« Dnsmasq » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
 
(10 versions intermédiaires par le même utilisateur non affichées)
Ligne 22 : Ligne 22 :
address=/mon-domaine.fr/192.168.0.10
address=/mon-domaine.fr/192.168.0.10


# ignorer /etc/resolv.conf car il contient uniquement localhost
# ignore /etc/resolv.conf if there is only localhost
no-resolv
no-resolv
# ignore /etc/hosts if there is only localhost
no-hosts
# Upstream DNS server addresses (serveur DNS de la box)
# Upstream DNS server addresses (serveur DNS de la box)
server=192.168.0.x
server=192.168.0.x
Ligne 43 : Ligne 45 :
</filebox>
</filebox>
{{info | Après une modification, il faut redémarrer le service {{boxx|dnsmasq}}}}
{{info | Après une modification, il faut redémarrer le service {{boxx|dnsmasq}}}}
== NetworkManager ==
Restart of {{boxx|NetworkManager}} overwrite the {{boxx|/etc/resolv.conf}} file.
<filebox fn='/etc/NetworkManager/NetworkManager.conf' lang=ini>
[main]
# add the following line to avoid NetworkManager to change the resolv.conf file
dns=none
</filebox>


== DHCPCD ==
== DHCPCD ==
Ligne 49 : Ligne 59 :
# so if you use DHCP it is a good idea to protect /etc/resolv.conf.  
# so if you use DHCP it is a good idea to protect /etc/resolv.conf.  
nohook resolv.conf
nohook resolv.conf
</filebox>
== Temporary failure in name resolution ==
Restart of {{boxx|NetworkManager}} overwrite the {{boxx|/etc/resolv.conf}} file, which lead to the {{boxx|Temporary failure in name resolution}} error.
<filebox fn='/etc/NetworkManager/NetworkManager.conf' lang=ini>
[main]
# add the following line to avoid NetworkManager to change the resolv.conf file
dns=none
</filebox>
</filebox>


Ligne 124 : Ligne 126 :
sudo ufw allow 67,68/udp comment 'DHCP udp ports 67,68'
sudo ufw allow 67,68/udp comment 'DHCP udp ports 67,68'
</kode>
</kode>
* [[Ufw#Applications_custom|UFW DNSmasq application]]


= log =
= log =
Ligne 135 : Ligne 138 :


= Erreurs =
= Erreurs =
== [https://askubuntu.com/questions/536787/dnsmasq-starting-before-eth0-is-ready-and-therefore-not-binding Temporary failure in name resolution] ==
== Temporary failure in name resolution ==
{{warn | Ne fonctionne pas}}
=== cron reboot ===
<filebox fn='crontab' lang='bash'>
# restart dnsmasq 60 seconds after reboot
@reboot sleep 60 && systemctl restart dnsmasq
</filebox>
 
=== [https://askubuntu.com/questions/536787/dnsmasq-starting-before-eth0-is-ready-and-therefore-not-binding dnsmasq.service] ===
* [https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1531184 bug]
* [https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1531184 bug]
Dnsmasq fails to respond on network devices that weren't up when its service started, thus not binding as expected.<br>
Dnsmasq fails to respond on network devices that weren't up when its service started, thus not binding as expected.<br>
Ligne 142 : Ligne 151 :
<filebox fn='/lib/systemd/system/dnsmasq.service' lang='ini'>
<filebox fn='/lib/systemd/system/dnsmasq.service' lang='ini'>
[Unit]
[Unit]
#Requires=network.target
#After=network.target
Requires=network-online.target
Requires=network-online.target
After=network-online.target
After=network-online.target

Dernière version du 10 août 2023 à 20:37

Liens

Installation

Bash.svg
sudo pacman dnsmasq

Configuration DNS

/etc/dnsmasq.conf
# ip du serveur
listen-address=::1, 127.0.0.1, 192.168.0.x

# définit la route par défaut si ce n'est pas celle du serveur dnsmasq
dhcp-option=option:router,192.168.0.y

# Associer un domaine à une adresse IP
address=/mon-domaine.fr/192.168.0.10

# ignore /etc/resolv.conf if there is only localhost
no-resolv
# ignore /etc/hosts if there is only localhost
no-hosts
# Upstream DNS server addresses (serveur DNS de la box)
server=192.168.0.x
/etc/resolv.conf
nameserver ::1
nameserver 127.0.0.1
/etc/hosts
#<ip-address>	<hostname.domain.org>   <hostname>
127.0.0.1                               localhost
::1                                     localhost

192.168.0.x     mabox
192.168.0.y     site1.domaine.net site2.domaine.net
192.168.0.z     site3 site4
Après une modification, il faut redémarrer le service dnsmasq

NetworkManager

Restart of NetworkManager overwrite the /etc/resolv.conf file.

/etc/NetworkManager/NetworkManager.conf
[main]
# add the following line to avoid NetworkManager to change the resolv.conf file
dns=none

DHCPCD

/etc/dhcpcd.conf
# dhcpcd, unfortunately, tends to overwrite /etc/resolv.conf by default,
# so if you use DHCP it is a good idea to protect /etc/resolv.conf. 
nohook resolv.conf

Configuration DHCP

/etc/dnsmasq.conf
interface=eth0
bind-interfaces

# allouer dynamique les ip 192.168.0.50 à 192.168.0.150
dhcp-range=192.168.0.50,192.168.0.150,12h
# pas d'allocations dynamique, seul les allocations statiques sont autorisées
dhcp-range=192.168.0.0,static

# Baux DHCP statiques
# donne un nom et une ip à l'adresse MAC correspondante
dhcp-host=xx:xx:xx:xx:xx:xx,Nom,192.168.x.x,infinite
# donne une ip à la machine dont le nom correspond
dhcp-host=Nom,192.168.x.x,infinite

# si unique serveur DHCP
dhcp-authoritative

Afficher les baux dhcp en cours

Bash.svg
cat /var/lib/misc/dnsmasq.leases

Mettre fin à un bail

Bash.svg
systemctl stop dnsmasq

# supprimer la ligne correspondant au bail
nano /var/lib/misc/dnsmasq.leases

systemctl start dnsmasq

# restart the client to get a new ip adress
sc-restart dhcpcd@eth0

VPN

/etc/dnsmasq.conf
interface=eth0
# ajouter l'interface tun
interface=tun0

# ajouter l'ip du serveur sur le réseau VPN
listen-address=127.0.0.1, 10.8.0.1

bind-interfaces

failed to create listening socket for 10.8.0.1: Cannot assign requested address

Dnsmasq démarre avant qu'OpenVPN n'ai eu le temp d'enregistrer l'ip 10.8.0.1
Étendre la configuration du service dnsmasq sans écraser la configuration par défaut: /usr/lib/systemd/system/dnsmasq.service

/etc/systemd/system/dnsmasq.service.d/openvpn.conf
[Unit]
After=openvpn@server.service

Firewall

Bash.svg
# allow incoming communication on port 53 with protocol tcp and udp
sudo ufw allow 53 comment 'DNS tcp/udp port 53'

sudo ufw allow 67,68/udp comment 'DHCP udp ports 67,68'

log

/var/log/messages.log

/etc/dnsmasq.conf
# For debugging purposes, log each DNS query as it passes through dnsmasq.
log-queries
# Log lots of extra information about DHCP transactions.
log-dhcp

Erreurs

Temporary failure in name resolution

cron reboot

crontab
# restart dnsmasq 60 seconds after reboot
@reboot sleep 60 && systemctl restart dnsmasq

dnsmasq.service

Dnsmasq fails to respond on network devices that weren't up when its service started, thus not binding as expected.
Fix: delay startup until after the network is online.

/lib/systemd/system/dnsmasq.service
[Unit]
#Requires=network.target
#After=network.target
Requires=network-online.target
After=network-online.target

failed to create listening socket for port 53: Address already in use

Un autre programme utilise déjà le port 53.

Bash.svg
sudo netstat -peanut | grep :53
# tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      102        16584      2147/systemd-resolv 
# udp        0      0 127.0.0.53:53           0.0.0.0:*                           102        16583      2147/systemd-resolv

Arrêter systemd-resolved (Ubuntu 18.04)

Bash.svg
sc-stop systemd-resolved
sc-disable systemd-resolved

# supprimer le lien symbolique /etc/resolv.conf
ls -lh /etc/resolv.conf
# /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
sudo rm /etc/resolv.conf
/etc/resolv.conf
nameserver 127.0.0.1

Modifier resolved.conf

/etc/systemd/resolved.conf
[Resolve]
DNS=127.0.0.1
DNSStubListener=no
/etc/resolv.conf
nameserver  127.0.0.1
Bash.svg
sc-restart systemd-resolved
sc-start dnsmasq

Ne fonctionne pas avec Android

Android fait des requêtes DNS IPv6 et n'utilise donc pas DNSmasq.
Utiliser une application de changement d'adresse DNS.

Il semble que désactiver les IPv6 sur le routeur ait résolu le problème.