在macOS下用dnsmasq搭建DNS服务器
一提起搭建DNS服务器,你可能会想到Bind这些Linux下的DNS工具,就像Oracle Linux下内网DNS服务器的配置里的那样,配置Bind,编写正解文件,再编写反解文件。步骤比较繁琐,尤其是正解、反解文件的格式很反人类,容易出错。
其实,除了Bind这种比较复杂的DNS服务之外,Linux系统中还提供了一种更轻量级的DNS服务,也就是本文的主角dnsmasq。它比较适合本地的小型网络,尤其是在虚拟、测试环境中为各个虚拟机提供DNS和DHCP服务。
在macOS中,通过homebrew安装,也可以使用dnsmasq。本文的目的就是将macOS作为一个虚拟局域网(192.168.78.)的DNS服务器(本机的IP地址为192.168.78.1),为本机以及各个虚拟主机提供局域网的DNS服务。接下来就是简单的配置步骤。
安装dnsmasq
如果你的macOS中没有安装homebrew的话,用下面的命令1:
$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
之后就可以用homebrew进行安装了:
$ brew install dnsmasq
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/core).
==> Updated Formulae
gnupg
==> Downloading https://mirrors.ustc.edu.cn/homebrew-bottles/bottles/dnsmasq-2.7
######################################################################## 100.0%
==> Pouring dnsmasq-2.76.sierra.bottle.tar.gz
==> Caveats
To configure dnsmasq, copy the example configuration to /usr/local/etc/dnsmasq.conf
and edit to taste.
cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf
To have launchd start dnsmasq now and restart at startup:
sudo brew services start dnsmasq
==> Summary
🍺 /usr/local/Cellar/dnsmasq/2.76: 7 files, 504.7KB
配置dnsmasq
上面的安装提示信息中说的已经很明白了,需要把一个示例用的配置文件复制到/usr/local/etc/dnsmasq.conf来进行配置。什么?没注意看上面的信息,好吧,用下面的命令再看一次:
$ brew info dnsmasq
dnsmasq: stable 2.76 (bottled)
Lightweight DNS forwarder and DHCP server
http://www.thekelleys.org.uk/dnsmasq/doc.html
...
To configure dnsmasq, copy the example configuration to /usr/local/etc/dnsmasq.conf
and edit to taste.
cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf
To have launchd start dnsmasq now and restart at startup:
sudo brew services start dnsmasq
照做就行:
$ cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf
修改配置文件/usr/local/etc/dnsmasq.conf。刚才拷贝过来的文件中,默认所有的选项都是注释掉的,只需要修改下面两个选项:
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
strict-order
<此处省略好多字...>
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=192.168.78.1,127.0.0.1
解释一下:
- strict-order表示在解析一个域名时,dnsmasq会严格按照/etc/resolv.conf文件中定义的DNS服务器的顺序从上到下进行 DNS 解析,直到第一个解析成功为止。/etc/resolv.conf是macOS默认的DNS配置文件,会自动生成。
- listen-address表示DNS服务会绑定到哪个地址上。如果只是本机使用,那么只需要指定127.0.0.1就可。如果还需要让局域网中的其他主机也能使用这个DNS服务器,还需要加上本机在局域网中的地址,即192.168.78.1,127.0.0.1。换句话说,在192.168.78.这个网段的所有主机都可以指定192.168.78.1为自己的DNS服务器地址。
到此为止,dnsmasq的配置文件就编辑完了。
那么问题来了:局域网中主机地址与域名的对应关系在哪里配置呢?
答:在/etc/hosts文件中进行配置。
原来,在默认情况下,dnsmasq在解析一个域名时,会首先查找/etc/hosts文件中的定义,如果找不到的话,再去/etc/resolv.conf中去找。当然,这个动作也是可以配置的,在配置文件中说明如下:
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
配置本地局域网中的域名和主机映射
这里要按照实际的需要来定义,本文环境中的/etc/hosts文件内容如下:
$ sudo vim /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost, KMAC.local
255.255.255.255 broadcasthost
::1 localhost
192.168.78.122 ora12c, ora12c.example.com
192.168.78.73 rhel7, rhel7.example.com
192.168.78.113 sol11, sol11.example.com
启动dnsmasq服务
按照brew info dnsmasq的提示,输入下面命令就可以启动服务,并且会开机自动启动:
$ sudo brew services start dnsmasq
Password:
==> Successfully started `dnsmasq` (label: homebrew.mxcl.dnsmasq)
上面的命令会将/usr/local/opt/dnsmasq/homebrew.mxcl.dnsmasq.plist自动复制为/Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist,这就是dnsmasq服务描述文件。这里多说几句,macOS用launchd(类似于Linux的systemd,或者init)来启动后台服务,LaunchDaemon会在开机时自动启动。启动时读入的就是这些”.plist”文件(Property List File),要关闭和重启服务的话,可以使用下面的命令:
$ sudo launchctl stop homebrew.mxcl.dnsmasq
$ sudo launchctl start homebrew.mxcl.dnsmasq
测试
先看看外部域名能不能正常解析到:
$ dig baidu.com
; <<>> DiG 9.8.3-P1 <<>> baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64468
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;baidu.com. IN A
;; ANSWER SECTION:
baidu.com. 30 IN A 123.125.114.144
baidu.com. 30 IN A 220.181.57.217
baidu.com. 30 IN A 180.149.132.47
baidu.com. 30 IN A 111.13.101.208
;; Query time: 9 msec
;; SERVER: 10.0.31.199#53(10.0.31.199)
;; WHEN: Tue May 16 11:40:52 2017
;; MSG SIZE rcvd: 91
没有问题,再看看本地局域网域名的解析情况如何(这一步最好到从其他主机上进行测试,本机测试意义不大,因为/etc/hosts总是会解析成功的):
$ dig rhel7
; <<>> DiG 9.8.3-P1 <<>> rhel7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30445
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;rhel7. IN A
;; Query time: 1 msec
;; SERVER: 10.0.31.199#53(10.0.31.199)
;; WHEN: Tue May 16 11:42:21 2017
;; MSG SIZE rcvd: 23
总结
一共五条命令即可搞定:
$ brew install dnsmasq
$ cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf
$ cat >> /usr/local/etc/dnsmasq.conf << EOF
strict-order
listen-address=192.168.78.1,127.0.0.1
EOF
$ sudo cat >> /etc/hosts << EOF
192.168.78.122 ora12c, ora12c.example.com
192.168.78.73 rhel7, rhel7.example.com
192.168.78.113 sol11, sol11.example.com
EOF
$ sudo brew services start dnsmasq
其实,关于dnsmasq网上有一大堆的教程,本文只用了最简单的步骤,使用dnsmasq的默认配置,保证在最短的时间内让DNS服务器跑起来。如果你感兴趣的话,可以仔细研究一下dnsmasq的配置文件,注释写的很详细,可以尝试配置一下DHCP服务。
湘公网安备 43102202000103号