Dnsmasq

From Gentoo Wiki
Jump to: navigation, search
This page is a translated version of the page Dnsmasq and the translation is 28% complete.

Other languages:
English • ‎español • ‎italiano • ‎日本語 • ‎한국어 • ‎русский • ‎中文(中国大陆)‎


Resources

dnsmasq is a simple DHCP/DNS server which can be used in a local network of up to a 1000 clients. Key features are easy configuration and a small system footprint. It also has support for IPv6.

インストール

USE flags

Make a proper USE flag selection:

USE flags for net-dns/dnsmasq Small forwarding DNS server

auth-dns Add support for acting as an authorative DNS server. local
conntrack Add support for Linux conntrack connection marking. local
dbus Enable dbus support for anything that needs it (gpsd, gnomemeeting, etc) global
dhcp Enable support for acting as a DHCP server. local
dhcp-tools Install extra command line tools for manually managing DHCP leases. local
dnssec Enable support DNSSEC validation and caching. local
id Whether report *.bind CHAOS info to clients, otherwise forward such requests upstream instead local
idn Enable support for Internationalized Domain Names global
inotify Enable inotify filesystem monitoring support global
ipv6 Add support for IP version 6 global
libidn2 Enable support for Internationalized Domain Names, via net-dns/libidn2 rather than net-dns/libidn local
lua Enable Lua scripting support global
nls Add Native Language Support (using gettext - GNU locale utilities) global
script Enable support for calling scripts when leases change. local
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur global
static !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically global
tftp Enables built in TFTP server for netbooting. local

Emerge

Next, install the net-dns/dnsmasq package:

root #emerge --ask net-dns/dnsmasq

設定

There are various resources that can be modified to change dnsmasq behavior. These include

  • the command line options as provided through /etc/conf.d/dnsmasq
  • the main configuration file (/etc/dnsmasq.conf)

Service

OpenRC

Add dnsmasq to the default runlevel if it needs to be started automatically:

root #rc-update add dnsmasq default

To start the service now:

root #service dnsmasq start

Service configuration

In /etc/conf.d/dnsmasq, the command line options passed on to the dnsmasq daemon at start-up can be configured.

FILE /etc/conf.d/dnsmasqExample dnsmasq service configuration
DNSMASQ_OPTS="--user=dnsmasq --group=dnsmasq -H /srv/virt/gentoo/hosts --max-cache-ttl=10"

Main configuration file

The main configuration of dnsmasq is done through its configuration file, /etc/dnsmasq.conf. The file uses a key[=value] syntax and the one provided by the package is well documented and recommended to read through. Inside the file, or through the command line options, additional resources can be referred to (such as a DHCP hosts file).

Below is a sample configuration file:

FILE /etc/dnsmasq.conf
# Listen only to this interface
interface=eth1
  
# Assign names based on mac address
dhcp-host=00:1e:68:c2:ff:ee,endor,192.168.0.54,24h
  
# Any other DHCP request gets an ip from this range
dhcp-range=eth1,192.168.0.100,192.168.0.120,12h
  
# Enable the TFTP server and set the root directory for files available via TFTP.
enable-tftp
tftp-root=/var/lib/tftpboot
dhcp-boot=/pxelinux.0

After editing the configuration file, the service has to be restarted - reloading is supported, but for other resources.

root #/etc/init.d/dnsmasq restart

Hosts file

The dnsmasq application uses the /etc/hosts file as one of its sources for providing DNS services, unless the -h (--no-hosts) command line argument is passed along.

If the /etc/hosts file is updated, the dnsmasq service needs to receive a SIGHUP signal in order to reload the settings. This is also supported through the init scripts' reload command:

root #/etc/init.d/dnsmasq reload

This behavior can also be disabled through the no-hosts parameter in the configuration file.

Additional hosts file

It is possible to refer to an (additional) hosts file to use as source for DNS queries. To do so, add the -H /path/to/hostsfile (--addn-hosts=/path/to/hostsfile) command line option. It is also possible to pass a directory; in that case, all files inside that directory will be treated as additional hosts files.

Similar to the standard hosts file, a SIGHUP signal reloads the file.

This behavior can also be set through the addn-hosts parameter in the configuration file.

Upstream nameservers

By default, dnsmasq uses the name servers specified in /etc/resolv.conf as its upstream nameservers.

A different file can be used through the -r (--resolv-file) command line option.

This behavior can also be set through the resolv-file parameter in the configuration file.

Features

Dnsmasq supports DNS, TFTP, PXE, router advertisements and DHCP services. As such, it is a versatile network management tool for small and medium-sized networks.

DNS services

In order to (only) provide DNS services, first identify the upstream nameserver to use. If this is the same nameserver as specified in /etc/resolv.conf then no additional steps need to be taken. Otherwise, point dnsmasq to the proper resolv.conf file through the -r (--resolv-file) command line. Its syntax is the one used by the /etc/resolv.conf file, although dnsmasq only looks at the nameserver definitions.

例えば:

root #echo "nameserver 8.8.8.8" >> /etc/dnsmasq.conf.resolv

Next point dnsmasq to this file through the configuration file:

FILE /etc/dnsmasq.confカスタム resolv ファイルの設定
resolv-file=/etc/dnsmasq.conf.resolv

To verify that the service is running (after restarting as the configuration file has just been changed), use the dig command (provided through net-dns/bind-tools), asking the DNS server (running on localhost in the following example) to resolve a local or remote address:

user $dig @localhost +short www.gentoo.org
www-bytemark-v4v6.gentoo.org.
89.16.167.134

DNSSEC

Dnsmasq can validate DNSSEC data while passing through data. This can be accomplished by adding these lines to the config file:

FILE /etc/dnsmasq.confDNSSEC を有効にする
# DNSSEC setup
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
dnssec-check-unsigned

The trusted anchor can be found on the iana.org site. After this change dnsmasq will return SERVFAIL and no DNS data if the validation fails. If the validation succeeds it sets the ad flag. In case the domain does not support DNSSEC dnsmasq behaves as before.

DHCP services

In order to enable the DHCP services of dnsmasq, use the dhcp-range configuration setting.

For instance, to enable IPv6 address configuration through router advertisement (RA) with infinite lease time, and IPv4 address configuration also with infinite lease time:

FILE /etc/dnsmasq.confEnabling IPv6 and IPv4 leases
dhcp-range=2001:db8:81:e2::,ra-only,infinite
dhcp-range=192.168.100.100,192.168.100.149,infinite

It is possible to use static definitions for known hosts, either through the main configuration file (dhcp-host= settings) or through a separate file. If a separate file is used, point dnsmasq to it through the --dhcp-hostsfile command line option. The advantage of the latter approach is that it is sufficient to send a SIGHUP signal (or reload the service) in order to reread the entries, whereas definitions in the configuration file require a full service restart.

For more information about the syntax of the dhcp-host parameter please refer to the manual page or configuration file as its syntax is very extensive.

使い方

This section covers various usage scenarios (maintenance and operational tasks) for the dnsmasq service.

Resetting leases

Clients that had a network interface update which results in a different MAC address might not get the intended IP address immediately. This is because the dnsmasq service has provided this IP address to the old MAC address, and will wait until the lease of this address has expired before re-assigning it.

The dnsmasq service stores its leases in /var/lib/misc/dnsmasq.leases. If the lease needs to be removed faster, shut down the dnsmasq service, remove the lease from the dnsmasq.leases file and start the service again.

root #/etc/init.d/dnsmasq stop
root #nano -w /var/lib/misc/dnsmasq.leases
root #/etc/init.d/dnsmasq start

Reloading non-main configuration settings

Next to the dnsmasq.conf file, the dnsmasq service can use external definitions for the following services:

  • DHCP host configuration entries (through --dhcp-hostsfile command line option)
  • DHCP options (through --dhcp-optsfile command line option)

When these files are modified, a SIGHUP signal has dnsmasq reload these configuration files.

Note
The resolv.conf files are by default polled by dnsmasq; changes on these files are automatically picked up unless the -n (--no-poll) command line option is set or the no-poll configuration parameter is used.