掌柜
dnsmasq部署与配置
09/25
本文最后更新于2023年07月07日,已超过503天没有更新。如果文章内容或图片资源失效,请留言反馈,我会及时处理,谢谢!
环境说明
| 角色 | 主机名 | IP | 系统版本 |
|---|---|---|---|
| dns主服务器 | sy-gmh-app-vm41.shaoyan.pro | 192.168.168.41 | CentOS Linux release 7.6.1810 (Core) |
| dns备用服务器 | sy-gmh-app-vm42.shaoyan.pro | 192.168.168.42 | CentOS Linux release 7.6.1810 (Core) |
安装和配置dnsmasq
# 安装
[root@sy-gmh-app-vm41:~]# yum install dnsmasq deltarpm bind-utils -y
# 配置
[root@sy-gmh-app-vm41:~]# egrep -v "#|^$" /etc/dnsmasq.conf
listen-address=192.168.168.41
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
[root@sy-gmh-app-vm41:~]# cat /etc/dnsmasq.d/hosts
address=/sy-gmh-sa-vm3.shaoyan.pro/192.168.168.3
# 启动服务
[root@sy-gmh-app-vm41:~]# systemctl start dnsmasq
[root@sy-gmh-app-vm41:~]# systemctl enable dnsmasq
Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.
# 放行内网端口
[root@sy-gmh-app-vm41:~]# iptables -I INPUT -s 192.168.168.0./24 -p udp -m udp -j ACCEPT
[root@sy-gmh-app-vm41:~]# iptables -I INPUT -s 192.168.168.0./24 -p tcp -m tcp -j ACCEPT
[root@sy-gmh-app-vm41:~]# service iptables save测试效果
[root@sy-gmh-test-vm21:~]# yum install bind-utils -y
[root@sy-gmh-test-vm21:~]# ping sy-gmh-sa-vm3.shaoyan.pro
PING sy-gmh-sa-vm3.shaoyan.pro (192.168.168.3) 56(84) bytes of data.
64 bytes from 192.168.168.3 (192.168.168.3): icmp_seq=1 ttl=64 time=0.388 ms
64 bytes from 192.168.168.3 (192.168.168.3): icmp_seq=2 ttl=64 time=1.91 ms
64 bytes from 192.168.168.3 (192.168.168.3): icmp_seq=3 ttl=64 time=0.871 ms
64 bytes from 192.168.168.3 (192.168.168.3): icmp_seq=4 ttl=64 time=0.906 ms
^C
--- sy-gmh-sa-vm3.shaoyan.pro ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.388/1.021/1.919/0.557 ms
[root@sy-gmh-test-vm21:~]# dig sy-gmh-sa-vm3.shaoyan.pro
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> sy-gmh-sa-vm3.shaoyan.pro
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20344
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;sy-gmh-sa-vm3.shaoyan.pro. IN A
;; ANSWER SECTION:
sy-gmh-sa-vm3.shaoyan.pro. 0 IN A 192.168.168.3
;; Query time: 1 msec
;; SERVER: 192.168.168.41#53(192.168.168.41)
;; WHEN: 二 6月 25 09:28:23 CST 2019
;; MSG SIZE rcvd: 59
同步配置到备用服务器
# 生成公钥,拷贝公钥到sy-gmh-app-vm41.shaoyan.pro
[root@sy-gmh-app-vm42:~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:97LIORWYoxjp7K0Vbbk3z+LyGdDwOLLvU3unO6Xsc2I root@sy-gmh-app-vm42.shaoyan.pro
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| . .o |
| o .+*. |
| o oo.S.+. |
| + .= =o. . |
| . .o .o=o.o |
| ...o++oOE o |
| .. .**==*O |
+----[SHA256]-----+
[root@sy-gmh-app-vm42:~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzD1NHiTMnOaj0AtL0uxTOhaoyQGDdd9hAMql9rHN2WvDPOXxiK+JqeN3i8rbtVrvA0uIg0rDPbFYJvyC+g6NEmPzeppkdgyY1xCanG0Z1FJECB4xO0rzLH8qxEAwXE+LYPJkq+2vGJwN/fcOWTqihl4fSSAYwdErhzJ2T356ia6GaRjKVp7llqBoJJewdjFdTpELfyL1jqV3a5pybKKpoEavbzfqgvp008gH3DoUHtuSlG1zBzmNaQ1NqEn3uIsADwFdccVCZh9FL4+8Zy8t3fgSuj348ny3L4rgfowtvJD45qesj+HSztA2fCOjKEa85U0bJ6VQtSeZw+HJh73Kl root@sy-gmh-app-vm42.shaoyan.pro
[root@sy-gmh-app-vm41:~]# tail -1 .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzD1NHiTMnOaj0AtL0uxTOhaoyQGDdd9hAMql9rHN2WvDPOXxiK+JqeN3i8rbtVrvA0uIg0rDPbFYJvyC+g6NEmPzeppkdgyY1xCanG0Z1FJECB4xO0rzLH8qxEAwXE+LYPJkq+2vGJwN/fcOWTqihl4fSSAYwdErhzJ2T356ia6GaRjKVp7llqBoJJewdjFdTpELfyL1jqV3a5pybKKpoEavbzfqgvp008gH3DoUHtuSlG1zBzmNaQ1NqEn3uIsADwFdccVCZh9FL4+8Zy8t3fgSuj348ny3L4rgfowtvJD45qesj+HSztA2fCOjKEa85U0bJ6VQtSeZw+HJh73Kl root@sy-gmh-app-vm42.shaoyan.pro定时拉取配置
[root@sy-gmh-app-vm42:/data/sh]# cat rsync_dnsmasq_hosts_conf.sh
#!/bin/sh
rsync -avzP -e "ssh -p 12080" 192.168.168.41:/etc/dnsmasq.d/hosts /etc/dnsmasq.d/
systemctl restart dnsmasq
[root@sy-gmh-app-vm42:/data/sh]# chmod +x rsync_dnsmasq_hosts_conf.sh
[root@sy-gmh-app-vm42:/data/sh]# sh rsync_dnsmasq_hosts_conf.sh
receiving incremental file list
sent 20 bytes received 44 bytes 128.00 bytes/sec
total size is 49 speedup is 0.77
[root@sy-gmh-app-vm42:/data/sh]# crontab -l
30 1 * * * /bin/bash /data/sh/rsync_dnsmasq_hosts_conf.sh >> /data/sh/rsync_dnsmasq_hosts_conf.log
