DNSMasq 转发不起作用!

tag-icon tag-icon networking server network-manager dns dnsmasq
DNSMasq 转发不起作用!

我希望我的整个本地网络只有一个 DNS,当这个 DNS 不知道域名时,我希望它询问路由器 DNS(192.168.1.1)或 Google(8.8.8.8 和 8.8.4.4)。

我安装并配置了 DNSMASQ,它可以很好地与本地域名配合使用,但转发不起作用。

这些是我的实际配置:

DNS:dnsmasq 防火墙打开以进行 DNS 请求:

$ ufw allow 53

为了解决使用端口 53 的错误,我禁用了 systemd-resolved:

$ sudo systemctl disable systemd-resolved
$ sudo systemctl stop systemd-resolved

即使 systemd-resolved 被禁用,NetworkManager 也会动态修改符号链接 resolv.conf,我使用以下命令修复了该问题:$ sudo rm /etc/resolv.conf

$ sudo nano /etc/resolv.conf
nameserver ::1
nameserver 127.0.0.1

我放置了覆盖保护标志:

sudo chattr +i /etc/resolv.conf

我在互联网上找到了信任锚,并在 /usr/share/dnsmasq/trust-anchors.conf 下载了:

# The root DNSSEC trust anchor, valid as at 10/02/2017

# Note that this is a DS record (ie a hash of the root Zone Signing Key) 
# If was downloaded from https://data.iana.org/root-anchors/root-anchors.xml

trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

这是我所做的 /etc/dnsmasq.conf 配置的摘要:

domain-needed
bogus-priv
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
dnssec-check-unsigned   
strict-order
no-resolv
no-poll
server=192.168.1.1
server=8.8.8.8
server=8.8.4.4
local=/jorgecode/
listen-address=::1,127.0.0.1,192.168.1.50
no-dhcp-interface=wlp1s0,lo,enp2s1
expand-hosts
domain=jorgecode
log-queries
log-facility=/var/log/dnsmasq.log

检查语法:

$ dnsmasq --test
dnsmasq: syntex check OK.

主机表是:

$ sudo cat /etc/hosts
127.0.0.1       localhost compaq
192.168.1.1     router
192.168.1.50    compaq
192.168.1.46    rpi

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

重置服务:

$ sudo systemctl restart NetworkManager dnsmasq

我的客户端由 gnome gui 配置:

Settings > WIFI > IPV4 > DNS > Automatic: OFF
DNS: 192.168.1.50
$ sudo systemctl restart NetworkManager

我没有对网络配置做任何其他更改。

在 DNS 服务器和客户端上完成测试:

/var/log/dnsmasq.log:

Jul 18 14:04:07 dnsmasq[12031]: query[A] router.jorgecode from 192.168.1.45
Jul 18 14:04:07 dnsmasq[12031]: /etc/hosts router.jorgecode is 192.168.1.1

Jul 18 14:05:38 dnsmasq[12031]: query[A] google.com from 192.168.1.45
Jul 18 14:05:38 dnsmasq[12031]: forwarded google.com to 8.8.4.4
Jul 18 14:05:38 dnsmasq[12031]: dnssec-query[DS] com to 8.8.4.4
Jul 18 14:05:38 dnsmasq[12031]: reply com is BOGUS DS
Jul 18 14:05:38 dnsmasq[12031]: validation google.com is BOGUS
Jul 18 14:05:38 dnsmasq[12031]: reply google.com is 172.217.16.238

挖掘本地地址:$ dig router.jorgecode

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> router.jorgecode
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37043
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;router.jorgecode.      IN  A

;; ANSWER SECTION:
router.jorgecode.   0   IN  A   192.168.1.1

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Jul 18 13:34:23 CEST 2019
;; MSG SIZE  rcvd: 61

查找本地地址:

$ nslookup router.jorgecode
Server:     ::1
Address:    ::1#53

Name:   router.jorgecode
Address: 192.168.1.1

挖掘外部地址:

$ dig google.com

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27637
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.            IN  A

;; Query time: 14 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Jul 18 13:34:52 CEST 2019
;; MSG SIZE  rcvd: 39

查找外部地址:

$ nslookup google.com
;; Got SERVFAIL reply from ::1, trying next server
Server:     127.0.0.1
Address:    127.0.0.1#53

** server can't find google.com: SERVFAIL

错误:

挖掘:;google.com。在

抬头:服务器找不到 google.com:SERVFAIL

相关内容