配置DNSMasq缓存系统

部署DNSMasq实现解析缓存服务

DNSMasq是一个简洁、快速的DNS和DHCP服务器，我们可以使用它为局域网和主机自身提供可靠的DHCPv4、DHCPv6、BOOTP以及PXE服务。
本文将记录一次DNSMasq的部署过程，并由该服务提供Github.com的域名解析。

部署

# 系统更新
yum makecache
yum update -y
# 安装软件
yum install -y dnsmasq
# 启动服务
systemctl enable dnsmasq.service --now
# 开通防火墙
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
# 检查状态
systemctl status dnsmasq
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-10-19 15:35:57 CST; 1 weeks 0 days ago
 Main PID: 1013 (dnsmasq)
   CGroup: /system.slice/dnsmasq.service
           └─1013 /usr/sbin/dnsmasq -k

配置

1. 配置上游解析目标

   # touch /etc/resolv.dnsmasq
   # vim /etc/resolv.dnsmasq
   nameserver 127.0.0.1
   
   # 本地内网DNS查询服务器
   nameserver 192.168.1.1
   
   # 主流公共DNS查询服务器
   nameserver 211.167.230.100
   nameserver 211.167.230.200
   nameserver 202.106.196.115
   nameserver 202.106.0.20
   nameserver 114.114.114.114
   nameserver 218.30.118.6
   nameserver 114.114.114.119
   nameserver 119.29.29.29
   nameserver 8.8.4.4
   nameserver 4.2.2.2
   nameserver 1.2.4.8
   nameserver 223.5.5.5

2. 配置DNSMasq解析服务

   # 配置/etc/dnsmasq.cof
   # 监听eth0
   interface=eth0
   # 设定DNS端口为53
   port=53
   
   # 要求fqdn格式域名才会转发到上游DNS
   domain-needed
   bogus-priv
   
   #指定上游DNS文件按resolv.dnsmasq顺序执行
   resolv-file=/etc/resolv.dnsmasq
   strict-order
   
   # 缓存大小
   cache-size=1024

3. 新增解析缓存目标

   # 获取github访问地址的hosts文件转化为dnsmasq的配置
   curl https://raw.hellogithub.com/hosts | awk '$1 ~ /^[0-9]/ {printf("address=/%s/%s\n", $2,$1)}' > /etc/dnsmasq.d/github.conf
   # 获取污染DNS地址，避免DNS劫持
   wget https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf -P /etc/dnsmasq.d/
   # 重启服务
   systemctl restart dnsmasq.service

收工