个人工具

“UbuntuHelp:Dnsmasq”的版本间的差异

来自Ubuntu中文

跳转至: 导航, 搜索
(新页面: {{From|https://help.ubuntu.com/community/Dnsmasq}} {{Languages|UbuntuHelp:Dnsmasq}} ==== Worth a note here: ==== I didn't use dnsmasq for its dhcp - I used it for its dns. If dhcp help ad...)
 
Local DNS Cache
 
(未显示1个用户的10个中间版本)
第1行: 第1行:
 
{{From|https://help.ubuntu.com/community/Dnsmasq}}
 
{{From|https://help.ubuntu.com/community/Dnsmasq}}
 
{{Languages|UbuntuHelp:Dnsmasq}}
 
{{Languages|UbuntuHelp:Dnsmasq}}
==== Worth a note here: ====
+
== Introduction ==
I didn't use dnsmasq for its dhcp - I used it for its dns. If dhcp help added would be A Good Thing, just let me know and I'll work it out :)
+
DNSmasq provides two services, either of which can be used independently.
 
+
* DNS service
Note from Ubuntu:HervéFache: you can find additional information on how to setup Dnsmasq on the UbuntuWirelessRouter page.
+
* DHCP service (including features relating to network boot)
 
+
A local DNS cache can speed up internet browsing because the user's browser will not need to access a domain name server when it looks up a domain name the computer has visited before.
=== Preparation ===
+
DHCP allows the user's computer to allocate network addresses to other computers on the wired or wireless network. A computer needs a unique network address in order to do access the internet.
 
+
DNSmasq is not designed for so-called "Internet Connection Sharing," however, it does provide a lot of the services needed in the background. With DNSmasq set up, only two additional commands can set up internet connection sharing (ref?).
First we are going to do something seemingly unrelated - we will make a new resolv.conf, but call it '/etc/nameservers' (the filename is arbitary, but seemed like a good choice).
+
Note that the package "dnsmasq" interferes with Network Manager which can use "dnsmasq-base" to provide DHCP services when sharing an internet connection. Therefore, if you use network manager (fine in simple set-ups only), then install dnsmasq-base, but not dnsmasq. If you have a more complicated set-up, uninstall network manager, use dnsmasq, or similar software (bind9, dhcpd, etc), and configure things by hand.
To do this, open a terminal, and run 'host' on your ISP's nameservers (mine are just below)
+
=== Setup for dnsmasq ===
 +
Like much of the Ubuntu packages, dnsmasq is in universe. Make sure its enabled, then run these commands
 
<pre><nowiki>
 
<pre><nowiki>
kgoetz@server:~$ host ns1.on.net
+
$ sudo apt-get install dnsmasq
ns1.on.net has address 216.200.145.64
+
kgoetz@server:~$ host ns2.on.net
+
ns2.on.net has address 192.231.203.2
+
kgoetz@server:~$ host ns3.on.net
+
ns3.on.net has address 192.83.231.19
+
kgoetz@server:~$ host ns4.on.net
+
ns4.on.net has address 192.231.203.3
+
 
</nowiki></pre>
 
</nowiki></pre>
 
+
dnsmasq can be configured by editing the file
Now takes those lines, and add them to /etc/nameservers
+
In a terminal
+
 
<pre><nowiki>
 
<pre><nowiki>
sudo vi /etc/nameservers
+
$ /etc/dnsmasq.conf
 
</nowiki></pre>
 
</nowiki></pre>
 
+
=== Local DNS Cache ===
and in that file paste lines like to these, but using the output you got above.
+
A DNS server resolves human readable domain names into IP addresses. For example, when one requests ubuntu.com, the DNS server finds the IP address for ubuntu.com .  One can run a DNS cache on a computer via the steps below. This will shorten the time required to look up domain names when browsing. The difference in time is on the order of hundreds of milliseconds.
 +
After dnsmasq has been installed, use the text editor of choice, such as nano or vim to edit:
 
<pre><nowiki>
 
<pre><nowiki>
nameserver 216.200.145.64
+
/etc/dnsmasq.conf
nameserver 192.231.203.2
+
nameserver 192.83.231.19
+
nameserver 192.231.203.3
+
 
</nowiki></pre>
 
</nowiki></pre>
If you dont have 4 thats fine, but more nameservers=less chance of failure.
+
Note: in order to save modifications, the editor must be run with higher permissions, i.e. sudo.
 
+
Change the line that looks like (should be around line 90):
Having done that, we can move on to the actual install
+
 
+
=== Setup for dnsmasq ===
+
 
+
Like much of the Ubuntu packages, dnsmasq is in universe. Make sure its enabled, then run these commands
+
 
<pre><nowiki>
 
<pre><nowiki>
sudo apt-get update
+
#listen-address=
sudo apt-get install dnsmasq
+
 
</nowiki></pre>
 
</nowiki></pre>
 
+
to,
On the first page of options is one to "... filter useless windows-originated DNS requests which can trigger dial-on-demand links needlessly."
+
If your in that situation, you might want to uncomment `filterwin2k`.
+
 
+
How about making use of that file we made before?
+
Uncomment the next option in the config file, and add your nameserver file to the end.
+
`resolv-file=/etc/nameservers`
+
Now we can be sure our nameserver is getting its dns from a trusted upstream source, and isnt going to go walkabout.
+
 
+
Now we dont need to really worry about any settings untill we get down to "# Add domains which you want to force to an IP address here.". This one is fun, as we can point any dns request that comes in to any ip we want. In the mood to spread Ubuntu love? How about all requests to Microsoft.com go... astray? All we need is this option and an ip to redirect to.
+
 
<pre><nowiki>
 
<pre><nowiki>
address=/microsoft.com/82.211.81.166
+
listen-address=127.0.0.1
 
</nowiki></pre>
 
</nowiki></pre>
 
+
Now, edit the file
With this line added to your dnsmasq, visits to Microsoft are a thing of the past. ( Its now pointing to ubuntulinux.org ;) )
+
<pre><nowiki>
 
+
/etc/dhcp3/dhclient.conf
Heres my current list, perhaps it will grow as needed:
+
</nowiki></pre>
 +
Make sure that around line 20 looks like the following:
 +
<pre><nowiki>
 +
#supersede domain-name "fugue.com home.vix.com";
 +
prepend domain-name-servers 127.0.0.1;
 +
request subnet-mask, broadcast-address, time-offset, routers,
 +
domain-name, domain-name-servers, host-name,
 +
netbios-name-servers, netbios-scope;
 +
</nowiki></pre>
 +
The <code><nowiki>prepend domain-name-servers 127.0.0.1;</nowiki></code> is the important part of the configuration.  Adding the <code><nowiki>prepend</nowiki></code> option ensures that <code><nowiki>127.0.0.1</nowiki></code> will appear on the top of the list of DNS servers. <code><nowiki>127.0.0.1</nowiki></code> refers to the user's own computer. Whenever the user's computer needs to resolve a domain name, it will forward that request to dnsmasq (which is running at <code><nowiki>127.0.0.1</nowiki></code>).
 +
Now, edit the file:
 +
<pre><nowiki>
 +
/etc/resolv.conf
 +
</nowiki></pre>
 +
The file should look something like this,
 +
<pre><nowiki>
 +
search yourisp.com
 +
nameserver 192.168.0.1
 +
nameserver 205.171.3.25
 +
nameserver 205.171.3.26
 +
</nowiki></pre>
 +
Don't worry if the above listed nameserver numbers are not the same as what appear in the text editor.  But be sure to add the user's computer as a nameserver at the top of the list:
 +
<pre><nowiki>
 +
search yourisp.com
 +
nameserver 127.0.0.1
 +
nameserver 192.168.0.1
 +
nameserver 205.171.3.25
 +
nameserver 205.171.3.26
 +
</nowiki></pre>
 +
All that is left is to restart dnsmasq so that the changes we made to the configuration file come into effect. We do that via the command:
 +
<pre><nowiki>
 +
$ sudo /etc/init.d/dnsmasq restart
 +
</nowiki></pre>
 +
Now there is a DNS cache set up on the user's computer.  To see the difference in speed, we can make use of the <code><nowiki>dig</nowiki></code> command twice on our test website:
 +
<pre><nowiki>
 +
$ dig ubuntu.com
 +
</nowiki></pre>
 +
The first time this happens, the output will look like:
 +
<pre><nowiki>
 +
;; Query time: 117 msec
 +
</nowiki></pre>
 +
The second time will look like:
 
<pre><nowiki>
 
<pre><nowiki>
address=/doubleclick.net/192.168.0.2
+
;; Query time: 0 msec
address=/googlesyndication.com/192.168.0.2
+
address=/google-analytics.com/192.168.0.2
+
address=/googleadservices.com/192.168.0.2
+
address=/decideinteractive.com/192.168.0.2
+
  
# Not blocking redirects (google.com -> google.com.au)
 
address=/google.com/216.239.39.104
 
 
</nowiki></pre>
 
</nowiki></pre>
  
Its a short list, mainly because with stuff like [[UbuntuHelp:Privoxy|privoxy installed]] there isn't much call for a long one. This is just to weed out servers that privoxy misses, you dont want people visiting, or to put in simple redirects :)
+
=== Special Cases ===
 
+
* On a LAN, e.g. business or university. One does not want to provide name service or DHCP for a thousand colleagues, so add the line:
Heading down a few lines and we are looking at the interface line. This specifies which Ethernet device to bind to (`eth0`, `eth1` etc), or if you would rather you can use the bind-address just below it and bind it to an IP instead (`127.0.0.1`, `192.168.0.1`, 10.0.1.254`, etc).
+
<code><nowiki>except-interface=eth0</nowiki></code> if eth0 is the user's internet/LAN connected interface.
 
+
* Add DHCP server:
=== Guess what? We just finished! ===
+
<code><nowiki>dhcp-range=192.168.0.20,192.168.0.254,255.255.255.0</nowiki></code>
 
+
This range must not clash with your LAN IP address.
Save and exit the file, restart the daemon and you should be running.
+
Save and exit the file, restart the daemon:
 
<pre><nowiki>
 
<pre><nowiki>
sudo /etc/init.d/dnsmasq restart
+
sudo invoke-rc.d dnsmasq restart
 
</nowiki></pre>
 
</nowiki></pre>
 
+
DNSmasq is now listening on some interfaces for DNS lookups and/or DHCP requests. One can verify this by running:
The last thing that has to be done is editing your resolv.conf to point to the IP address of dnsmasq - this is the last option you set, so I hope you still remember it :)
+
<pre><nowiki>
 +
netstat -ltp
 +
# -l = listen, -t = tcp, -p = show program name
 +
</nowiki></pre>
 +
The user can add the line:
 +
<code><nowiki>nameserver 127.0.0.1</nowiki></code> to the top of your /etc/resolv.conf file to use the local DNS cache first.
 +
Alternatively, the package '''resolvconf''' sorts all this out automatically.
 +
{i} '''Note:''' If you have the resolvconf package installed, you cannot use the "`resolv-file=`" option in your `/etc/dnsmasq.conf` configuration file as this value will be overridden by the `init.d` script when dnsmasq is started up. You should specify your upstream DNS servers using a `dns-nameservers` line (and optionally a dns-search line and other dns- options) for each interface in `/etc/network/interfaces`. The resolvconf scripts will automatically create a special file located at `/var/run/dnsmasq/resolv.conf` with your upstream servers and put `127.0.0.1` in `/etc/resolv.conf` to ensure DNS queries on your local machine use dnsmasq. For more information, see the resolvconf(8) man page.
 +
=== UFW ===
 +
Unlike the ISC DHCP server which "... in some configurations bypasses the kernel firewall rules entirely" - http://thekelleys.org.uk/dnsmasq/docs/FAQ
 +
- for dnsmasq to work, iptables mustn't block the DHCP port
 +
<pre><nowiki>
 +
$ sudo ufw allow bootps
 +
</nowiki></pre>
 +
^ This command will cause UFW to open the DHCP port, called bootps in /etc/services
 
----
 
----
[[category:CategoryDocumentation]]
+
[[category:CategoryNetworking]]
  
 
[[category:UbuntuHelp]]
 
[[category:UbuntuHelp]]

2013年9月2日 (一) 10:35的最新版本

Introduction

DNSmasq provides two services, either of which can be used independently.

  • DNS service
  • DHCP service (including features relating to network boot)

A local DNS cache can speed up internet browsing because the user's browser will not need to access a domain name server when it looks up a domain name the computer has visited before. DHCP allows the user's computer to allocate network addresses to other computers on the wired or wireless network. A computer needs a unique network address in order to do access the internet. DNSmasq is not designed for so-called "Internet Connection Sharing," however, it does provide a lot of the services needed in the background. With DNSmasq set up, only two additional commands can set up internet connection sharing (ref?). Note that the package "dnsmasq" interferes with Network Manager which can use "dnsmasq-base" to provide DHCP services when sharing an internet connection. Therefore, if you use network manager (fine in simple set-ups only), then install dnsmasq-base, but not dnsmasq. If you have a more complicated set-up, uninstall network manager, use dnsmasq, or similar software (bind9, dhcpd, etc), and configure things by hand.

Setup for dnsmasq

Like much of the Ubuntu packages, dnsmasq is in universe. Make sure its enabled, then run these commands

$ sudo apt-get install dnsmasq

dnsmasq can be configured by editing the file

$ /etc/dnsmasq.conf

Local DNS Cache

A DNS server resolves human readable domain names into IP addresses. For example, when one requests ubuntu.com, the DNS server finds the IP address for ubuntu.com . One can run a DNS cache on a computer via the steps below. This will shorten the time required to look up domain names when browsing. The difference in time is on the order of hundreds of milliseconds. After dnsmasq has been installed, use the text editor of choice, such as nano or vim to edit:

/etc/dnsmasq.conf

Note: in order to save modifications, the editor must be run with higher permissions, i.e. sudo. Change the line that looks like (should be around line 90):

#listen-address=

to,

listen-address=127.0.0.1

Now, edit the file

/etc/dhcp3/dhclient.conf

Make sure that around line 20 looks like the following:

#supersede domain-name "fugue.com home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope;

The prepend domain-name-servers 127.0.0.1; is the important part of the configuration. Adding the prepend option ensures that 127.0.0.1 will appear on the top of the list of DNS servers. 127.0.0.1 refers to the user's own computer. Whenever the user's computer needs to resolve a domain name, it will forward that request to dnsmasq (which is running at 127.0.0.1). Now, edit the file:

/etc/resolv.conf

The file should look something like this,

search yourisp.com
nameserver 192.168.0.1
nameserver 205.171.3.25
nameserver 205.171.3.26

Don't worry if the above listed nameserver numbers are not the same as what appear in the text editor. But be sure to add the user's computer as a nameserver at the top of the list:

search yourisp.com
nameserver 127.0.0.1
nameserver 192.168.0.1
nameserver 205.171.3.25
nameserver 205.171.3.26

All that is left is to restart dnsmasq so that the changes we made to the configuration file come into effect. We do that via the command:

$ sudo /etc/init.d/dnsmasq restart

Now there is a DNS cache set up on the user's computer. To see the difference in speed, we can make use of the dig command twice on our test website:

$ dig ubuntu.com

The first time this happens, the output will look like:

;; Query time: 117 msec

The second time will look like:

;; Query time: 0 msec

Special Cases

  • On a LAN, e.g. business or university. One does not want to provide name service or DHCP for a thousand colleagues, so add the line:

except-interface=eth0 if eth0 is the user's internet/LAN connected interface.

  • Add DHCP server:

dhcp-range=192.168.0.20,192.168.0.254,255.255.255.0 This range must not clash with your LAN IP address. Save and exit the file, restart the daemon:

sudo invoke-rc.d dnsmasq restart

DNSmasq is now listening on some interfaces for DNS lookups and/or DHCP requests. One can verify this by running:

netstat -ltp
# -l = listen, -t = tcp, -p = show program name

The user can add the line: nameserver 127.0.0.1 to the top of your /etc/resolv.conf file to use the local DNS cache first. Alternatively, the package resolvconf sorts all this out automatically. {i} Note: If you have the resolvconf package installed, you cannot use the "`resolv-file=`" option in your `/etc/dnsmasq.conf` configuration file as this value will be overridden by the `init.d` script when dnsmasq is started up. You should specify your upstream DNS servers using a `dns-nameservers` line (and optionally a dns-search line and other dns- options) for each interface in `/etc/network/interfaces`. The resolvconf scripts will automatically create a special file located at `/var/run/dnsmasq/resolv.conf` with your upstream servers and put `127.0.0.1` in `/etc/resolv.conf` to ensure DNS queries on your local machine use dnsmasq. For more information, see the resolvconf(8) man page.

UFW

Unlike the ISC DHCP server which "... in some configurations bypasses the kernel firewall rules entirely" - http://thekelleys.org.uk/dnsmasq/docs/FAQ - for dnsmasq to work, iptables mustn't block the DHCP port

$ sudo ufw allow bootps

^ This command will cause UFW to open the DHCP port, called bootps in /etc/services