部署DNSMasq实现解析缓存服务

DNSMasq是一个简洁、快速的DNS和DHCP服务器,我们可以使用它为局域网和主机自身提供可靠的DHCPv4、DHCPv6、BOOTP以及PXE服务。
本文将记录一次DNSMasq的部署过程,并由该服务提供Github.com的域名解析。

部署

# 系统更新
yum makecache
yum update -y
# 安装软件
yum install -y dnsmasq
# 启动服务
systemctl enable dnsmasq.service --now
# 开通防火墙
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
# 检查状态
systemctl status dnsmasq
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-10-19 15:35:57 CST; 1 weeks 0 days ago
 Main PID: 1013 (dnsmasq)
   CGroup: /system.slice/dnsmasq.service
           └─1013 /usr/sbin/dnsmasq -k

配置

  1. 配置上游解析目标

    # touch /etc/resolv.dnsmasq
# vim /etc/resolv.dnsmasq
nameserver 127.0.0.1

# 本地内网DNS查询服务器
nameserver 192.168.1.1

# 主流公共DNS查询服务器
nameserver 211.167.230.100
nameserver 211.167.230.200
nameserver 202.106.196.115
nameserver 202.106.0.20
nameserver 114.114.114.114
nameserver 218.30.118.6
nameserver 114.114.114.119
nameserver 119.29.29.29
nameserver 8.8.4.4
nameserver 4.2.2.2
nameserver 1.2.4.8
nameserver 223.5.5.5

  2. 配置DNSMasq解析服务 

    # 配置/etc/dnsmasq.cof
# 监听eth0
interface=eth0
# 设定DNS端口为53
port=53

# 要求fqdn格式域名才会转发到上游DNS
domain-needed
bogus-priv

#指定上游DNS文件按resolv.dnsmasq顺序执行
resolv-file=/etc/resolv.dnsmasq
strict-order

# 缓存大小
cache-size=1024

  3. 新增解析缓存目标

    # 获取github访问地址的hosts文件转化为dnsmasq的配置
curl https://raw.hellogithub.com/hosts | awk '$1 ~ /^[0-9]/ {printf("address=/%s/%s\n", $2,$1)}' > /etc/dnsmasq.d/github.conf
# 获取污染DNS地址,避免DNS劫持
wget https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf -P /etc/dnsmasq.d/
# 重启服务
systemctl restart dnsmasq.service

收工