dnsmasq详解以及在openstack和容器中的使用_dnsmasq no-negcache-程序员宅基地
技术标签: openstack-network dnsmasq kvm dhcp
dnsmasq简介
了解Dnsmasq,还是从研究openstack neutron网络开始的,在openstack的网络中,dnsmasq为指定网络提供dhcp和dns功能,后台起的进程如下:
dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/host --addn-hosts=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/opts --dhcp-leasefile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap3043df67-be --dhcp-range=set:tag0,10.1.0.0,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=sample.openstack.org.该进程在开启子网的dhcp或者dns功能时启动,如果在同一网络下开启多个子网的dhcp或者dns功能,那么会修改该网络下首次开启dnsmasq的进程。也就是说,如果第一个子网开启了dnsmasq进程,那么后面创建的通网络下面的子网不会重新启动新的进程,而是会修改第一次启动的进程。如下:
一个子网开启dnsmasq进程:
dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host --addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts --dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapf2df91fa-f7 --dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=65536 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=openstacklocal两个子网开启dnsmasq进程:
dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host --addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts --dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapf2df91fa-f7 --dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s --dhcp-range=set:tag1,10.11.0.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=65792 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=openstacklocal我们会发现:多开启一个子网的dhcp或则dns功能,只会在首次创建的dnsmasq进程上修改,增加第二次子网的相关信息,比如:--dhcp-range=set:tag1,10.11.0.0,static,255.255.255.0,86400s。关于openstack的dnsmasq就简单说到这里,下面我们来具体说下dnsmasq的整体功能。
Dnsmasq (dnsmasq)
提供 DNS 缓存和 DHCP 服务功能。作为域名解析服务器(DNS),dnsmasq可以通过缓存 DNS 请求来提高我们对访问过的网址的连接速度。而作为DHCP 服务器,dnsmasq 可以为局域网(比如openstack中的网络)电脑(云主机)提供内网ip地址和路由。DNS和DHCP两个功能可以同时或分别单独实现。dnsmasq轻量且易配置,适用于个人用户或少于50台主机的网络。
dnsmasq配置文件
下面说一下dnsmasq的配置,dnsmasq的配置文件在/etc/dnsmasq.conf,也可能会因为你linux版本的不同位于/etc/default/dnsmasq、/etc/dnsmasq.d/,或者 /etc/dnsmasq.d-available/目录下,我们也可以在启动dnsmasq的进程时指定配置文件地址或者在配置文件里面通过conf-file= 选项来调用其他的配置文件,这些根据需求可以灵活定义。
下面是摘自dnsmasq.conf里面比较重要且常使用的一些配置项以及简短说明:
不读取任何服务器 默认 /etc/resolv.conf 可以使用resolv-file自定义
不加载本地的 /etc/hosts 文件
#no-hosts添加读取额外的 hosts 文件路径,可以多次指定。如果指定为目录,则读取目录中的所有文件。
#addn-hosts=/etc/dnsmasq.hosts.d读取目录中的所有文件,文件更新将自动读取
#hostsdir=/etc/dnsmasq.hosts.d指定用户和组
#user=nobody
#group=nobody指定DNS的端口,默认53,设置 port=0 将完全禁用 DNS 功能,仅使用 DHCP/TFTP
#port=53设置DNS缓存大小(单位:DNS解析条数)
#cache-size=500不缓存未知域名缓存,默认情况下dnsmasq缓存未知域名并直接返回为客户端。
#no-negcache指定DNS同属查询转发数量
#dns-forward-max=1000定义dnsmasq监听的地址,默认是监控本机的所有网卡上。局域网内主机若要使用dnsmasq服务时,指定本机的IP地址。
#listen-address=192.168.26.111address启用泛域名解析,即自定义解析a记录,如下:访问demon.com时的所有域名都会被解析成127.0.0.1
#address=/demon.com/127.0.0.1 #server指定dnsmasq程序使用哪个DNS服务器进行解析,对于不同的网站可以使用不同的域名对应解析
#表示对于google的服务,使用谷歌的DNS解析
#server=/google.com/8.8.8.8定义dnsmasq从哪里获取上游DNS服务器的地址, 默认是从/etc/resolv.conf获取
#resolve-file表示严格按照resolv-file文件中的顺序从上到下进行DNS解析,直到第一个解析成功为止
#strict-order 绑定接口,开启此项将仅监听指定的接口。
#bind-interfaces对于新添加的接口也进行绑定。
#bind-dynamic限制 Dnsmasq 监听的网络接口
#interface=eth0指定需要排除监听的接口,排除优先级高,可以使用'*'通配符
#except-interface=指定不提供 DHCP 或 TFTP 服务的接口,仅提供 DNS 服务。
#no-dhcp-interface=eth0dhcp动态分配的地址范围
dhcp-range=10.10.10.10,10.10.10.100,24hdhcp服务的静态绑定
# dhcp-host=00:0C:38:52:42:61,10.10.10.11
# dhcp-host=00:0C:38:52:43:62,10.10.10.12,infinite 无限租期
dhcp-host=00:0C:38:52:44:64,10.10.10.13,OS13
dhcp-host=00:0C:38:52:45:65,10.10.10.14,0S14设置默认租期
#dhcp-lease-max=150租期保存在下面文件
#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases忽略下面MAC地址的DHCP请求
#dhcp-host=11:22:33:44:55:66,ignoredhcp所在的domain
#domain=test.com设置默认路由出口,option 3为default route, 10.10.10.1为网关
#dhcp-option=3,10.10.10.1dnsmasq命令行以及在openstack中的进程参数解析
看完配置文件,我们再来看下dnsmasq进程有那些参数可以配置:
可以参考英文文档:dnsmasq命令行参数解析
dnsmasq --test 测试配置是否正确
-w, --help #帮助命令
-v, --version #打印版本号
-H, --addn-hosts=<file>
--hostsdir=<path>
-d, --no-daemon #前台运行该进程
-x, --pid-file=<path> 将进程的pid号写到指定文件
-I, --except-interface=<interface name>
-2, --no-dhcp-interface=<interface name>
-a, --listen-address=<ipaddr>
-z, --bind-interfaces
--ignore-address=<ipaddr>
-r, --resolv-file=<file>
-R, --no-resolv
-o, --strict-order
-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
--dhcp-hostsfile=<path>
--dhcp-optsfile=<path>上面是一些常用的配置项,没有解释的可以查看上文的配置文件解析
下面我们就上面的配置解析一下openstack中dnsmasq的进程参数:
dnsmasq --no-hosts #不加载本地的 /etc/hosts 文件
--no-resolv #不读取/etc/resolv.conf.,获取dns只从命令行或者dnsmasq配置文件读取
--strict-order #严格按照resolv.conf中的顺序进行查找
--except-interface=lo #不监听lo网卡
--pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid 保存dnsmasq进程pid号的文件
--dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host 读取该文件保存的dhcp 主机信息
--addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts #添加读取额外的 hosts 文件路径
--dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts #从指定的文件中读取DHCP选项信息
--dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases #保存租约的文件
--dhcp-match=set:ipxe,175 #设置dhcp tag
--bind-interfaces #绑定接口,开启此项将仅监听指定的接口
--interface=tapf2df91fa-f7 #要监听的端口
--dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s #1)设置网络的tag,2)dhcp监听的网络范围 3)static表示dnsmasq为指定的网络启用DHCP,而不是动态分配IP地址 4)租约时间
--dhcp-option-force=option:mtu,1450 为DHCP客户端指定不同的或额外的选项,这里为客户端指定mtu=1450
--dhcp-lease-max=65536 指定dnsmasq为dhcp提供租约的最大个数,默认为1000
--conf-file=/etc/neutron/dnsmasq.conf #调用其他的配置文件
--server=8.8.8.8 --server=8.8.4.4 #指定上游域名服务器
--domain=openstacklocal #为dhcp服务指定dns域名dnsmasq安装
容器中也是一样安装dnsmasq,下面安装是针对centos7版本的:
[root@test centos]# yum install dnsmasq
base | 3.6 kB 00:00:00
epel | 3.2 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/7): epel/x86_64/group_gz | 88 kB 00:00:00
(2/7): base/7/x86_64/group_gz | 166 kB 00:00:00
(3/7): epel/x86_64/updateinfo | 932 kB 00:00:00
(4/7): base/7/x86_64/primary_db | 5.9 MB 00:00:00
(5/7): epel/x86_64/primary | 3.6 MB 00:00:00
(6/7): extras/7/x86_64/primary_db | 174 kB 00:00:00
(7/7): updates/7/x86_64/primary_db | 5.0 MB 00:00:00
epel 12650/12650
Resolving Dependencies
--> Running transaction check
---> Package dnsmasq.x86_64 0:2.76-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================================================
Installing:
dnsmasq x86_64 2.76-5.el7 base 277 k
Transaction Summary
===========================================================================================================================================================================
Install 1 Package
Total download size: 277 k
Installed size: 586 k
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/dnsmasq-2.76-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for dnsmasq-2.76-5.el7.x86_64.rpm is not installed
dnsmasq-2.76-5.el7.x86_64.rpm | 277 kB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-4.1708.el7.centos.x86_64 (installed)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : dnsmasq-2.76-5.el7.x86_64 1/1
Verifying : dnsmasq-2.76-5.el7.x86_64 1/1
Installed:
dnsmasq.x86_64 0:2.76-5.el7
Complete!
简单使用:
[root@test centos]# dnsmasq --test
dnsmasq: syntax check OK.
[root@test centos]# dnsmasq --version
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.
[root@test centos]# dnsmasq --help
Usage: dnsmasq [options]
Valid options are:
-a, --listen-address=<ipaddr> Specify local address(es) to listen on.
-A, --address=/<domain>/<ipaddr> Return ipaddr for all hosts in specified domains.
-b, --bogus-priv Fake reverse lookups for RFC1918 private address ranges.
-B, --bogus-nxdomain=<ipaddr> Treat ipaddr as NXDOMAIN (defeats Verisign wildcard).
-c, --cache-size=<integer> Specify the size of the cache in entries (defaults to 150).
-C, --conf-file=<path> Specify configuration file (defaults to /etc/dnsmasq.conf).
-d, --no-daemon Do NOT fork into the background: run in debug mode.
-D, --domain-needed Do NOT forward queries with no domain part.
-e, --selfmx Return self-pointing MX records for local hosts.
-E, --expand-hosts Expand simple names in /etc/hosts with domain-suffix.
-f, --filterwin2k Don't forward spurious DNS requests from Windows hosts.
-F, --dhcp-range=<ipaddr>,... Enable DHCP in the range given with lease duration.
-g, --group=<groupname> Change to this group after startup (defaults to dip).
-G, --dhcp-host=<hostspec> Set address or hostname for a specified machine.
--dhcp-hostsfile=<path> Read DHCP host specs from file.
--dhcp-optsfile=<path> Read DHCP option specs from file.
--dhcp-hostsdir=<path> Read DHCP host specs from a directory.
--dhcp-optsdir=<path> Read DHCP options from a directory.
--tag-if=tag-expression Evaluate conditional tag expression.
-h, --no-hosts Do NOT load /etc/hosts file.
-H, --addn-hosts=<path> Specify a hosts file to be read in addition to /etc/hosts.
--hostsdir=<path> Read hosts files from a directory.
-i, --interface=<interface> Specify interface(s) to listen on.
-I, --except-interface=<interface> Specify interface(s) NOT to listen on.
-j, --dhcp-userclass=set:<tag>,<class> Map DHCP user class to tag.
--dhcp-circuitid=set:<tag>,<circuit>Map RFC3046 circuit-id to tag.
--dhcp-remoteid=set:<tag>,<remote> Map RFC3046 remote-id to tag.
--dhcp-subscrid=set:<tag>,<remote> Map RFC3993 subscriber-id to tag.
-J, --dhcp-ignore=tag:<tag>... Don't do DHCP for hosts with tag set.
--dhcp-broadcast[=tag:<tag>...] Force broadcast replies for hosts with tag set.
-k, --keep-in-foreground Do NOT fork into the background, do NOT run in debug mode.
-K, --dhcp-authoritative Assume we are the only DHCP server on the local network.
-l, --dhcp-leasefile=<path> Specify where to store DHCP leases (defaults to /var/lib/dnsmasq/dnsmasq.leases).
-L, --localmx Return MX records for local hosts.
-m, --mx-host=<host_name>,<target>,<prefSpecify an MX record.
-M, --dhcp-boot=<bootp opts> Specify BOOTP options to DHCP server.
-n, --no-poll Do NOT poll /etc/resolv.conf file, reload only on SIGHUP.
-N, --no-negcache Do NOT cache failed search results.
-o, --strict-order Use nameservers strictly in the order given in /etc/resolv.conf.
-O, --dhcp-option=<optspec> Specify options to be sent to DHCP clients.
--dhcp-option-force=<optspec> DHCP option sent even if the client does not request it.
-p, --port=<integer> Specify port to listen for DNS requests on (defaults to 53).
-P, --edns-packet-max=<integer> Maximum supported UDP packet size for EDNS.0 (defaults to 4096).
-q, --log-queries Log DNS queries.
-Q, --query-port=<integer> Force the originating port for upstream DNS queries.
-R, --no-resolv Do NOT read resolv.conf.
-r, --resolv-file=<path> Specify path to resolv.conf (defaults to /etc/resolv.conf).
--servers-file=<path> Specify path to file with server= options
-S, --server=/<domain>/<ipaddr> Specify address(es) of upstream servers with optional domains.
--rev-server=<addr>/<prefix>,<ipaddrSpecify address of upstream servers for reverse address queries
--local=/<domain>/ Never forward queries to specified domains.
-s, --domain=<domain>[,<range>] Specify the domain to be assigned in DHCP leases.
-t, --mx-target=<host_name> Specify default target in an MX record.
-T, --local-ttl=<integer> Specify time-to-live in seconds for replies from /etc/hosts.
--neg-ttl=<integer> Specify time-to-live in seconds for negative caching.
--max-ttl=<integer> Specify time-to-live in seconds for maximum TTL to send to clients.
--max-cache-ttl=<integer> Specify time-to-live ceiling for cache.
--min-cache-ttl=<integer> Specify time-to-live floor for cache.
-u, --user=<username> Change to this user after startup. (defaults to nobody).
-U, --dhcp-vendorclass=set:<tag>,<class>Map DHCP vendor class to tag.
-v, --version Display dnsmasq version and copyright information.
-V, --alias=<ipaddr>,<ipaddr>,<netmask> Translate IPv4 addresses from upstream servers.
-W, --srv-host=<name>,<target>,... Specify a SRV record.
-w, --help Display this message. Use --help dhcp or --help dhcp6 for known DHCP options.
-x, --pid-file=<path> Specify path of PID file (defaults to /var/run/dnsmasq.pid).
-X, --dhcp-lease-max=<integer> Specify maximum number of DHCP leases (defaults to 1000).
-y, --localise-queries Answer DNS queries based on the interface a query was sent to.
-Y, --txt-record=<name>,<txt>[,<txt] Specify TXT DNS record.
--ptr-record=<name>,<target> Specify PTR DNS record.
--interface-name=<name>,<interface> Give DNS name to IPv4 address of interface.
-z, --bind-interfaces Bind only to interfaces in use.
-Z, --read-ethers Read DHCP static host information from /etc/ethers.
-1, --enable-dbus[=<busname>] Enable the DBus interface for setting upstream servers, etc.
-2, --no-dhcp-interface=<interface> Do not provide DHCP on this interface, only provide DNS.
-3, --bootp-dynamic[=tag:<tag>]... Enable dynamic address allocation for bootp.
-4, --dhcp-mac=set:<tag>,<mac address> Map MAC address (with wildcards) to option set.
--bridge-interface=<iface>,<alias>..Treat DHCP requests on aliases as arriving from interface.
-5, --no-ping Disable ICMP echo address checking in the DHCP server.
-6, --dhcp-script=<path> Shell script to run on DHCP lease creation and destruction.
--dhcp-luascript=path Lua script to run on DHCP lease creation and destruction.
--dhcp-scriptuser=<username> Run lease-change scripts as this user.
--script-arp Call dhcp-script with changes to local ARP table.
-7, --conf-dir=<path> Read configuration from all the files in this directory.
-8, --log-facility=<facilty>|<file> Log to this syslog facility or file. (defaults to DAEMON)
-9, --leasefile-ro Do not use leasefile.
-0, --dns-forward-max=<integer> Maximum number of concurrent DNS queries. (defaults to 150)
--clear-on-reload Clear DNS cache when reloading /etc/resolv.conf.
--dhcp-ignore-names[=tag:<tag>]... Ignore hostnames provided by DHCP clients.
--dhcp-no-override Do NOT reuse filename and server fields for extra DHCP options.
--enable-tftp[=<intr>[,<intr>]] Enable integrated read-only TFTP server.
--tftp-root=<dir>[,<iface>] Export files by TFTP only from the specified subtree.
--tftp-unique-root Add client IP address to tftp-root.
--tftp-secure Allow access only to files owned by the user running dnsmasq.
--tftp-no-fail Do not terminate the service if TFTP directories are inaccessible.
--tftp-max=<integer> Maximum number of conncurrent TFTP transfers (defaults to 50).
--tftp-mtu=<integer> Maximum MTU to use for TFTP transfers.
--tftp-no-blocksize Disable the TFTP blocksize extension.
--tftp-lowercase Convert TFTP filenames to lowercase
--tftp-port-range=<start>,<end> Ephemeral port range for use by TFTP transfers.
--log-dhcp Extra logging for DHCP.
--log-async[=<integer>] Enable async. logging; optionally set queue length.
--stop-dns-rebind Stop DNS rebinding. Filter private IP ranges when resolving.
--rebind-localhost-ok Allow rebinding of 127.0.0.0/8, for RBL servers.
--rebind-domain-ok=/<domain>/ Inhibit DNS-rebind protection on this domain.
--all-servers Always perform DNS queries to all servers.
--dhcp-match=set:<tag>,<optspec> Set tag if client includes matching option in request.
--dhcp-alternate-port[=<ports>] Use alternative ports for DHCP.
--naptr-record=<name>,<naptr> Specify NAPTR DNS record.
--min-port=<port> Specify lowest port available for DNS query transmission.
--max-port=<port> Specify highest port available for DNS query transmission.
--dhcp-fqdn Use only fully qualified domain names for DHCP clients.
--dhcp-generate-names[=tag:<tag>] Generate hostnames based on MAC address for nameless clients.
--dhcp-proxy[=<ipaddr>]... Use these DHCP relays as full proxies.
--dhcp-relay=<local-addr>,<server>[,Relay DHCP requests to a remote server
--cname=<alias>,<target>[,<ttl>] Specify alias name for LOCAL DNS name.
--pxe-prompt=<prompt>,[<timeout>] Prompt to send to PXE clients.
--pxe-service=<service> Boot service for PXE menu.
--test Check configuration syntax.
--add-mac[=base64|text] Add requestor's MAC address to forwarded DNS queries.
--add-subnet=<v4 pref>[,<v6 pref>] Add specified IP subnet to forwarded DNS queries.
--add-cpe-id=<text> Add client identification to forwarded DNS queries.
--proxy-dnssec Proxy DNSSEC validation results from upstream nameservers.
--dhcp-sequential-ip Attempt to allocate sequential IP addresses to DHCP clients.
--conntrack Copy connection-track mark from queries to upstream connections.
--dhcp-client-update Allow DHCP clients to do their own DDNS updates.
--enable-ra Send router-advertisements for interfaces doing DHCPv6
--dhcp-duid=<enterprise>,<duid> Specify DUID_EN-type DHCPv6 server DUID
--host-record=<name>,<address>[,<ttlSpecify host (A/AAAA and PTR) records
--dns-rr=<name>,<RR-number>,[<data>]Specify arbitrary DNS resource record
--bind-dynamic Bind to interfaces in use - check for new interfaces
--auth-server=<NS>,<interface> Export local names to global DNS
--auth-zone=<domain>,[<subnet>...] Domain to export to global DNS
--auth-ttl=<integer> Set TTL for authoritative replies
--auth-soa=<serial>[,...] Set authoritive zone information
--auth-sec-servers=<NS>[,<NS>...] Secondary authoritative nameservers for forward domains
--auth-peer=<ipaddr>[,<ipaddr>...] Peers which are allowed to do zone transfer
--ipset=/<domain>/<ipset>[,<ipset>..Specify ipsets to which matching domains should be added
--synth-domain=<domain>,<range>,[<prSpecify a domain and address range for synthesised names
--dnssec Activate DNSSEC validation
--trust-anchor=<domain>,[<class>],..Specify trust anchor key digest.
--dnssec-debug Disable upstream checking for DNSSEC debugging.
--dnssec-check-unsigned Ensure answers without DNSSEC are in unsigned zones.
--dnssec-no-timecheck Don't check DNSSEC signature timestamps until first cache-reload
--dnssec-timestamp=<path> Timestamp file to verify system clock for DNSSEC
--ra-param=<interface>,[high,|low,]<Set priority, resend-interval and router-lifetime
--quiet-dhcp Do not log routine DHCP.
--quiet-dhcp6 Do not log routine DHCPv6.
--quiet-ra Do not log RA.
--local-service Accept queries only from directly-connected networks.
--dns-loop-detect Detect and remove DNS forwarding loops.
--ignore-address=<ipaddr> Ignore DNS responses containing ipaddr.
--dhcp-ttl=<ttl> Set TTL in DNS responses with DHCP-derived addresses.
dnsmasq测试环境搭建
简单的一个网络拓扑如下:在ovs+kvm环境中搭建如下网络,dnsmasq进程监听DHCP tap1设备,主机host1和host2发出的dhcp广播包被tap1接受,dnsmasq进程会到对应的host文件中找到匹配mac的ip并下发给主机,如果没找到,主机获取ip失败。
这个环境搭建请看:测试环境搭建
dnsmasq进程启动以及测试
将两个主机的mac写入到对应的host文件中:
[root@cnc dhcp]# pwd
/root/dnsmasq/dhcp
[root@cnc dhcp]# ls
host pid
[root@cnc dhcp]# cat pid
[root@cnc dhcp]# cat host
52:54:00:aa:69:cc,10.10.10.20
52:54:00:aa:69:dd,10.10.10.30
启动进程:
[root@cnc ~]# dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/root/dnsmasq/dhcp/pid --dhcp-hostsfile=/root/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
进入虚拟机进行自动获取ip测试:
[root@cnc ~]# virsh console 2
Connected to domain cirros-test-vm2
Escape character is ^]
$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.30...
Lease of 10.10.10.30 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.1 0.0.0.0 UG 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@cnc dhcp]# virsh console 9
Connected to domain cirros-test-vm
Escape character is ^]
$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.20...
Lease of 10.10.10.20 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.1 0.0.0.0 UG 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@cnc ~]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/root/dnsmasq/dhcp/pid --dhcp-hostsfile=/root/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /root/dnsmasq/dhcp/host
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc
dnsmasq容器启动以及测试
容器中启动dnsmasq,需要容器以net=host的网络模式启动,如此才可以监控主机上的dhcp_tap接口,host 、pid等文件保存到容器内部。
[root@cnc ~]# docker exec -it 3da033d6c511 bash
[root@cnc dhcp]# pwd
/dnsmasq/dhcp
[root@cnc dhcp]# ls
host pid
[root@cnc dhcp]# cat pid
[root@cnc dhcp]# cat host
52:54:00:aa:69:cc,10.10.10.40
52:54:00:aa:69:dd,10.10.10.50
在容器中启动进程
[root@cnc dhcp]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/dnsmasq/dhcp/pid --dhcp-hostsfile=/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /dnsmasq/dhcp/host
注意:如果dnsmasq进程在容器中作为入口程序启动,需要添加-d参数,让这个进程在前台启动,而不能在后台启动。
经测试,在虚拟机获取ip时,进程报如下错误:
dnsmasq-dhcp: ARP-cache injection failed: Operation not permitted操作不被允许,这里是因为权限的问题,当创建容器时,给与特权模式便可。
[root@cnc ~]# docker run -it --privileged --net=host library/centos /bin/bash重新测试,虚拟机可以正常获取ip:
$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.40...
Lease of 10.10.10.40 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.50...
Lease of 10.10.10.50 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
[root@cnc dhcp]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/dnsmasq/dhcp/pid --dhcp-hostsfile=/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /dnsmasq/dhcp/host
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPRELEASE(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd unknown lease
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
智能推荐
linux里面ping www.baidu.com ping不通的问题_linux桥接ping不通baidu-程序员宅基地
文章浏览阅读3.2w次,点赞16次,收藏90次。对于这个问题我也是从网上找了很久,终于解决了这个问题。首先遇到这个问题,应该确认虚拟机能不能正常的上网,就需要ping 网关,如果能ping通说明能正常上网,不过首先要用命令route -n来查看自己的网关,如下图:第一行就是默认网关。现在用命令ping 192.168.1.1来看一下结果:然后可以看一下电脑上面百度的ip是多少可以在linux里面ping 这个IP,结果如下:..._linux桥接ping不通baidu
android 横幅弹出权限,有关 android studio notification 横幅弹出的功能没有反应-程序员宅基地
文章浏览阅读512次。小妹在这里已经卡了2-3天了,研究了很多人的文章,除了低版本api 17有成功外,其他的不是channel null 就是没反应 (channel null已解决)拜托各位大大,帮小妹一下,以下是我的程式跟 gradle, 我在这里卡好久又没有人可问(哭)public class MainActivity extends AppCompatActivit..._android 权限申请弹窗 横屏
CNN中padding参数分类_cnn “相同填充”(same padding)-程序员宅基地
文章浏览阅读1.4k次,点赞4次,收藏6次。valid padding(有效填充):完全不使用填充。half/same padding(半填充/相同填充):保证输入和输出的feature map尺寸相同。full padding(全填充):在卷积操作过程中,每个像素在每个方向上被访问的次数相同。arbitrary padding(任意填充):人为设定填充。..._cnn “相同填充”(same padding)
Maven的基础知识,java技术栈-程序员宅基地
文章浏览阅读790次,点赞29次,收藏28次。手绘了下图所示的kafka知识大纲流程图(xmind文件不能上传,导出图片展现),但都可提供源文件给每位爱学习的朋友一个人可以走的很快,但一群人才能走的更远。不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎扫码加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长![外链图片转存中…(img-Qpoc4gOu-1712656009273)][外链图片转存中…(img-bSWbNeGN-1712656009274)]
getFullYear()和getYear()有什么区别_getyear和getfullyear-程序员宅基地
文章浏览阅读469次。Date对象取得年份有getYear和getFullYear两种方法经 测试var d=new Date;alert(d.getYear())在IE中返回 2009,在Firefox中会返回109。经查询手册,getYear在Firefox下返回的是距1900年1月1日的年份,这是一个过时而不被推荐的方法。而alert(d.getFullYear())在IE和FF中都会返回2009。因此,无论何时都应使用getFullYear来替代getYear方法。例如:2016年用 getFullYea_getyear和getfullyear
Unix传奇 (上篇)_unix传奇pdf-程序员宅基地
文章浏览阅读182次。Unix传奇(上篇) 陈皓 了解过去,我们才能知其然,更知所以然。总结过去,我们才会知道我们明天该如何去规划,该如何去走。在时间的滚轮中,许许多的东西就像流星一样一闪而逝,而有些东西却能经受着时间的考验散发着经久的魅力,让人津津乐道,流传至今。要知道明天怎么去选择,怎么去做,不是盲目地跟从今天各种各样琳琅满目前沿技术,而应该是去 —— 认认真真地了解和回顾历史。 Unix是目前还在存活的操作系_unix传奇pdf
随便推点
老赵书托(2):计算机程序的构造与解释-程序员宅基地
文章浏览阅读122次。我要推荐的第一本书便是大名鼎鼎的《Structure and Interpretation of Computer Programs》,在国内可以买到中译版,即机械工业出版社的《计算机程序的构造与解释》。 抽象豪不夸张地说,这是一本影响了好几代程序员的书。自从上世纪80年代MIT开始使用这本书作为教材开始,它使用Lisp语言——直到前两年才被Python取代,但是使用哪本教材不得而知,由这..._老赵书拖
图像处理之常见二值化方法汇总-程序员宅基地
文章浏览阅读6.1k次,点赞5次,收藏53次。图像处理之常见二值化方法汇总图像二值化是图像分析与处理中最常见最重要的处理手段,二值处理方法也非常多。越精准的方法计算量也越大。本文主要介绍四种常见的二值处理方法,通常情况下可以满足大多数图像处理的需要。主要本文讨论的方法仅针对RGB色彩空间。方法一:该方法非常简单,对RGB彩色图像灰度化以后,扫描图像的每个像素值,值小于127的将像素值设为0(黑色),值大于等于127..._web 图像二值画
基于springboot实现社区团购系统项目【项目源码+论文说明】计算机毕业设计-程序员宅基地
文章浏览阅读502次,点赞23次,收藏16次。在网站的整个开发过程中,首先对系统进行了需求分析,设计出系统的主要功能模块,其次对网站进行总体规划和详细设计,最后对基于Spring Boot的社区团购系统进行了系统测试,包括测试概述,测试方法,测试方案等,并对测试结果进行了分析和总结,进而得出系统的不足及需要改进的地方,为以后的系统维护和扩展提供了方便。现在的时代科技飞速地发展,网络交易已经深入大众的生活。项目开发的过程中,要按照规划、分期实施,特别是要注意在项目开发过程中要有条理,从点到面,一步步完善,不要贪图进度,要循环渐进的对项目进行开发。
ACwing 哈希算法入门:_ac算法 哈希-程序员宅基地
文章浏览阅读308次。哈希算法:将字符串映射为数字形式,十分巧妙,一般运用为进制数,进制据前人经验,一般为131,1331时重复率很低,由于字符串的数字和会很大,所以一般为了方便,一般定义为unsigned long long,爆掉时,即为对 2^64 取模,可以对于任意子序列的值进行映射为数字进而进行判断入门题目链接:AC代码:#include<bits/stdc++.h>using na..._ac算法 哈希
VS配置Qt和MySQL_在vs中 如何装qt5sqlmysql模块-程序员宅基地
文章浏览阅读952次,点赞13次,收藏27次。由于觉得Qt的编辑界面比较丑,所以想用vs2022的编辑器写Qt加MySQL的项目。_在vs中 如何装qt5sqlmysql模块
【渝粤题库】广东开放大学 互联网营销 形成性考核_画中画广告之所以能有较高的点击率,主要由于它具有以下特点-程序员宅基地
文章浏览阅读1k次。选择题题目:下面的哪个调研内容属于经济环境调研?()题目:()的目的就是加强与客户的沟通,它是是网络媒体也是网络营销的最重要特性。题目:4Ps策略中4P是指产品、价格、顾客和促销。题目:网络市场调研是目前最为先进的市场调研手段,没有任何的缺点或不足之处。题目:市场定位的基本参数有题目:市场需求调研可以掌握()等信息。题目:在开展企业网站建设时应做好以下哪几个工作。()题目:对企业网站首页的优化中,一定要注意下面哪几个方面的优化。()题目:()的主要作用是增进顾客关系,提供顾客服务,提升企业_画中画广告之所以能有较高的点击率,主要由于它具有以下特点