv-file=/etc/resolv.dnsmasq.conf
# 2. 自定义某些域名及其子域名,都解析到某一个 ip 地址,添加如下参数:/address
address=/baidu.com/123.206.16.61
address=/taobao.com/123.206.16.61
# 3. 当你不希望员工上班时间访问某些网站时,当他访问这些网站时就强制解析到另一个IP,而不去正确解析'百度,淘宝'等网站。 /address
address=/baidu.com/123.206.16.61
address=/taobao.com/123.206.16.61
# 4. 定义 dnsmasq 的监听地址的配置文件 /listen-address
# 如果你是本地的 linux 虚拟机 在这里可以填写 127.0.0.1 也可以写本地的局域网 IP 比如172.18.26.133 就不写公网 IP
listen-address=127.0.0.1 不让走公网(这是云服务器)
# listen-address=123.206.16.61 #(公网)
# 5. 定义一个本地域名配置文件,需要自定义的一些域名解析激励 /addn-hosts
我们定义一个文件,我们写死一些解析对应关系
addn-hosts=/etc/dnsmasq.hosts
# 6. 记录 dns 查询的日志参数 /log-queries
去掉'# log-queries'前面的 '#' 即打开日志,就可以记录解析的过程
# 7. 包含目录的语法,能够包含某一个文件夹下所有符合定义类型的配置文件 /conf-dir
找到 'conf-dir' 将前面的'#'去掉 为下所示即可
表示 如下三种文件都能被dnsmasq 所识别出来
conf-dir=/etc/dnsmasq.d
conf-dir=/etc/dnsmasq.d,.bak
conf-dir=/etc/dnsmasq.d/,*.conf
# 8. 将所有参数修改后,通过如下命令验证
grep -v '^#' /etc/dnsmasq.conf | grep -v "^$"
参数解释
'^#' 表示去掉注释行
'^$' 表示去掉空白行
---------------------------------------------------------------------------------
root@ubuntu:~# vim /etc/dnsmasq.conf
root@ubuntu:~# grep -v '^#' /etc/dnsmasq.conf | grep -v "^$"
# 自定义的 dnsmasq 服务的配置文件,参数如下
resolv-file=/etc/resolv.dnsmasq.conf
address=/baidu.com/123.206.16.61
address=/taobao.com/123.206.16.61
listen-address=123.206.16.61 (127.0.0.1 172.18.26.133)
addn-hosts=/etc/dnsmasq.host
log-queries
conf-dir=/etc/dnsmasq.d
conf-dir=/etc/dnsmasq.d,.bak
conf-dir=/etc/dnsmasq.d/,*.conf
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
root@ubuntu:~#
[内部解析的地址关系]
在应用程序的调试可能会用到域名,而不用 IP 自定义的假域名
vim /etc/dnsmasq.hosts
root@ubuntu:~# vim /etc/dnsmasq.hosts
root@ubuntu:~# cat /etc/dnsmasq.hosts
123.206.16.61 yuchao668.com
root@ubuntu:~#
[添加上游 dns 服务器地址]
# 当 dnsmasq 在本地找不解析记录的时候,去上游查找 让他去腾讯 119.29.29.29 去找一下,是否有成才这么一个公网 如果腾讯出问题再去阿里找找 配置两家公网。
vim /etc/resolv.dnsmasq.conf
root@ubuntu:~# vim /etc/resolv.dnsmasq.conf
root@ubuntu:~# cat /etc/resolv.dnsmasq.conf
nameserver 119.29.29.29
nameserver 223.5.5.5 223.6.6.6
[启动 dnsmasq 服务]
通过 yum 安装的软件,直接 systemctl 启动
systemctl start dnsmasq
# 查看日志 journalctl -xeu dnsmasq.service
# 1. 查看 systemd-resolved 发现他是启动了
root@ubuntu:~# service systemd-resolved status
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-04-08 04:43:40 UTC; 3min 35s ago
Docs: man:systemd-resolved.service(8)
man:org.freedesktop.resolve1(5)
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 2997 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 4515)
Memory: 4.6M
CPU: 64ms
CGroup: /system.slice/systemd-resolved.service
└─2997 /lib/systemd/systemd-resolved
# 2. 停止 systemd-resolved 这个服务 再次查看他的状态
root@ubuntu:~# service systemd-resolved stop
root@ubuntu:~# service systemd-resolved status
○ systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2024-04-08 04:47:42 UTC; 7s ago
Docs: man:systemd-resolved.service(8)
man:org.freedesktop.resolve1(5)
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Process: 2997 ExecStart=/lib/systemd/systemd-resolved (code=exited, status=0/SUCCESS)
Main PID: 2997 (code=exited, status=0/SUCCESS)
Status: "Shutting down..."
CPU: 67ms
# 3. 启动 dnsmasq 服务 且查看他的状态
root@ubuntu:/etc# systemctl restart dnsmasq
root@ubuntu:/etc# systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-04-08 04:58:18 UTC; 26s ago
Process: 3068 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, status=0/SUCCESS)
Process: 3076 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 3086 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Main PID: 3085 (dnsmasq)
Tasks: 1 (limit: 4515)
Memory: 608.0K
CPU: 34ms
CGroup: /system.slice/dnsmasq.service
└─3085 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=>
Apr 08 04:58:18 ubuntu systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Apr 08 04:58:18 ubuntu dnsmasq[3085]: started, version 2.90 cachesize 150
Apr 08 04:58:18 ubuntu dnsmasq[3085]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 Lua TFTP conntrack ipset no-nftset auth crypto>
Apr 08 04:58:18 ubuntu dnsmasq[3085]: reading /etc/resolv.dnsmasq.conf
Apr 08 04:58:18 ubuntu dnsmasq[3085]: using nameserver 119.29.29.29#53
Apr 08 04:58:18 ubuntu dnsmasq[3085]: using nameserver 223.5.5.5#53
Apr 08 04:58:18 ubuntu dnsmasq[3085]: read /etc/hosts - 8 names
Apr 08 04:58:18 ubuntu dnsmasq[3085]: read /etc/dnsmasq.host - 1 names
Apr 08 04:58:18 ubuntu systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
root@ubuntu:/etc#
[ 修改本地的 dns 客户端配置文件,指定自定义的 dnsmasq 服务器地址 ]
root@ubuntu:/# vim /etc/resolv.conf
root@ubuntu:/# cat /etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
# nameserver 127.0.0.53
# nameserver 114.114.114.114
# nameserver 223.5.5.5
nameserver 123.206.16.61 # 这是我们自己搭建的 dns 局域网地址(127.0.0.1 192.168.222.133)
options edns0 trust-ad
search localdomain
root@ubuntu:/#
[ 测试域名解析是否成功 ] 在当前的机器用 nslookup 来测试域名解析是否成功
-
1. dnsmasq 是一款小巧且方便地用于配置 DNS 服务器和 DHCP(动态分配IP的一个工具) 服务器的工具,适用小型网络,他提供了 DNS 解析功能和可选择的 DHCP 功能。
2. dnsmasq可以解决小范围的 dns 查询问题,如果业务是跨机房,跨地区的话不建议使用 dnsmasq做为 dns 解析服务器。
[ dnsmasq 的配置文件 ]
a. 主配置文件,安装后自动生成
/etc/dnsmasq.conf
b. 内部需要解析的 ip 和域名
/etc/dnsmasq.hosts
c. dnsmasq 的上游 DNS 服务器
可以配置为 resolv.conf , 添加 nameserver
/etc/resolv.dnsmasq.conf
主配置文件
# 过滤文件中排除空行 ^$ 和 ^# 或者 ^; 的行
grep -Ev '^$|^{#;}' /etc/dnsmasq.conf
# 定义 dnsmasq 从哪里获取上游 DNS 服务器的地址,默认是从 /etc/resolv.conf 获取
resolv-file=/etc/resolv.dnsmasq.conf
# 访问 baidu.com 时的所有域名都会被解析成 123.206.16.61
address=/baidu.com/123.206.16.61
address=/taobao.com/123.206.16.61
# 定义 dnsmasq 监听的地址,默认是监控本机的所有网卡。局域网内主机若要
