- Блог Элмора…
- 1. Начальные настройки сети.
- 2. Установка bind9 и dhcp3-server
- 3. Создание секретного ключа
- 4. Настройка сетевого соединения со статическим IP
- 5. Настраиваем BIND9
- 6. Создание прямой и обратной зоны для сети
- How to Setup a DNS/DHCP Server Using dnsmasq on CentOS/RHEL 8/7
- Installing dnsmasq in CentOS and RHEL Linux
- Configuring dnsmasq Server in CentOS and RHEL Linux
- Configuring dnsmasq with /etc/resolv.conf File
- Defining DNS Hosts and Names
- Testing Local DNS
- Enable DHCP Server Using dnsmasq
Блог Элмора…
Все установки пакетов и редактирование файлов конфигурации производятся с правами суперпользователя.
Права суперпользователя действуют до следующей перезагрузки.
1. Начальные настройки сети.
Диапазон: 192.168.0.1/255.255.255.0
Диапазон DHCP: 192.168.0.101 — 192.168.0.199
Основной шлюз: 192.168.0.1
Внешние DNS-сервера: 8.8.8.8, 8.8.4.4, 204.194.232.200, 204.194.234.200
Имя нашего сервера: ns1
Статический IP-адрес сервера: 192.168.0.2
Имя домена: team.local
2. Установка bind9 и dhcp3-server
3. Создание секретного ключа
После установки этих пакетов создаём секретный ключ, который понадобиться для обновления DNS-записей в зоне нашей локальной сети.
После завершения команды в текущем каталоге появятся два файла один с расширением .key , другой .private .
В тексте этих файлов содержится секретный ключ вида:
Он нам и понадобиться в дальнейшем.
4. Настройка сетевого соединения со статическим IP
Внесите изменения в файл /etc/network/interfaces. Статический, жестко прописанный адрес, необходим хотя бы для того, чтобы сервис dhcp стартовал при перезапуске сервера. Иначе, не увидев поднятых интерфейсов во время перезапуска, dhcp не запустится.
Адрес DNS сервера можно задать в файле /etc/network/interfaces , но вообще управление адресами DNS серверов в Ubuntu осуществляется через файл /etc/resolv.conf. Важно не забыть его поправить. Он должен иметь вид:
Перезапускаем службу networking
5. Настраиваем BIND9
Файлы конфигурации лежат в каталоге: /etc/bind
Нам нужно отредактировать два файла: named.conf.options и named.conf.local
Правим named.conf.options:
Этим мы указываем серверу куда передавать неизвестные нам имена «на опознание» и по каким адресам «слушать» DNS-запросы клиентов нашей сети.
Файл named.conf.local правится далее по тексту.
6. Создание прямой и обратной зоны для сети
Создаём файлы прямой и обратной зоны для нашей локальной сети.
Файлы наших локальных зон должны лежать в директории: /var/lib/bind.
Если поместить эти файлы в папку /etc/bind, где уже лежат файлы описания корневых зон,то обновление записей для локальных зон производиться не будет, так-как локальная группа [bind] по умолчанию не имеет права на запись в эту директорию.
Итак, в папке /var/lib/bind создаём файл для прямой зоны, назовём его например: forward.bind. Файл используется DNS-сервером для преобразования имени компьютеров локальной сети в ip-адрес.
forward.bind
How to Setup a DNS/DHCP Server Using dnsmasq on CentOS/RHEL 8/7
A Dynamic Host Configuration Protocol (DHCP) server dynamically assigns IP addresses and other network configuration parameters to each device on a network. A DNS forwarder on a LAN forwards DNS queries for non-local domain names to upstream DNS servers (outside that network). A DNS caching server answers recursive requests from clients so that the DNS query can be resolved faster, thus improving DNS lookup speeds to previously visited sites.
dnsmasq is a lightweight, easy to configure DNS forwarder, DHCP server software and router advertisement subsystem for small networks. Dnsmasq supports Linux, *BSD, Mac OS X as well as Android.
It features a DNS subsystem that provides a local DNS server for the network, with forwarding of all query types to upstream recursive DNS servers and caching of common record types. The DHCP subsystem supports DHCPv4, DHCPv6, BOOTP, PXE, and a TFTP server. And the router advertisement subsystem supports basic autoconfiguration for IPv6 hosts.
In this article, we will walk you through the instructions on how to install and setup DNS/DHCP Server Using dnsmasq on CentOS/RHEL 8/7 distributions.
Installing dnsmasq in CentOS and RHEL Linux
1. The dnsmasq package is available in the default repositories and can be easily installed using the YUM package manager as shown.
2. Once the dnsmasq package installation is complete, you need to start the dnsmasq service for now and enable it to automatically start at system boot. Besides, check its status to ensure that it is up and running using the following systemctl commands.
# systemctl start dnsmasq # systemctl enable dnsmasq # systemctl status dnsmasq
Configuring dnsmasq Server in CentOS and RHEL Linux
3. The dnsmasq server can be configured via the /etc/dnsmasq.conf file (which contains well commented and explained options), and user-defined configuration files can also be added in the /etc/dnsmasq.d directory.
DNS is enabled by default, so before making any changes, make sure to create a backup of /etc/dnsmasq.conf file.
# cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
4. Now open the /etc/dnsmasq.conf file using your favorite text-based editor and make the following suggested configuration settings.
The listen-address the option is used to set the IP address, where dnsmasq will listen on. To use your CentOS/RHEL server to listen for DHCP and DNS requests on the LAN, set the listen-address option to its LAN IP addresses (remember to include 127.0.0.1) as shown. Note that the server IP must be static.
listen-address=::1,127.0.0.1,192.168.56.10
Related to the above, you can restrict the interface dnsmasq listens on using the interface option (add more lines for more than one interface).
5. If you want to have a domain (which you can set as shown next) automatically added to simple names in a hosts-file, uncomment the expand-hosts option.
6. To set the domain for dnsmasq, which means DHCP clients will have fully qualified domain names as long as the set domain is matched, and sets the “domain” DHCP option for all clients.
7. Next, also define the upstream DNS server for non-local domains using the server option (in the form server=dns_server_ip) as shown.
# Google's nameservers server=8.8.8.8 server=8.8.4.4
8. Then you can force your local domain to an IP address(es) using the address option as shown.
address=/tecmint.lan/127.0.0.1 address=/tecmint.lan/192.168.56.10
9. Save the file and check the configuration file syntax for errors as shown.
Configuring dnsmasq with /etc/resolv.conf File
10. In this step, you need to make all queries to be sent to dnsmasq by adding the localhost addresses as the only nameservers in /etc/resolv.conf file.
11. The /etc/resolv.conf file is maintained by a local daemon especially the NetworkManager, therefore any user-made changes will be overwritten. To prevent this, write-protect it by setting the immutable file attribute (disabling write access to the file) using the chattr command as shown.
# chattr +i /etc/resolv.conf # lsattr /etc/resolv.conf
Defining DNS Hosts and Names
12. The Dnsmasq reads all the DNS hosts and names from the /etc/hosts file, so add your DNS hosts IP addresses and name pairs as shown.
127.0.0.1 dnsmasq 192.168.56.10 dnsmasq 192.168.56.1 gateway 192.168.56.100 maas-controller 192.168.56.20 nagios 192.168.56.25 webserver1
Important: Local DNS names can also be defined by importing names from the DHCP subsystem, or by the configuration of a wide range of useful record types.
13. To apply the above changes, restart the dnsmasq service as shown.
# systemctl restart dnsmasq
14. If you have the firewalld service running, you need to open DNS and DHCP services in the firewall configuration, to allow requests from hosts on your LAN to pass to the dnsmasq server.
# firewall-cmd --add-service=dns --permanent # firewall-cmd --add-service=dhcp --permanent # firewall-cmd --reload
Testing Local DNS
15. To test if the local DNS server or forwarding is working fine, you need to use tools such as dig or nslookup for performing DNS queries. These tools are provided by the bind-utils package which may not come pre-installed on CentOS/RHEL 8, but you can install it as shown.
16. Once you have installed, you can run a simple query on your local domain as shown.
# dig tecmint.lan OR # nslookup tecmint.lan
17. You can also try to query the FQDN of one of the servers.
# dig webserver1.tecmint.lan OR # nslookup webserver1.tecmint.lan
18. To test a reverse IP lookup, run a similar command.
# dig -x 192.168.56.25 OR # nslookup 192.168.56.25
Enable DHCP Server Using dnsmasq
19. You can enable the DHCP server by uncommenting the dhcp-range option and supply the range of addresses available for lease and optionally a lease time e.g (repeat for more than one network).
dhcp-range=192.168.0.50,192.168.0.150,12h
20. The following option defines where the DHCP server will keep its lease database, this will helps you to easily check IP addresses it has assigned.
dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
21. To make the DHCP server to authoritative mode, uncomment the option.
22. Save the file and restart the dnsmasq service to apply the recent changes.
# systemctl restart dnsmasq
That brings us to the end of this guide. To reach us for any questions or thoughts you want to share about this guide, use the feedback form below.