2. 程式人生 > >dnsmasq詳解以及在openstack和容器中的使用

dnsmasq詳解以及在openstack和容器中的使用

阿新 發佈:2019-02-13

dnsmasq簡介

瞭解Dnsmasq,還是從研究openstack neutron網路開始的,在openstack的網路中,dnsmasq為指定網路提供dhcp和dns功能,後臺起的程序如下:

dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/host --addn-hosts=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/opts --dhcp-leasefile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap3043df67-be --dhcp-range=set:tag0,10.1.0.0,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=sample.openstack.org.

該程序在開啟子網的dhcp或者dns功能時啟動,如果在同一網路下開啟多個子網的dhcp或者dns功能,那麼會修改該網路下首次開啟dnsmasq的程序。也就是說,如果第一個子網開啟了dnsmasq程序,那麼後面建立的通網路下面的子網不會重新啟動新的程序,而是會修改第一次啟動的程序。如下:
一個子網開啟dnsmasq程序:

dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host --addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts --dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapf2df91fa-f7 --dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=65536 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=openstacklocal

兩個子網開啟dnsmasq程序:

dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host --addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts --dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapf2df91fa-f7 --dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s --dhcp-range=set:tag1,10.11.0.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=65792 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=openstacklocal

我們會發現:多開啟一個子網的dhcp或則dns功能,只會在首次建立的dnsmasq程序上修改,增加第二次子網的相關資訊,比如:--dhcp-range=set:tag1,10.11.0.0,static,255.255.255.0,86400s。關於openstack的dnsmasq就簡單說到這裡,下面我們來具體說下dnsmasq的整體功能。


Dnsmasq (dnsmasq
       提供 DNS 快取和 DHCP 服務功能。作為域名解析伺服器(DNS),dnsmasq可以通過快取 DNS 請求來提高我們對訪問過的網址的連線速度。而作為DHCP 伺服器,dnsmasq 可以為區域網(比如openstack中的網路)電腦(雲主機)提供內網ip地址和路由。DNS和DHCP兩個功能可以同時或分別單獨實現。dnsmasq輕量且易配置,適用於個人使用者或少於50臺主機的網路。

dnsmasq配置檔案

下面說一下dnsmasq的配置,dnsmasq的配置檔案在/etc/dnsmasq.conf,也可能會因為你linux版本的不同位於/etc/default/dnsmasq、/etc/dnsmasq.d/,或者 /etc/dnsmasq.d-available/目錄下,我們也可以在啟動dnsmasq的程序時指定配置檔案地址或者在配置檔案裡面通過conf-file= 選項來呼叫其他的配置檔案,這些根據需求可以靈活定義。
下面是摘自dnsmasq.conf裡面比較重要且常使用的一些配置項以及簡短說明:


不讀取任何伺服器 預設 /etc/resolv.conf 可以使用resolv-file自定義
不載入本地的 /etc/hosts 檔案

#no-hosts

新增讀取額外的 hosts 檔案路徑,可以多次指定。如果指定為目錄,則讀取目錄中的所有檔案。

#addn-hosts=/etc/dnsmasq.hosts.d

讀取目錄中的所有檔案,檔案更新將自動讀取

#hostsdir=/etc/dnsmasq.hosts.d

指定使用者和組

#user=nobody
#group=nobody

指定DNS的埠,預設53,設定 port=0 將完全禁用 DNS 功能,僅使用 DHCP/TFTP

#port=53

設定DNS快取大小(單位:DNS解析條數)

#cache-size=500

不快取未知域名快取,預設情況下dnsmasq快取未知域名並直接返回為客戶端。

#no-negcache

 指定DNS同屬查詢轉發數量

#dns-forward-max=1000

定義dnsmasq監聽的地址,預設是監控本機的所有網絡卡上。區域網內主機若要使用dnsmasq服務時,指定本機的IP地址。

#listen-address=192.168.26.111

address啟用泛域名解析,即自定義解析a記錄,如下:訪問demon.com時的所有域名都會被解析成127.0.0.1

#address=/demon.com/127.0.0.1

#server指定dnsmasq程式使用哪個DNS伺服器進行解析,對於不同的網站可以使用不同的域名對應解析
#表示對於google的服務,使用谷歌的DNS解析

#server=/google.com/8.8.8.8

定義dnsmasq從哪裡獲取上游DNS伺服器的地址, 預設是從/etc/resolv.conf獲取

#resolve-file

表示嚴格按照resolv-file檔案中的順序從上到下進行DNS解析,直到第一個解析成功為止

#strict-order     

繫結介面,開啟此項將僅監聽指定的介面。

#bind-interfaces

對於新新增的介面也進行繫結。

#bind-dynamic

限制 Dnsmasq 監聽的網路介面

#interface=eth0

指定需要排除監聽的介面,排除優先順序高,可以使用'*'萬用字元

#except-interface=

指定不提供 DHCP 或 TFTP 服務的介面,僅提供 DNS 服務。

#no-dhcp-interface=eth0

dhcp動態分配的地址範圍

dhcp-range=10.10.10.10,10.10.10.100,24h

dhcp服務的靜態繫結

# dhcp-host=00:0C:38:52:42:61,10.10.10.11
# dhcp-host=00:0C:38:52:43:62,10.10.10.12,infinite    無限租期
dhcp-host=00:0C:38:52:44:64,10.10.10.13,OS13
dhcp-host=00:0C:38:52:45:65,10.10.10.14,0S14

設定預設租期

#dhcp-lease-max=150

租期儲存在下面檔案

#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases

 忽略下面MAC地址的DHCP請求

#dhcp-host=11:22:33:44:55:66,ignore

 dhcp所在的domain

#domain=test.com

設定預設路由出口,option 3為default route, 10.10.10.1為閘道器

#dhcp-option=3,10.10.10.1

dnsmasq命令列以及在openstack中的程序引數解析

看完配置檔案,我們再來看下dnsmasq程序有那些引數可以配置:
可以參考英文文件:dnsmasq命令列引數解析

dnsmasq --test 測試配置是否正確
    -w, --help #幫助命令
    -v, --version #列印版本號
    -H, --addn-hosts=<file> 
    --hostsdir=<path> 
    -d, --no-daemon #前臺執行該程序
    -x, --pid-file=<path> 將程序的pid號寫到指定檔案
    -I, --except-interface=<interface name>
    -2, --no-dhcp-interface=<interface name>    
    -a, --listen-address=<ipaddr>
    -z, --bind-interfaces
    --ignore-address=<ipaddr>
    -r, --resolv-file=<file>
    -R, --no-resolv
    -o, --strict-order
    -S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
    -G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
    --dhcp-hostsfile=<path>
    --dhcp-optsfile=<path>

上面是一些常用的配置項,沒有解釋的可以檢視上文的配置檔案解析


下面我們就上面的配置解析一下openstack中dnsmasq的程序引數:

dnsmasq --no-hosts #不載入本地的 /etc/hosts 檔案
                --no-resolv #不讀取/etc/resolv.conf.,獲取dns只從命令列或者dnsmasq配置檔案讀取
                --strict-order  #嚴格按照resolv.conf中的順序進行查詢
                --except-interface=lo #不監聽lo網絡卡
                --pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid 儲存dnsmasq程序pid號的檔案
               --dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host 讀取該檔案儲存的dhcp 主機資訊
               --addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts  #新增讀取額外的 hosts 檔案路徑
               --dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts #從指定的檔案中讀取DHCP選項資訊
               --dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases #儲存租約的檔案
               --dhcp-match=set:ipxe,175 #設定dhcp tag
               --bind-interfaces #繫結介面,開啟此項將僅監聽指定的介面
               --interface=tapf2df91fa-f7  #要監聽的埠
               --dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s  #1)設定網路的tag,2)dhcp監聽的網路範圍 3)static表示dnsmasq為指定的網路啟用DHCP,而不是動態分配IP地址 4)租約時間
               --dhcp-option-force=option:mtu,1450  為DHCP客戶端指定不同的或額外的選項,這裡為客戶端指定mtu=1450
              --dhcp-lease-max=65536 指定dnsmasq為dhcp提供租約的最大個數,預設為1000
               --conf-file=/etc/neutron/dnsmasq.conf #呼叫其他的配置檔案
               --server=8.8.8.8 --server=8.8.4.4 #指定上游域名伺服器
               --domain=openstacklocal #為dhcp服務指定dns域名

dnsmasq安裝

  容器中也是一樣安裝dnsmasq,下面安裝是針對centos7版本的:

[[email protected] centos]# yum install dnsmasq
base                                                                                                                                                | 3.6 kB  00:00:00     
epel                                                                                                                                                | 3.2 kB  00:00:00     
extras                                                                                                                                              | 3.4 kB  00:00:00     
updates                                                                                                                                             | 3.4 kB  00:00:00     
(1/7): epel/x86_64/group_gz                                                                                                                         |  88 kB  00:00:00     
(2/7): base/7/x86_64/group_gz                                                                                                                       | 166 kB  00:00:00     
(3/7): epel/x86_64/updateinfo                                                                                                                       | 932 kB  00:00:00     
(4/7): base/7/x86_64/primary_db                                                                                                                     | 5.9 MB  00:00:00     
(5/7): epel/x86_64/primary                                                                                                                          | 3.6 MB  00:00:00     
(6/7): extras/7/x86_64/primary_db                                                                                                                   | 174 kB  00:00:00     
(7/7): updates/7/x86_64/primary_db                                                                                                                  | 5.0 MB  00:00:00     
epel                                                                                                                                                           12650/12650
Resolving Dependencies
--> Running transaction check
---> Package dnsmasq.x86_64 0:2.76-5.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================================================
 Package                                  Arch                                    Version                                      Repository                             Size
===========================================================================================================================================================================
Installing:
 dnsmasq                                  x86_64                                  2.76-5.el7                                   base                                  277 k

Transaction Summary
===========================================================================================================================================================================
Install  1 Package

Total download size: 277 k
Installed size: 586 k
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/dnsmasq-2.76-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for dnsmasq-2.76-5.el7.x86_64.rpm is not installed
dnsmasq-2.76-5.el7.x86_64.rpm                                                                                                                       | 277 kB  00:00:00     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-4.1708.el7.centos.x86_64 (installed)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : dnsmasq-2.76-5.el7.x86_64                                                                                                                               1/1 
  Verifying  : dnsmasq-2.76-5.el7.x86_64                                                                                                                               1/1 

Installed:
  dnsmasq.x86_64 0:2.76-5.el7                                                                                                                                              

Complete!

簡單使用:

[[email protected] centos]# dnsmasq --test
dnsmasq: syntax check OK.

[[email protected] centos]# dnsmasq --version
Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.

[[email protected]t centos]# dnsmasq --help
Usage: dnsmasq [options]

Valid options are:
-a, --listen-address=<ipaddr>           Specify local address(es) to listen on.
-A, --address=/<domain>/<ipaddr>        Return ipaddr for all hosts in specified domains.
-b, --bogus-priv                        Fake reverse lookups for RFC1918 private address ranges.
-B, --bogus-nxdomain=<ipaddr>           Treat ipaddr as NXDOMAIN (defeats Verisign wildcard).
-c, --cache-size=<integer>              Specify the size of the cache in entries (defaults to 150).
-C, --conf-file=<path>                  Specify configuration file (defaults to /etc/dnsmasq.conf).
-d, --no-daemon                         Do NOT fork into the background: run in debug mode.
-D, --domain-needed                     Do NOT forward queries with no domain part.
-e, --selfmx                            Return self-pointing MX records for local hosts.
-E, --expand-hosts                      Expand simple names in /etc/hosts with domain-suffix.
-f, --filterwin2k                       Don't forward spurious DNS requests from Windows hosts.
-F, --dhcp-range=<ipaddr>,...           Enable DHCP in the range given with lease duration.
-g, --group=<groupname>                 Change to this group after startup (defaults to dip).
-G, --dhcp-host=<hostspec>              Set address or hostname for a specified machine.
    --dhcp-hostsfile=<path>             Read DHCP host specs from file.
    --dhcp-optsfile=<path>              Read DHCP option specs from file.
    --dhcp-hostsdir=<path>              Read DHCP host specs from a directory.
    --dhcp-optsdir=<path>               Read DHCP options from a directory.
    --tag-if=tag-expression             Evaluate conditional tag expression.
-h, --no-hosts                          Do NOT load /etc/hosts file.
-H, --addn-hosts=<path>                 Specify a hosts file to be read in addition to /etc/hosts.
    --hostsdir=<path>                   Read hosts files from a directory.
-i, --interface=<interface>             Specify interface(s) to listen on.
-I, --except-interface=<interface>      Specify interface(s) NOT to listen on.
-j, --dhcp-userclass=set:<tag>,<class>  Map DHCP user class to tag.
    --dhcp-circuitid=set:<tag>,<circuit>Map RFC3046 circuit-id to tag.
    --dhcp-remoteid=set:<tag>,<remote>  Map RFC3046 remote-id to tag.
    --dhcp-subscrid=set:<tag>,<remote>  Map RFC3993 subscriber-id to tag.
-J, --dhcp-ignore=tag:<tag>...          Don't do DHCP for hosts with tag set.
    --dhcp-broadcast[=tag:<tag>...]     Force broadcast replies for hosts with tag set.
-k, --keep-in-foreground                Do NOT fork into the background, do NOT run in debug mode.
-K, --dhcp-authoritative                Assume we are the only DHCP server on the local network.
-l, --dhcp-leasefile=<path>             Specify where to store DHCP leases (defaults to /var/lib/dnsmasq/dnsmasq.leases).
-L, --localmx                           Return MX records for local hosts.
-m, --mx-host=<host_name>,<target>,<prefSpecify an MX record.
-M, --dhcp-boot=<bootp opts>            Specify BOOTP options to DHCP server.
-n, --no-poll                           Do NOT poll /etc/resolv.conf file, reload only on SIGHUP.
-N, --no-negcache                       Do NOT cache failed search results.
-o, --strict-order                      Use nameservers strictly in the order given in /etc/resolv.conf.
-O, --dhcp-option=<optspec>             Specify options to be sent to DHCP clients.
    --dhcp-option-force=<optspec>       DHCP option sent even if the client does not request it.
-p, --port=<integer>                    Specify port to listen for DNS requests on (defaults to 53).
-P, --edns-packet-max=<integer>         Maximum supported UDP packet size for EDNS.0 (defaults to 4096).
-q, --log-queries                       Log DNS queries.
-Q, --query-port=<integer>              Force the originating port for upstream DNS queries.
-R, --no-resolv                         Do NOT read resolv.conf.
-r, --resolv-file=<path>                Specify path to resolv.conf (defaults to /etc/resolv.conf).
    --servers-file=<path>               Specify path to file with server= options
-S, --server=/<domain>/<ipaddr>         Specify address(es) of upstream servers with optional domains.
    --rev-server=<addr>/<prefix>,<ipaddrSpecify address of upstream servers for reverse address queries
    --local=/<domain>/                  Never forward queries to specified domains.
-s, --domain=<domain>[,<range>]         Specify the domain to be assigned in DHCP leases.
-t, --mx-target=<host_name>             Specify default target in an MX record.
-T, --local-ttl=<integer>               Specify time-to-live in seconds for replies from /etc/hosts.
    --neg-ttl=<integer>                 Specify time-to-live in seconds for negative caching.
    --max-ttl=<integer>                 Specify time-to-live in seconds for maximum TTL to send to clients.
    --max-cache-ttl=<integer>           Specify time-to-live ceiling for cache.
    --min-cache-ttl=<integer>           Specify time-to-live floor for cache.
-u, --user=<username>                   Change to this user after startup. (defaults to nobody).
-U, --dhcp-vendorclass=set:<tag>,<class>Map DHCP vendor class to tag.
-v, --version                           Display dnsmasq version and copyright information.
-V, --alias=<ipaddr>,<ipaddr>,<netmask> Translate IPv4 addresses from upstream servers.
-W, --srv-host=<name>,<target>,...      Specify a SRV record.
-w, --help                              Display this message. Use --help dhcp or --help dhcp6 for known DHCP options.
-x, --pid-file=<path>                   Specify path of PID file (defaults to /var/run/dnsmasq.pid).
-X, --dhcp-lease-max=<integer>          Specify maximum number of DHCP leases (defaults to 1000).
-y, --localise-queries                  Answer DNS queries based on the interface a query was sent to.
-Y, --txt-record=<name>,<txt>[,<txt]    Specify TXT DNS record.
    --ptr-record=<name>,<target>        Specify PTR DNS record.
    --interface-name=<name>,<interface> Give DNS name to IPv4 address of interface.
-z, --bind-interfaces                   Bind only to interfaces in use.
-Z, --read-ethers                       Read DHCP static host information from /etc/ethers.
-1, --enable-dbus[=<busname>]           Enable the DBus interface for setting upstream servers, etc.
-2, --no-dhcp-interface=<interface>     Do not provide DHCP on this interface, only provide DNS.
-3, --bootp-dynamic[=tag:<tag>]...      Enable dynamic address allocation for bootp.
-4, --dhcp-mac=set:<tag>,<mac address>  Map MAC address (with wildcards) to option set.
    --bridge-interface=<iface>,<alias>..Treat DHCP requests on aliases as arriving from interface.
-5, --no-ping                           Disable ICMP echo address checking in the DHCP server.
-6, --dhcp-script=<path>                Shell script to run on DHCP lease creation and destruction.
    --dhcp-luascript=path               Lua script to run on DHCP lease creation and destruction.
    --dhcp-scriptuser=<username>        Run lease-change scripts as this user.
    --script-arp                        Call dhcp-script with changes to local ARP table.
-7, --conf-dir=<path>                   Read configuration from all the files in this directory.
-8, --log-facility=<facilty>|<file>     Log to this syslog facility or file. (defaults to DAEMON)
-9, --leasefile-ro                      Do not use leasefile.
-0, --dns-forward-max=<integer>         Maximum number of concurrent DNS queries. (defaults to 150)
    --clear-on-reload                   Clear DNS cache when reloading /etc/resolv.conf.
    --dhcp-ignore-names[=tag:<tag>]...  Ignore hostnames provided by DHCP clients.
    --dhcp-no-override                  Do NOT reuse filename and server fields for extra DHCP options.
    --enable-tftp[=<intr>[,<intr>]]     Enable integrated read-only TFTP server.
    --tftp-root=<dir>[,<iface>]         Export files by TFTP only from the specified subtree.
    --tftp-unique-root                  Add client IP address to tftp-root.
    --tftp-secure                       Allow access only to files owned by the user running dnsmasq.
    --tftp-no-fail                      Do not terminate the service if TFTP directories are inaccessible.
    --tftp-max=<integer>                Maximum number of conncurrent TFTP transfers (defaults to 50).
    --tftp-mtu=<integer>                Maximum MTU to use for TFTP transfers.
    --tftp-no-blocksize                 Disable the TFTP blocksize extension.
    --tftp-lowercase                    Convert TFTP filenames to lowercase
    --tftp-port-range=<start>,<end>     Ephemeral port range for use by TFTP transfers.
    --log-dhcp                          Extra logging for DHCP.
    --log-async[=<integer>]             Enable async. logging; optionally set queue length.
    --stop-dns-rebind                   Stop DNS rebinding. Filter private IP ranges when resolving.
    --rebind-localhost-ok               Allow rebinding of 127.0.0.0/8, for RBL servers.
    --rebind-domain-ok=/<domain>/       Inhibit DNS-rebind protection on this domain.
    --all-servers                       Always perform DNS queries to all servers.
    --dhcp-match=set:<tag>,<optspec>    Set tag if client includes matching option in request.
    --dhcp-alternate-port[=<ports>]     Use alternative ports for DHCP.
    --naptr-record=<name>,<naptr>       Specify NAPTR DNS record.
    --min-port=<port>                   Specify lowest port available for DNS query transmission.
    --max-port=<port>                   Specify highest port available for DNS query transmission.
    --dhcp-fqdn                         Use only fully qualified domain names for DHCP clients.
    --dhcp-generate-names[=tag:<tag>]   Generate hostnames based on MAC address for nameless clients.
    --dhcp-proxy[=<ipaddr>]...          Use these DHCP relays as full proxies.
    --dhcp-relay=<local-addr>,<server>[,Relay DHCP requests to a remote server
    --cname=<alias>,<target>[,<ttl>]    Specify alias name for LOCAL DNS name.
    --pxe-prompt=<prompt>,[<timeout>]   Prompt to send to PXE clients.
    --pxe-service=<service>             Boot service for PXE menu.
    --test                              Check configuration syntax.
    --add-mac[=base64|text]             Add requestor's MAC address to forwarded DNS queries.
    --add-subnet=<v4 pref>[,<v6 pref>]  Add specified IP subnet to forwarded DNS queries.
    --add-cpe-id=<text>                 Add client identification to forwarded DNS queries.
    --proxy-dnssec                      Proxy DNSSEC validation results from upstream nameservers.
    --dhcp-sequential-ip                Attempt to allocate sequential IP addresses to DHCP clients.
    --conntrack                         Copy connection-track mark from queries to upstream connections.
    --dhcp-client-update                Allow DHCP clients to do their own DDNS updates.
    --enable-ra                         Send router-advertisements for interfaces doing DHCPv6
    --dhcp-duid=<enterprise>,<duid>     Specify DUID_EN-type DHCPv6 server DUID
    --host-record=<name>,<address>[,<ttlSpecify host (A/AAAA and PTR) records
    --dns-rr=<name>,<RR-number>,[<data>]Specify arbitrary DNS resource record
    --bind-dynamic                      Bind to interfaces in use - check for new interfaces
    --auth-server=<NS>,<interface>      Export local names to global DNS
    --auth-zone=<domain>,[<subnet>...]  Domain to export to global DNS
    --auth-ttl=<integer>                Set TTL for authoritative replies
    --auth-soa=<serial>[,...]           Set authoritive zone information
    --auth-sec-servers=<NS>[,<NS>...]   Secondary authoritative nameservers for forward domains
    --auth-peer=<ipaddr>[,<ipaddr>...]  Peers which are allowed to do zone transfer
    --ipset=/<domain>/<ipset>[,<ipset>..Specify ipsets to which matching domains should be added
    --synth-domain=<domain>,<range>,[<prSpecify a domain and address range for synthesised names
    --dnssec                            Activate DNSSEC validation
    --trust-anchor=<domain>,[<class>],..Specify trust anchor key digest.
    --dnssec-debug                      Disable upstream checking for DNSSEC debugging.
    --dnssec-check-unsigned             Ensure answers without DNSSEC are in unsigned zones.
    --dnssec-no-timecheck               Don't check DNSSEC signature timestamps until first cache-reload
    --dnssec-timestamp=<path>           Timestamp file to verify system clock for DNSSEC
    --ra-param=<interface>,[high,|low,]<Set priority, resend-interval and router-lifetime
    --quiet-dhcp                        Do not log routine DHCP.
    --quiet-dhcp6                       Do not log routine DHCPv6.
    --quiet-ra                          Do not log RA.
    --local-service                     Accept queries only from directly-connected networks.
    --dns-loop-detect                   Detect and remove DNS forwarding loops.
    --ignore-address=<ipaddr>           Ignore DNS responses containing ipaddr.
    --dhcp-ttl=<ttl>                    Set TTL in DNS responses with DHCP-derived addresses.

dnsmasq測試環境搭建

簡單的一個網路拓撲如下:在ovs+kvm環境中搭建如下網路,dnsmasq程序監聽DHCP tap1裝置,主機host1和host2發出的dhcp廣播包被tap1接受,dnsmasq程序會到對應的host檔案中找到匹配mac的ip並下發給主機,如果沒找到,主機獲取ip失敗。

這個環境搭建請看:測試環境搭建

dnsmasq程序啟動以及測試

將兩個主機的mac寫入到對應的host檔案中:

[[email protected] dhcp]# pwd
/root/dnsmasq/dhcp
[[email protected] dhcp]# ls
host  pid
[[email protected] dhcp]# cat pid 
[[email protected] dhcp]# cat host 
52:54:00:aa:69:cc,10.10.10.20
52:54:00:aa:69:dd,10.10.10.30

啟動程序:

[[email protected] ~]# dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/root/dnsmasq/dhcp/pid --dhcp-hostsfile=/root/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8

進入虛擬機器進行自動獲取ip測試:

[[email protected] ~]# virsh console 2
Connected to domain cirros-test-vm2
Escape character is ^]

$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.30...
Lease of 10.10.10.30 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.10.1      0.0.0.0         UG    0      0        0 eth0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0

[[email protected] dhcp]# virsh console 9
Connected to domain cirros-test-vm
Escape character is ^]

$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.20...
Lease of 10.10.10.20 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.10.1      0.0.0.0         UG    0      0        0 eth0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0

[[email protected] ~]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/root/dnsmasq/dhcp/pid --dhcp-hostsfile=/root/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /root/dnsmasq/dhcp/host
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:dd 
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd 
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd 
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd 
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:cc 
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc 
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc 
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc

dnsmasq容器啟動以及測試

容器中啟動dnsmasq,需要容器以net=host的網路模式啟動,如此才可以監控主機上的dhcp_tap介面,host 、pid等檔案儲存到容器內部。

[[email protected] ~]# docker exec -it 3da033d6c511 bash
[[email protected] dhcp]# pwd
/dnsmasq/dhcp
[[email protected] dhcp]# ls
host  pid
[[email protected] dhcp]# cat pid 
[[email protected] dhcp]# cat host 
52:54:00:aa:69:cc,10.10.10.40
52:54:00:aa:69:dd,10.10.10.50

在容器中啟動程序

[[email protected] dhcp]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/dnsmasq/dhcp/pid --dhcp-hostsfile=/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /dnsmasq/dhcp/host

注意:如果dnsmasq程序在容器中作為入口程式啟動,需要新增-d引數,讓這個程序在前臺啟動,而不能在後臺啟動。

經測試,在虛擬機器獲取ip時,程序報如下錯誤:

dnsmasq-dhcp: ARP-cache injection failed: Operation not permitted

操作不被允許,這裡是因為許可權的問題,當建立容器時,給與特權模式便可。

[[email protected] ~]# docker run -it --privileged --net=host library/centos /bin/bash

重新測試,虛擬機器可以正常獲取ip:

$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.40...
Lease of 10.10.10.40 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8

$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.50...
Lease of 10.10.10.50 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8

[[email protected] dhcp]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/dnsmasq/dhcp/pid --dhcp-hostsfile=/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /dnsmasq/dhcp/host
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:cc 
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc 
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc 
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc 
dnsmasq-dhcp: DHCPRELEASE(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd unknown lease
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:dd 
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd 
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd 
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd

相關推薦

dnsmasq以及openstack容器的使用

dnsmasq簡介 瞭解Dnsmasq,還是從研究openstack neutron網路開始的,在openstack的網路中,dnsmasq為指定網路提供dhcp和dns功能,後臺起的程序如下: dnsmasq --no-hosts --no-resolv --stric

JSON以及stringfy( )parse( )的使用

前言:最早,XML是是網際網路上傳輸結構化資料的事實標準,但是XML使用繁瑣,為了解決這個問題,JSON應運而生。JSON是JavaScript的一個嚴格子集,利用了 JavaScript中的一些模式來表示結構化資料。 JSON 並不從屬於 JavaScript

ServletContextListener使用以及web容器獲取spring容器

ServletContextListener 介面是servlet的一個介面,它能夠監聽 ServletContext 物件的生命週期,實際上就是監聽 Web 應用的生命週期(Tomcat的啟動與關閉)。 伺服器啟動時,ServletContextListener 的 co

Android Studio——android的檔案操作以及內部儲存外部儲存

原文連結:http://www.jcodecraeer.com/a/anzhuokaifa/androidkaifa/2013/0923/1557.html 其實安卓檔案的操作和java在pc環境下的操作並無二致,之所以需要單獨講解是因為安卓系統提供了不同於

懶漢模式餓漢模式以及他們的改進

下一步 例子 理解 創建對象 進行 有一個 這就是 cnblogs 多人 提到單例模式的話相信很多人都不會陌生,一般初級程序員也知道懶漢模式和餓漢模式。 那麽什麽是單例模式呢?我個人低的理解就是當用這個類的對象的時候就只能創建同一個對象。是你,是你,還是你! 而在單例模式中

Net Core數據庫事務隔離——以DapperMysql為例

事務 ring 增刪改 tostring 測試 stc efault 多個 log Net Core中數據庫事務隔離詳解——以Dapper和Mysql為例 事務隔離級別 準備工作 Read uncommitted 讀未提交 Read committed 讀取提交內

Djangostatic(靜態)檔案以及{% static %}標籤的使用

想要深入學習Django的可以看一些這個視訊:超細講解Django打造大型企業官網 在一個網頁中,不僅僅只有一個html骨架,還需要css樣式檔案,js執行檔案以及一些圖片等。因此在DTL中載入靜態檔案是一個必須要解決的問題。在DTL中,使用static標籤來載入靜態檔案。要使用stat

BFSDFS以及java實現(轉載)

作者: Leo-Yang 原文都先發布在作者個人部落格: http://www.leoyang.net/ 本文版權歸作者和部落格園共有,歡迎轉載,但未經作者同意必須保留此段宣告,且在文章頁面明顯位置給出原文連線,否則保留追究法律責任的權利. 前言

03 -1 pandas DataFrame理解與建立、索引、運算的以及例項

DataFrame DataFrame是一個【表格型】的資料結構,可以看做是【由Series組成的字典】(共用同一個索引)。DataFrame由按一定順序排列的多列資料組成。設計初衷是將Series的使用場景從一維拓展到多維。DataFrame既有行索引,也有列索引。 行索引

JAR包的MANIFEST.MF檔案以及編寫規範

JAR包中的MANIFEST.MF檔案詳解以及編寫規範 參考百度百科的解釋如下: http://baike.baidu.com/item/MANIFEST.MF MANIFEST.MF:這個 manifest 檔案定義了與擴充套件和包相關的資料。單詞“manifest”的意思是“

Immuable以及在React的實戰

轉載自:https://zhuanlan.zhihu.com/p/20295971, 今天看到這篇文章後情不自禁的轉載過來了,我的天老爺,我看到後直接菊花一緊,這寫的太好了,直接寫進我心坎裡了,我必須推薦你們看一下,太帥了   Shared mutable state is the ro

RabbitMQ以及SpringBoot整合

各訊息元件的適用場景 ActiveMQ ActiveMQ 是一款比較早期的訊息元件,由Apache開源出來的,它能滿足吞吐量一般的業務場景,但是對於高併發場景,效能較差。 Kafka Kafka追求高吞吐量的特性,它一開始使用於日誌的收集。缺點是訊息可靠性支援

Linux掛載以及mount命令用法

掛載概念 Linux中的根目錄以外的檔案要想被訪問,需要將其“關聯”到根目錄下的某個目錄來實現,這種關聯操作就是“掛載”,這個目錄就是“掛載點”,解除次關聯關係的過程稱之為“解除安裝”。 注意:“掛載點”的目錄需要以下幾個要求: (1)目錄事先存在,可以用mkdir

JavaMap的 entrySet() 以及用法(四種遍歷map的方式)

Entry 由於Map中存放的元素均為鍵值對,故每一個鍵值對必然存在一個對映關係。  Map中採用Entry內部類來表示一個對映項,對映項包含Key和Value (我們總說鍵值對鍵值對, 每一個鍵值對也就是一個Entry) Map.Entry裡面包含getKey()和getValue(

SVD在推薦系統的應用以及演算法推導

前面文章SVD原理及推導已經把SVD的過程講的很清楚了,本文介紹如何將SVD應用於推薦系統中的評分預測問題。其實也就是復現Koren在NetFlix大賽中的使用到的SVD演算法以及其擴展出的RSVD、SVD++。    記得剛接觸SVD是在大二,那會兒跟師兄在做專案的時候就

AndroidView自定義XML屬性以及R.attr與R.styleable的區別

為View新增自定義XML屬性 Android中的各種Widget都提供了很多XML屬性,我們可以利用這些XML屬性在layout檔案中為Widget的屬性賦值。 如下所示: <TextView android:layout_wi

AndroidAlarmManager以及利用PendingIntent設定鬧鐘

AlarmManager是提供一種訪問系統鬧鐘服務的方式,允許你去設定在將來的某個時間點去執行你的應用程式。當你的鬧鐘響起(時間到)時,在它上面註冊的一個意圖(Intent)將會被系統以廣播發出,然後自動啟動目標程式,如果它沒有正在執行。註冊的鬧鐘會被保留即使裝置處於休眠中

JavaNullPointerException異常的原因以及解決方法

NullPointerException是當您嘗試使用指向記憶體中空位置的引用(null)時發生的異常,就好像它引用了一個物件一樣。 當我們宣告引用變數(即物件)時,實際上是在建立指向物件的指標。考慮以下程式碼,您可以在其中宣告基本型別的整型變數x: int x; x = 10; 在

logback的使用logback.xml,在Spring專案使用log列印日誌

一、logback的介紹   Logback是由log4j創始人設計的另一個開源日誌元件,官方網站: http://logback.qos.ch。它當前分為下面下個模組:  logback-core:其它兩個模組的基礎模組  logback-classic:它是log4j的一個改良版本,同時它完整實現了sl

YOLO原始碼(五)- YOLO的7*7個gridRPN的9個anchors

一直不知道7×7的網格到底是幹什麼的,不就是結果預測7×7×2個框嗎,這跟把原圖分成7×7有什麼關係?不分成7×7就不能預測7×7×2個框嗎? 之前跟一個朋友討論,他說7×7的網格是作為迴歸框的初始位置,我後來的很長一段時間一直這麼認為,後來想想不對啊