PCの台数が増えてくると ip を覚えるのも難しくなってきます。
そこで、dnsmasq を使って内部DNSサーバを立てることにしました。
目次
dnsmasq
dnsmasq はシンプルな DNS サーバです。
今回は、内部向けの名前解決に利用します。
また、外部サーバへの問い合わせについてはフォワード(リゾルバ)で対応します。
base on Dnsmasq - Wikipedia
Dnsmasqは軽量で比較的容易に設定できるDNSサーバのフォワーダとDHCPサーバをもつソフトウェアである。
環境
種別 | 概要 | 備考 |
---|---|---|
OS | Armbian Stretch | mainline kernel 4.19.y |
Hardware | NanoPi NEO | Model: 512MB |
dnsmasq | 2.76-5+deb9u2 | Small caching DNS proxy and DHCP/TFTP server |
# cat /etc/issue
Debian GNU/Linux 9 \n \l
# cat /etc/debian_version
9.8
導入
パッケージ dnsmasq をインストールします。
# apt install dnsmasq
The following NEW packages will be installed:
dnsmasq dnsmasq-base
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
設定
リゾルバ
NetworkManager 設定
resolv.conf の DNS 設定を NetworkManager に上書きされないように「dns=none」を追記します。
※DHCPなどでDNS情報を取得すると、追記した手動設定を上書きしてしまうため。
# diff -u /root/NetworkManager.conf /etc/NetworkManager/NetworkManager.conf
--- /root/NetworkManager.conf 2019-04-17 04:46:57.080643479 +0000
+++ /etc/NetworkManager/NetworkManager.conf 2019-04-17 08:26:27.191947269 +0000
@@ -1,5 +1,5 @@
[main]
-dns=default
+dns=none
rc-manager=file
plugins=ifupdown,keyfile
権威 DNS サーバの指定
問い合わせに利用する上位の DNS サーバを指定します。
※ただ、この設定はクライアントには適用されないようです(ローカルでのみの利用であれば問題ない)。
# diff -u /root/resolv.conf /etc/resolv.conf
--- /root/resolv.conf 2019-04-14 14:39:31.924056049 +0000
+++ /etc/resolv.conf 2019-04-17 08:26:50.406944217 +0000
@@ -2,7 +2,3 @@
search flets-east.jp iptvf.jp
nameserver 8.8.8.8
nameserver 8.8.4.4
-nameserver 2404:1a8:xxxx:xxxx::xxxx
-# NOTE: the libc resolver may not support more than 3 nameservers.
-# The nameservers listed below may not be recognized.
-nameserver 2404:1a8:xxxx:xxxx::xxxx
dnsmasq 設定
必要に応じて、ログ出力や 外部接続許可などを指定します。
※本当は、resolv-file を使いたいのですが、起動時に OS側で無視するので仕方なく no-resolv を指定して Google Public DNS をハードコーディングしています。
項目 | 下記例 | メモ |
---|---|---|
ドメイン | local.ddd | {マシン名}.local.ddd |
DNSサーバ | 192.168.2.254 |
# diff -u /root/dnsmasq.conf /etc/dnsmasq.conf
--- /root/dnsmasq.conf 2019-04-13 12:11:57.728271453 +0000
+++ /etc/dnsmasq.conf 2019-04-17 12:26:11.916002517 +0000
@@ -16,9 +16,9 @@
# these requests from bringing up the link unnecessarily.
# Never forward plain names (without a dot or domain part)
-#domain-needed
+# ドメイン名のみ上位サーバへ問い合わせる。
+domain-needed
# Never forward addresses in the non-routed address spaces.
-#bogus-priv
+# プライベートIPは上位サーバへ問い合わせしない。
+bogus-priv
# Uncomment these to enable DNSSEC validation and caching:
# (Requires dnsmasq to be built with DNSSEC option.)
@@ -43,19 +43,19 @@
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
-#strict-order
+# resolv.conf 記述のサーバに順番に問い合わせる。
+strict-order
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
-#no-resolv
+# resolv.conf を使用しない。
+no-resolv
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
@@ -63,15 +63,16 @@
# Add other name servers here, with domain specs if they are for
# non-public domains.
-#server=/localnet/192.168.0.1
+# local.ddd ドメインは 192.168.2.254 に問い合わせる。
+server=/local.ddd/192.168.2.254
# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
-#server=/3.168.192.in-addr.arpa/10.1.2.3
+# N/W セグメントから問い合わせるネームサーバを指定する。
+server=/2.168.192.in-addr.arpa/192.168.2.254
+server=8.8.8.8
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
-#local=/localnet/
+# hosts で処理するドメイン名を指定。
+local=/local.ddd/
# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
@@ -103,16 +104,16 @@
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
-#interface=
+# 許可 NIC(クライアントからの接続許可)
+interface=eth0
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP and TFTP on it.
-#no-dhcp-interface=
+# DHCP サービスを無効化。
+no-dhcp-interface=eth0
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
@@ -120,15 +121,15 @@
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
-# running another nameserver on the same machine.
+# running another nameserver on the same macine.
#bind-interfaces
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
-#no-hosts
+# /etc/hosts を参照しない。
+no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
-#addn-hosts=/etc/banner_add_hosts
+# 別途 hosts ファイルを指定。
+addn-hosts=/media/usbmem512mb/banner_add_hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
@@ -650,7 +651,8 @@
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
-#log-queries
+# ログ出力指定。
+log-queries
+log-facility=local0
# Log lots of extra information about DHCP transactions.
#log-dhcp
設定ファイル例
- hosts
addn-hosts=/etc/banner_add_hosts
127.0.0.1 localhost
192.168.2.254 dns.local.ddd dns
192.168.2.253 rn31600.local.ddd rn31600
設定反映
- dnsmasq 再起動
# systemctl restart dnsmasq
- network-manager 再起動
リモート接続の場合、network-manager の再起動は慎重に。
# systemctl restart network-manager