Linux安装DNSmasq搭建自己的公共DNS

/ 0评 / 0

DNSmasq是一个小巧且方便地用于配置DNS和DHCP的工具,适用于小型网络,它提供了DNS功能和可选择的DHCP功能。自己搭建公共DNS更加灵活,如果是在本地搭建,还可以大幅提高解析速度。

安装DNSmasq

可以下载软件包编译安装,不过一般Linux软件仓库已经提供了DNSmasq,相关命令如下:

<span class="hljs-comment"><span class="com">#centos安装</span></span><span class="pln">
yum </span><span class="pun">-</span><span class="pln">y install dnsmasq
</span><span class="hljs-comment"><span class="com">#如果是ubuntu系统</span></span><span class="pln">
apt</span><span class="pun">-</span><span class="kwd">get</span> <span class="pun">-</span><span class="pln">y install dnsmasq</span>

配置DNSmasq

DNSmasq配置文件再/etc/dnsmasq.conf,我们需要修改几个参数,分别为:

我们来整理下上面我们修改了那些配置内容

<span class="hljs-comment"><span class="com">#需要新建一个resolv.dnsmasq.conf文件,这个是配置上游DNS,也就是真正的公共DNS</span></span><span class="pln">
vi </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">resolv</span><span class="pun">.</span><span class="pln">dnsmasq</span><span class="pun">.</span><span class="pln">conf
</span><span class="hljs-comment"><span class="com">#内容如下</span></span><span class="pln">
nameserver </span><span class="lit">119.29</span><span class="pun">.</span><span class="lit">29.29</span><span class="pln">
nameserver </span><span class="lit">1.2</span><span class="pun">.</span><span class="lit">4.8</span>
<span class="hljs-comment"><span class="com">#修改/etc/dnsmasq.conf</span></span>
<span class="hljs-comment"><span class="com">#上游DNS路径</span></span><span class="pln">
resolv</span><span class="pun">-</span><span class="pln">file</span><span class="pun">=</span><span class="str">/etc/</span><span class="pln">resolv</span><span class="pun">.</span><span class="pln">dnsmasq</span><span class="pun">.</span><span class="pln">conf
</span><span class="hljs-comment"><span class="com">#取消strict-order注释</span></span><span class="pln">
strict</span><span class="pun">-</span><span class="pln">order
</span><span class="hljs-comment"><span class="com">#监听地址,改成自己服务器公网IP</span></span><span class="pln">
listen</span><span class="pun">-</span><span class="pln">address</span><span class="pun">=</span><span class="lit">127.0</span><span class="pun">.</span><span class="lit">0.1</span>

使用方法

DNSmasq可以设置不同的域名指定不同的DNS进行解析,修改/etc/dnsmasq.conf文件即可,若不对域名设置DNS,则从上游DNS获取记录。

<span class="hljs-comment"><span class="com">#指定淘宝使用114 DNS进行解析</span></span><span class="pln">
server</span><span class="pun">=</span><span class="str">/taobao.com/</span><span class="lit">114.114</span><span class="pun">.</span><span class="lit">114.114</span>
<span class="hljs-comment"><span class="com">#google指定8.8.8.8进行解析</span></span><span class="pln">
server</span><span class="pun">=</span><span class="str">/google.com/</span><span class="lit">8.8</span><span class="pun">.</span><span class="lit">8.8</span>

也可以对指定的域名进行解析,相当于就是本地hosts指向,可以利用这个功能实现广告屏蔽等效果。也是需要修改/etc/dnsmasq.conf文件,DNSmasq也可以对域名进行泛解析,填写*.xiaoz.me,这样的格式即可。

<span class="hljs-comment"><span class="com">#将广告域名指向到127.0.0.1实现广告屏蔽</span></span><span class="pln">
address</span><span class="pun">=</span><span class="str">/ad.youku.com/</span><span class="lit">127.0</span><span class="pun">.</span><span class="lit">0.1</span><span class="pln">
address</span><span class="pun">=</span><span class="str">/ad.iqiyi.com/</span><span class="lit">127.0</span><span class="pun">.</span><span class="lit">0.1</span>
<span class="hljs-comment"><span class="com">#对xiaoz.me进行泛解析</span></span><span class="pln">
address</span><span class="pun">=</span><span class="com">/*.xiaoz.me/192.168.20.138</span>

启动与测试

<span class="hljs-comment"><span class="com">#启动</span></span>
<span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">init</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">dnsmasq start
</span><span class="hljs-comment"><span class="com">#停止</span></span>
<span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">init</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">dnsmasq stop
</span><span class="hljs-comment"><span class="com">#重新启动</span></span>
<span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">init</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">dnsmasq restart</span>

比如我在本地一台Linux服务器(192.168.20.127)安装了DNSmasq,并在局域网内其它PC将DNS配置为192.168.20.127,使用dig命令进行测试,第一次查询相对较长,第二次几乎再10ms内,如下截图。

总结

如果是在内网搭建DNSmasq,不仅可以提高解析速度,还可以有效的防止DNS劫持,实现屏蔽广告等作用。如果是在公网搭建DNSmasq,还可以对指定的域名解析hosts指向,从而避免DNS污染,实现fq

如果您发现DNSmasq启动正常,但就是无法解析,请注意防火墙是否放行tcp/upd 53端口。

发表评论