nsmasq是什么我就不说了,请自行百度。
目前我需要使用的用途是:
1.dhcp(分配一个或者多个内网ip地址)
2.dns(锁定解析,改变解析指向和dns缓存)
3.简便,一次满足dhcp和dns 2个功能
备注:
dhcp是用udp 67端口的,dns是用tcp/udp 53端口的,有iptables的请自行处理
如何安装:
因为他方便小巧,性价比高,所以我yum了
yum install dnsmasq
如何启动关闭 重启
Shutting down dnsmasq: [ OK ]
Starting dhcrelay: [OK]
如何查看日志
tail -f /var/log/messages
目前我用到的配置,请各位参考对号入座:
- resolv-file=/etc/resolv.dnsmasq.conf
- server=/testdns.com/172.16.0.1
- address=/www.test.com/192.168.0.12
- interface=p3p1
- listen-address=127.0.0.1,172.16.0.1
- bind-interfaces
- addn-hosts=/etc/dnsmasq.host
- dhcp-range=172.16.0.30,172.16.1.254,255.255.128.0,30m
- dhcp-host=B8:EE:65:D2:F9:B4,fred,172.16.1.139
- dhcp-option=3,172.16.0.1
- dhcp-option=19,0 # option ip-forwarding off
- dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
- dhcp-option=45,0.0.0.0 # netbios datagram distribution server
- dhcp-option=46,8 # netbios node type
- dhcp-lease-max=500
- dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
- cache-size=1000
- dhcp-option=252,"\n"
复制代码
详细配置翻译在这里:
btw:
感谢jianshu不支持代码格式化 - 。-
- Configuration file for dnsmasq.
- Format is one option per line, legal options are the same
- as the long options legal on the command line. See
- "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
- The following two options make you a better netizen, since they
- tell dnsmasq to filter out queries which the public DNS cannot
- answer, and which load the servers (especially the root servers)
- uneccessarily. If you have a dial-on-demand link they also stop
- these requests from bringing up the link uneccessarily.
- Never forward plain names (without a dot or domain part)
- 不转发无格式的域名(没有.的或者只有一部分的残缺域名)【不常用】
- domain-needed
- Never forward addresses in the non-routed address spaces.
- 在未发送的地址空间内不转发域名地址,根据上下文信息,我的理解是在不通的网络环境下不做转发【不常用】
- bogus-priv
- Uncomment this to filter useless windows-originated DNS requests
- which can trigger dial-on-demand links needlessly.
- Note that (amongst other things) this blocks all SRV requests,
- so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
- This option only affects forwarding, SRV records originating for
- dnsmasq (via srv-host= lines) are not suppressed by it.
- 这是跟ad相关的东西,微软的特殊请求包,如果要使用kerberos,sip,xmmp gtlak那些就需要打开配置【不常用】
- 引用信息:http://www.cnblogs.com/zhuangxuqiang/archive/2009/04/28/1445113.html
- filterwin2k
- Change this line if you want dns to get its upstream servers from
- somewhere other that /etc/resolv.conf
- 这个是很有用的东西,因为你要做自定义dns控制的话,最好单独独立一份dns服务器地址清单,系统默认的/etc/resolv.conf是会变化的,尤其是新版本的linux系统会跟随网卡配置变化或者其他网络管理套件变化,为了可靠性,单独独立一份出来管理,所以需要打开这个配置
- resolv-file=
- By default, dnsmasq will send queries to any of the upstream
- servers it knows about and tries to favour servers to are known
- to be up. Uncommenting this forces dnsmasq to try each query
- with each server strictly in the order they appear in
- /etc/resolv.conf
- 强制按照resolv.conf的dns服务器顺序来进行解析,可能会有时候上游dns服务器的不稳定,可能a.dns服务器最近解析很慢,b.dns服务器最近解析很快,那么调整一下顺序,先走a再到b,你可以找到一个稳定的dns服务器使用顺序,这样也可以使用这个配置来优化一下,一般情况没必要【不常用】
- strict-order
- If you don't want dnsmasq to read /etc/resolv.conf or any other
- file, getting its servers from this file instead (see below), then
- uncomment this.
- 不使用/etc/resolv.conf来进行上游dns服务器解析,这里跟上面的resolv-file配置配合使用,打开了这个配置然后指定一个新的resolv-file
- no-resolv
- If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
- files for changes and re-read them then uncomment this.
- 这个是是否轮训dns解析,例如a.dns解析不了去b.dns然后b.dns不行了又去a.dns【不常用】
- no-poll
- Add other name servers here, with domain specs if they are for
- non-public domains.
- 配置内网其他dns服务器的域名解析,一般来说用dnsmasq的环境不是复杂环境,所以不需要那么多【不常用】
- server=/localnet/192.168.0.1
- Example of routing PTR queries to nameservers: this will send all
- address->name queries for 192.168.3/24 to nameserver 10.1.2.3
- 反向解析记录,一般用于邮件系统,正向解析就是从域名到ip这样解析,反向就是从ip到域名【不常用】
- server=/3.168.192.in-addr.arpa/10.1.2.3
- Add local-only domains here, queries in these domains are answered
- from /etc/hosts or DHCP only.
- 设置本机使用域名,或许一些一定要用本机域名的程序要用,但不常见【不常用】
- local=/localnet/
- Add domains which you want to force to an IP address here.
- The example below send any host in doubleclick.net to a local
- webserver.
- 这个是好家伙,强制解析,类似写host的效果,这样可以做域名绑定,避免被dns污染,也支持泛解析*号,现在世界都很危险,还是要保留内心的一丝纯洁的
- address=/doubleclick.net/127.0.0.1
- --address (and --server) work with IPv6 addresses too.
- 上面配置的加强版,支持ipv6
- address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
- You can control how dnsmasq talks to a server: this forces
- queries to 10.1.2.3 to be routed via eth1
- 控制某台dns的解析请求从某个网卡出去【不常用】
- --server=10.1.2.3@eth1
- and this sets the source (ie local) address used to talk to
- 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
- IP on the machine, obviously).
- 指定一个源地址去访问某个目标地址的某个端口,有点类似iptables的forward,实现原理不太懂,但这个会有用途的,例如强制门户,做中转,内网会较常用,简单的重定向,跟address作用类似
- [email protected]
- If you want dnsmasq to change uid and gid to something other
- than the default, edit the following lines.
- 简单易懂就不说了
- user=
- group=
- If you want dnsmasq to listen for DHCP and DNS requests only on
- specified interfaces (and the loopback) give the name of the
- interface (eg eth0) here.
- Repeat the line for more than one interface.
- 指定监听某个接口,例如某张网卡,
- interface=
- Or you can specify which interface not to listen on
- 指定排除监听某个接口
- except-interface=
- Or which to listen on by address (remember to include 127.0.0.1 if
- you use this.)
- 这个是重要选项,监听地址,要写上ip地址加上127.0.0.1,因为IP地址是给你的client机用的,127.0.0.1是给dnsmasq用的,为什么呢,是因为你要做dns缓存,要访问自己即是本机,格式就是ip,127.0.0.1
- listen-address=
- If you want dnsmasq to provide only DNS service on an interface,
- configure it as shown above, and then use the following line to
- disable DHCP on it.
- 只提供dns服务,不提供dhcp服务,这个是因为一个内网是不可能有多台dhcp服务器的,多个dhcp会导致dhcp广播混乱,可能会造成的影响就是我分到了一个ip却上不了网,因为分给你ip的dhcp服务器是给上内网用的。
- no-dhcp-interface=
- On systems which support it, dnsmasq binds the wildcard address,
- even when it is listening on only some interfaces. It then discards
- requests that it shouldn't reply to. This has the advantage of
- working even when interfaces come and go and change address. If you
- want dnsmasq to really bind only the interfaces it is listening on,
- uncomment this option. About the only time you may need this is when
- running another nameserver on the same machine.
- 绑定了网卡之后会保证dnsmasq不去骚扰其他网卡,保证请求不乱发,一般跟interface一起使用
- bind-interfaces
- If you don't want dnsmasq to read /etc/hosts, uncomment the
- following line.
- 是否使用hosts,如果你在上面的都指定好了固定的解析,如server=/localnet/192.168.0.1 那么可以只使用这个解析,不用hosts,不过嘛,hosts方便一点,而且hosts可以在dns挂了的情况下剩下,虽然只是本机服务器生效,还是建议用hosts的,只要整理好解析和hosts的列表就好了
- no-hosts
- or if you want it to read another file, as well as /etc/hosts, use
- this.
- 使用另外一个文件代替hosts,这样就可以不骚扰本机的host 从而保证服务器固有host不被影响,也可以给dnsmasq使用特别的hosts
- addn-hosts=/etc/banner_add_hosts
- Set this (and domain: see below) if you want to have a domain
- automatically added to simple names in a hosts-file.
- 自动给hosts的域名增加一个简单的名字,搭配下面的domain用的,【不常用】
- expand-hosts
- Set the domain for dnsmasq. this is optional, but if it is set, it
- does the following things.
- 1) Allows DHCP hosts to have fully qualified domain names, as long
- as the domain part matches this setting.
- 2) Sets the "domain" DHCP option thereby potentially setting the
- domain of all systems configured by DHCP
- 3) Provides the domain part for "expand-hosts"
- 给dhcp服务器赋予一个域名,个人感觉不需要
- domain=thekelleys.org.uk
- Set a different domain for a particular subnet
- 给一个dhcp子域一个域名,蛋疼了,还没想到为嘛要这样做,dhcp只是一个分配ip的叔叔,不过在ad服务器之类的环境是需要dns后缀的,因为ad需要客户端的域名来找到主机
- domain=wireless.thekelleys.org.uk,192.168.2.0/24
- Same idea, but range rather then subnet
- 雷同。
- domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
- Uncomment this to enable the integrated DHCP server, you need
- to supply the range of addresses available for lease and optionally
- a lease time. If you have more than one network, you will need to
- repeat this for each network on which you want to supply DHCP
- service.
- 这个是重要的东西,设置dhcp的ip发配range,就是你的dhcp服务器分配多少个ip出来,ip的范围从哪里到哪里,默认是c类网段,所以简略了掩码,后面增加一个租约时间,dhcp分配的ip是有租约的,租约过了是需要回收的。
- dhcp-range=192.168.0.50,192.168.0.150,12h
- This is an example of a DHCP range where the netmask is given. This
- is needed for networks we reach the dnsmasq DHCP server via a relay
- agent. If you don't know what a DHCP relay agent is, you probably
- don't need to worry about this.
- 这就是标准语法,分配c类网段,12h租约,支持多个subnet,多行写就行了,不过需要注意的是多个网段是需要dhcp中继的,dhcp中继请自行百度,大概就是独立一个网卡,监听dhcp的御用67 udp和tcp端口,连接主dhcp服务器
- dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
- This is an example of a DHCP range with a network-id, so that
- some DHCP options may be set only for this network.
- 可以在分配ip的时候授予这些ip一个名字,也可以叫做network-id,用来识别这个标志是属于这些ip的,用途在下面会说到。但这属于高级功能,还不一定所有client设备都能够支持,所以了解一下按需使用就好了。
- dhcp-range=red,192.168.0.50,192.168.0.150
- Supply parameters for specified hosts using DHCP. There are lots
- of valid alternatives, so we will give examples of each. Note that
- IP addresses DO NOT have to be in the range given above, they just
- need to be on the same network. The order of the parameters in these
- do not matter, it's permissble to give name,adddress and MAC in any order
- Always allocate the host with ethernet address 11:22:33:44:55:66
- The IP address 192.168.0.60
- 绑定网卡地址对应ip地址,用的是host的方式,类似在hosts文件写一个host name 对应一个ip,所以这个不是arp绑定,要区分。
- dhcp-host=11:22:33:44:55:66,192.168.0.60
- Always set the name of the host with hardware address
- 11:22:33:44:55:66 to be "fred"
- 绑定mac地址对应一个host name ,我个人觉得绑定mac对应ip就足够了,绑定对应名字比较少见
- dhcp-host=11:22:33:44:55:66,fred
- Always give the host with ethernet address 11:22:33:44:55:66
- the name fred and IP address 192.168.0.60 and lease time 45 minutes
- 这个是组合版,绑定某个mac对应fred名字,然后加上一个ip分配,并设置租约,这个只能说是灵活配置的参考,没啥实际意义
- dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
- Give a host with ethernet address 11:22:33:44:55:66 or
- 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
- that these two ethernet interfaces will never be in use at the same
- time, and give the IP address to the second, even if it is already
- in use by the first. Useful for laptops with wired and wireless
- addresses.
- 绑定一个ip对应多mac地址,用途场景存在于实验室和无线网络,我想,只是为了让2块网卡用同一个ip这样单纯而纯洁的需求而已【不常用】
- dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
- Give the machine which says its name is "bert" IP address
- 192.168.0.70 and an infinite lease
- 绑定名字对应ip,并且给了一个新参数,无限租约
- dhcp-host=bert,192.168.0.70,infinite
- Always give the host with client identifier 01:02:02:04
- the IP address 192.168.0.60
- 给予一个特殊标识符对应ip,用途不明
- dhcp-host=id:01:02:02:04,192.168.0.60
- Always give the host with client identifier "marjorie"
- the IP address 192.168.0.60
- 跟上一条类似,只是标识符还支持普通字符字串
- dhcp-host=id:marjorie,192.168.0.60
- Enable the address given for "judge" in /etc/hosts
- to be given to a machine presenting the name "judge" when
- it asks for a DHCP lease.
- 用hosts文件的名字来分配ip【不常用】
- dhcp-host=judge
- Never offer DHCP service to a machine whose ethernet
- address is 11:22:33:44:55:66
- 使用忽略参数,遇到某个mac网卡的时候不分配ip
- dhcp-host=11:22:33:44:55:66,ignore
- Ignore any client-id presented by the machine with ethernet
- address 11:22:33:44:55:66. This is useful to prevent a machine
- being treated differently when running under different OS's or
- between PXE boot and OS boot.
- 关于pxe的不描述了
- dhcp-host=11:22:33:44:55:66,id:*
- Send extra options which are tagged as "red" to
- the machine with ethernet address 11:22:33:44:55:66
- dhcp-host=11:22:33:44:55:66,net:red
- Send extra options which are tagged as "red" to
- any machine with ethernet address starting 11:22:33:
- dhcp-host=11:22:33:::*,net:red
- Ignore any clients which are specified in dhcp-host lines
- or /etc/ethers. Equivalent to ISC "deny unkown-clients".
- This relies on the special "known" tag which is set when
- a host is matched.
- dhcp-ignore=known
- Send extra options which are tagged as "red" to any machine whose
- DHCP vendorclass string includes the substring "Linux"
- dhcp-vendorclass=red,Linux
- Send extra options which are tagged as "red" to any machine one
- of whose DHCP userclass strings includes the substring "accounts"
- dhcp-userclass=red,accounts
- Send extra options which are tagged as "red" to any machine whose
- MAC address matches the pattern.
- dhcp-mac=red,00:60:8C:::*
- If this line is uncommented, dnsmasq will read /etc/ethers and act
- on the ethernet-address/IP pairs found there just as if they had
- been given as --dhcp-host options. Useful if you keep
- MAC-address/host mappings there for other purposes.
- 使用额外的文件代替主配置文件来处理dhcp-host的匹配,这个主要为了方便管理,将所有需要用到的dhcp-host配置都搬进去
- read-ethers
- Send options to hosts which ask for a DHCP lease.
- See RFC 2132 for details of available options.
- Common options can be given to dnsmasq by name:
- run "dnsmasq --help dhcp" to get a list.
- Note that all the common settings, such as netmask and
- broadcast address, DNS server and default route, are given
- sane defaults by dnsmasq. You very likely will not need
- any dhcp-options. If you use Windows clients and Samba, there
- are some options which are recommended, they are detailed at the
- end of this section.
- Override the default route supplied by dnsmasq, which assumes the
- router is the same machine as the one running dnsmasq.
- 设置默认网关,这是指dhcp下发ip后,client的ip获取到的网关信息,很有用,还可以做多种静态路由,3代表默认网关,后面跟ip或者子网
- dhcp-option=3,1.2.3.4
- Do the same thing, but using the option name
- 或者可以直接写关键字router也是代表静态网关
- dhcp-option=option:router,1.2.3.4
- Override the default route supplied by dnsmasq and send no default
- route at all. Note that this only works for the options sent by
- default (1, 3, 6, 12, 28) the same line will send a zero-length option
- for all other option numbers.
- dhcp-option=3
- Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
- 设置ntp服务器,不知道怎么验证,暂时不用
- dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
- Set the NTP time server address to be the same machine as
- is running dnsmasq
- dhcp-option=42,0.0.0.0
- Set the NIS domain name to "welly"
- dhcp-option=40,welly
- Set the default time-to-live to 50
- TTL现在一般都是指路由跳数了,50足够了。
- dhcp-option=23,50
- Set the "all subnets are local" flag
- dhcp-option=27,1
- Send the etherboot magic flag and then etherboot options (a string).
- dhcp-option=128,e4:45:74:68:00:00
- dhcp-option=129,NIC=eepro100
- Specify an option which will only be sent to the "red" network
- (see dhcp-range for the declaration of the "red" network)
- Note that the net: part must precede the option: part.
- dhcp-option = net:red, option:ntp-server, 192.168.1.1
- The following DHCP options set up dnsmasq in the same way as is specified
- for the ISC dhcpcd in
- http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
- adapted for a typical dnsmasq installation where the host running
- dnsmasq is also the host running samba.
- you may want to uncomment some or all of them if you use
- Windows clients and Samba.
- 用windows作为client端要把这个带上,这样会快一点获取ip
- dhcp-option=19,0 option ip-forwarding off
- dhcp-option=44,0.0.0.0 set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
- dhcp-option=45,0.0.0.0 netbios datagram distribution server
- dhcp-option=46,8 netbios node type
- Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
- probably doesn't support this......
- dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
- Send RFC-3442 classless static routes (note the netmask encoding)
- dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
- Send vendor-class specific options encapsulated in DHCP option 43.
- The meaning of the options is defined by the vendor-class so
- options are sent only when the client supplied vendor class
- matches the class given here. (A substring match is OK, so "MSFT"
- matches "MSFT" and "MSFT 5.0"). This example sets the
- mtftp address to 0.0.0.0 for PXEClients.
- dhcp-option=vendor:PXEClient,1,0.0.0.0
- Send microsoft-specific option to tell windows to release the DHCP lease
- when it shuts down. Note the "i" flag, to tell dnsmasq to send the
- value as a four-byte integer - that's what microsoft wants. See
- http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
- dhcp-option=vendor:MSFT,2,1i
- Send the Encapsulated-vendor-class ID needed by some configurations of
- Etherboot to allow is to recognise the DHCP server.
- dhcp-option=vendor:Etherboot,60,"Etherboot"
- Send options to PXELinux. Note that we need to send the options even
- though they don't appear in the parameter request list, so we need
- to use dhcp-option-force here.
- See http://syslinux.zytor.com/pxe.phpspecial for details.
- Magic number - needed before anything else is recognised
- dhcp-option-force=208,f1:00:74:7e
- Configuration file name
- dhcp-option-force=209,configs/common
- Path prefix
- dhcp-option-force=210,/tftpboot/pxelinux/files/
- Reboot time. (Note 'i' to send 32-bit value)
- dhcp-option-force=211,30i
- Set the boot filename for netboot/PXE. You will only need
- this is you want to boot machines over the network and you will need
- a TFTP server; either dnsmasq's built in TFTP server or an
- external one. (See below for how to enable the TFTP server.)
- dhcp-boot=pxelinux.0
- Boot for Etherboot gPXE. The idea is to send two different
- filenames, the first loads gPXE, and the second tells gPXE what to
- load. The dhcp-match sets the gpxe tag for requests from gPXE.
- dhcp-match=gpxe,175 gPXE sends a 175 option.
- dhcp-boot=net:gpxe,undionly.kpxe
- dhcp-boot=mybootimage
- Encapsulated options for Etherboot gPXE. All the options are
- encapsulated within option 175
- dhcp-option=encap:175, 1, 5b priority code
- dhcp-option=encap:175, 176, 1b no-proxydhcp
- dhcp-option=encap:175, 177, string bus-id
- dhcp-option=encap:175, 189, 1b BIOS drive code
- dhcp-option=encap:175, 190, user iSCSI username
- dhcp-option=encap:175, 191, pass iSCSI password
- Test for the architecture of a netboot client. PXE clients are
- supposed to send their architecture as option 93. (See RFC 4578)
- dhcp-match=peecees, option:client-arch, 0 x86-32
- dhcp-match=itanics, option:client-arch, 2 IA64
- dhcp-match=hammers, option:client-arch, 6 x86-64
- dhcp-match=mactels, option:client-arch, 7 EFI x86-64
- Do real PXE, rather than just booting a single file, this is an
- alternative to dhcp-boot.
- pxe-prompt="What system shall I netboot?"
- or with timeout before first available action is taken:
- pxe-prompt="Press F8 for menu.", 60
- Available boot services. for PXE.
- pxe-service=x86PC, "Boot from local disk", 0
- Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
- pxe-service=x86PC, "Install Linux", pxelinux
- Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
- Beware this fails on old PXE ROMS.
- pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
- Use bootserver on network, found my multicast or broadcast.
- pxe-service=x86PC, "Install windows from RIS server", 1
- Use bootserver at a known IP address.
- pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
- If you have multicast-FTP available,
- information for that can be passed in a similar way using options 1
- to 5. See page 19 of
- http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
- Enable dnsmasq's built-in TFTP server
- enable-tftp
- Set the root directory for files availble via FTP.
- tftp-root=/var/ftpd
- Make the TFTP server more secure: with this set, only files owned by
- the user dnsmasq is running as will be send over the net.
- tftp-secure
- Set the boot file name only when the "red" tag is set.
- dhcp-boot=net:red,pxelinux.red-net
- An example of dhcp-boot with an external TFTP server: the name and IP
- address of the server are given after the filename.
- Can fail with old PXE ROMS. Overridden by --pxe-service.
- dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
- Set the limit on DHCP leases, the default is 150
- 根据配置的subnet来配置这个值,这个就是dhcp分配的ip池
- dhcp-lease-max=150
- The DHCP server needs somewhere on disk to keep its lease database.
- This defaults to a sane location, but if you want to change it, use
- the line below.
- 查看dhcp的log
- dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
- Set the DHCP server to authoritative mode. In this mode it will barge in
- and take over the lease for any client which broadcasts on the network,
- whether it has a record of the lease or not. This avoids long timeouts
- when a machine wakes up on a new network. DO NOT enable this if there's
- the slighest chance that you might end up accidentally configuring a DHCP
- server for your campus/company accidentally. The ISC server uses
- the same option, and this URL provides more information:
- http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
- dhcp-authoritative
- Run an executable when a DHCP lease is created or destroyed.
- The arguments sent to the script are "add" or "del",
- then the MAC address, the IP address and finally the hostname
- if there is one.
- dhcp-script=/bin/echo
- Set the cachesize here.
- 配置dns缓存池的大小,默认150,嘛设置个1000也无所谓
- cache-size=150
- If you want to disable negative caching, uncomment this.
- no-negcache
- Normally responses which come form /etc/hosts and the DHCP lease
- file have Time-To-Live set as zero, which conventionally means
- do not cache further. If you are happy to trade lower load on the
- server for potentially stale date, you can set a time-to-live (in
- seconds) here.
- local-ttl=
- If you want dnsmasq to detect attempts by Verisign to send queries
- to unregistered .com and .net hosts to its sitefinder service and
- have dnsmasq instead return the correct NXDOMAIN response, uncomment
- this line. You can add similar lines to do the same for other
- registries which have implemented wildcard A records.
- 防止dns污染,极端情况下,绑定nxdomain有助于帮助我们减少或者避免dns解析被污染。详情自行google查询。
- bogus-nxdomain=64.94.110.11
- If you want to fix up DNS results from upstream servers, use the
- alias option. This only works for IPv4.
- This alias makes a result of 1.2.3.4 appear as 5.6.7.8
- alias=1.2.3.4,5.6.7.8
- and this maps 1.2.3.x to 5.6.7.x
- alias=1.2.3.0,5.6.7.0,255.255.255.0
- and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
- alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
- Change these lines if you want dnsmasq to serve MX records.
- Return an MX record named "maildomain.com" with target
- servermachine.com and preference 50
- mx-host=maildomain.com,servermachine.com,50
- Set the default target for MX records created using the localmx option.
- mx-target=servermachine.com
- Return an MX record pointing to the mx-target for all local
- machines.
- localmx
- Return an MX record pointing to itself for all local machines.
- selfmx
- Change the following lines if you want dnsmasq to serve SRV
- records. These are useful if you want to serve ldap requests for
- Active Directory and other windows-originated DNS requests.
- See RFC 2782.
- You may add multiple srv-host lines.
- The fields are <name>,<target>,<port>,<priority>,<weight>
- If the domain part if missing from the name (so that is just has the
- service and protocol sections) then the domain given by the domain=
- config option is used. (Note that expand-hosts does not need to be
- set for this to work.)
- A SRV record sending LDAP for the example.com domain to
- ldapserver.example.com port 289
- srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
- A SRV record sending LDAP for the example.com domain to
- ldapserver.example.com port 289 (using domain=)
- domain=example.com
- srv-host=_ldap._tcp,ldapserver.example.com,389
- Two SRV records for LDAP, each with different priorities
- srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
- srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
- A SRV record indicating that there is no LDAP server for the domain
- example.com
- srv-host=_ldap._tcp.example.com
- The following line shows how to make dnsmasq serve an arbitrary PTR
- record. This is useful for DNS-SD. (Note that the
- domain-name expansion done for SRV records _does_not
- occur for PTR records.)
- ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
- Change the following lines to enable dnsmasq to serve TXT records.
- These are used for things like SPF and zeroconf. (Note that the
- domain-name expansion done for SRV records _does_not
- occur for TXT records.)
- Example SPF.
- txt-record=example.com,"v=spf1 a -all"
- Example zeroconf
- txt-record=_http._tcp.example.com,name=value,paper=A4
- Provide an alias for a "local" DNS name. Note that this only works
- for targets which are names from DHCP or /etc/hosts. Give host
- "bert" another name, bertrand
- cname=bertand,bert
- For debugging purposes, log each DNS query as it passes through
- dnsmasq.
- 打开dns 的log
- log-queries
- Log lots of extra information about DHCP transactions.
- 打开dhcp log
- log-dhcp
- Include a another lot of configuration options.
- conf-file=/etc/dnsmasq.more.conf
- conf-dir=/etc/dnsmasq.d
复制代码 声明本帖转自链接:http://www.jianshu.com/p/71ccc79aaa9e
作者:天堂未必在前方
來源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
|