**注意:**由于 DNS 关系内网集群几乎所有的服务,所以 DNS 是不允许有任何中断的,必须同时配置 主、备 2个 DNS,以防服务中断。
#使用工具
- dnsmasq
- keepalived (可选,配置虚拟IP运行服务)
准备
如果系统为:Ubuntu 18.04,自带 systemd-resolve,需要禁用它,因为它绑定到端口53,这将与 Dnsmasq 端口冲突。
运行以下命令以禁用已解析的服务:
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
安装
sudo apt-get install dnsmasq
修改配置文件 /etc/dnsmasq.conf
其中 domain.com 为配置的域名,根据实际需要自由更改
listen-address=0.0.0.0
#domain-needed This tells dnsmasq to never pass short names to the upstream DNS servers. If the name is not in the local /etc/hosts file then “not found” will be returned.
domain-needed
#bogus-priv All reverse IP (192.168.x.x) lookups that are not found in /etc/hosts will be returned as “no such domain” and not forwarded to the upstream servers.
bogus-priv
#no-resolv Do not read resolv.conf to find the servers where to lookup dns.
no-resolv
#Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
#cache-size=500
#no-poll Do not poll resolv.conf for changes
no-poll
server=/domain.com/192.168.1.114
#server=8.8.8.8 Set one or more DNS servers to use when addresses are not local. These are open DNS servers.
server=114.114.114.114
#local=/example.com/ Our local domain, queries in these domains are answered from /etc/hosts or the static-hosts files.
local=/domain.com/
#address=/doubleclick.net/127.0.0.1 Use this force an address for the specified domains. e.g to block adverts force doubleclck.net to localhost
#address=/chianyu.com/192.168.1.114
#no-hosts This options stops dnsmasq using the local /etc/hosts file as a source for lookups .
no-hosts
#addn-hosts=/etc/dnsmasq_static_hosts.conf Force dnsmasq to use this file for lookups. It is in the same format as /etc/hosts.
addn-hosts=/etc/dnsmasq_static_hosts.conf
#In the file /etc/dnsmasq_static_hosts.conf you can add a list of local machines with static IP addresses in the same format as the hosts file. It is also an easy way of creating aliases or CNAME records.
#192.168.0.8 mail mail.example.com
#192.168.0.9 smtp smtp.example.com
#expand_hosts So we can see our local hosts via our home domain without having to repeatedly specify the domain in our /etc/hosts file.
expand-hosts
#domain This is your local domain name. It will tell the DHCP server which host to give out IP addresses for.
domain=chianyu.com
dhcp-range=192.168.1.100,192.168.1.200,72h
dhcp-range=tftp,192.168.1.230,192.168.1.239
#dhcp服务的静态绑定
# Always set the name and ipaddr of the host with hardware address
# dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201
# dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201,infinite 无限租期
#dhcp-host=mylaptop,192.168.0.199,36h Any machine saying they are hostname = ‘mylaptop’ gets this IP address
# 忽略下面MAC地址的DHCP请求
# Never offer DHCP service to a machine whose ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
#dhcp-option=option:router,192.168.1.1 When a host is requesting an IP address via DHCP also tell it the gateway to use.
dhcp-option=option:router,192.168.1.1
#dhcp-option=option:ntp-server,192.168.1.4 When a host is requesting an IP address via DHCP also tell it the NTP to use.
#dhcp-option=option:ntp-server,192.168.1.1
dhcp-option=19,0 # ip-forwarding off
dhcp-option=44,192.168.1.114 # set netbios-over-TCP/IP aka WINS
dhcp-option=45,192.168.1.114 # netbios datagram distribution server
dhcp-option=46,8 # netbios node type
修改静态主机配置文件
修改文件:sudo vim /etc/dnsmasq_static_hosts.conf
192.168.1.110 dns1.domain.com dns1
192.168.1.111 dns2.domain.com dns2
192.168.1.112 haproxy.domain.com haproxy
192.168.1.113 mysql.domain.com mysql
192.168.1.114 myapp.domain.com myapp
192.168.1.115 router.domain.com router
**注意:**一定注意!!!记录与记录之间不能有空行,否则会造成 ping 域名的时候,会有几秒钟的停顿,然后才响应,或者可能无法 ping 通的问题。具体原因不详,可能是 dnsmasq 对文件格式的解析处理得不够好。
添加开机启动
修改 /etc/rc.local 添加 service dnsmasq restart
