From be6530bf6d0fda9140c6bf0e5e95af10154a5614 Mon Sep 17 00:00:00 2001 From: DoTheEvolution Date: Wed, 6 May 2020 02:27:22 +0200 Subject: [PATCH] update --- dnsmasq/readme.md | 152 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 115 insertions(+), 37 deletions(-) diff --git a/dnsmasq/readme.md b/dnsmasq/readme.md index 7df3eeb..c9d3101 100644 --- a/dnsmasq/readme.md +++ b/dnsmasq/readme.md @@ -15,15 +15,14 @@ Lightweight DHCP and DNS server. ``` /etc/ -└── dnsmasq.conf +├── dnsmasq.conf +├── hosts +└── resolve.conf ``` # Installation -* Install dnsmasq from your linux official repos. -* configuration -* enable and start the service
- `sudo systemctl enable --now dnsmasq` +* Install dnsmasq from your linux official repos # Configuration @@ -33,59 +32,138 @@ Configuration file location: /etc/dnsmasq.conf `dnsmasq.conf` ```bash -# dont use resolv.conf as it gets changed by DHCP -resolv-file=/etc/resolv.conf.dnsmasq +# DNS -------------------------------------------------------------------------- -# DHCP netmask -# CLients get 255.255.255.0 as netmask -dhcp-option=1,255.255.255.0 +# Never forward plain names (without a dot or domain part) +domain-needed +# Never forward addresses in the non-routed address spaces. +bogus-priv -# default gateway -# clients get 192.168.1.251 as gateway -dhcp-option=3,192.168.1.69 +# If you don't want dnsmasq to read /etc/resolv.conf +no-resolv +no-poll -# dns -# clients get 192.168.1.69 as DNS (this is the IP of the Pi itself) -dhcp-option=6,192.168.1.69 +# DHCP and DNS interface and address +interface=enp0s25 +listen-address=::1,127.0.0.1 +# Upstream Google and Cloudflare nameservers +server=8.8.8.8 +server=1.1.1.1 -#you can assign fixed ip adresses to hosts based on mac address -dhcp-host=ma:ca:dr:e:ss:00,mycomp192.168.1.1,12h +# DNS wildcard ----------------------------------------------------------------- +# wildcard dns entry sending domain and all its subdomains to an ip +address=/blabla.org/192.168.1.2 +# subdomain override +address=/plex.blabla.org/192.168.1.3 -# all hosts not identified by mac get a dynamic ip out of this range: -dhcp-range=192.168.1.120,192.168.1.200,12h +# DHCP ------------------------------------------------------------------------- + +dhcp-range=192.168.1.51,192.168.1.199,255.255.255.0,480h +# gateway +dhcp-option=3,192.168.1.1 + +dhcp-authoritative + +#dhcp-leasefile=/var/lib/misc/dnsmasq.leases ``` # resolv.conf -Edit /etc/resolv.conf to send all requests to dnsmasq, then prevent c +Contains DNS nameservers to be used by this linux machine.
+Since dnsmasq, a DNS server, is running right on this machine, +the entries should point to localhost. + +Bit of an issue is that this file is often dynamically generated and changed +by various system services like systemd or dhcpcd. +To prevent this, +it will be flagged as immutable, which prevents all possible changes to it +unless the attribute is removed. -* `nameserver 127.0.0.1` +Edit /`etc/resolv.conf` and set localhost as the dns nameserver. + +`resolv.conf` +``` +nameserver ::1 +nameserver 127.0.0.1 +``` -Then make it immutable to prevent other services from making changes to it +Make it immutable to prevent any changes to it. * `chattr +i /etc/resolv.conf` +Check if the content is what was set. + +* `cat /etc/resolv.conf` + +If it was changed by dhcpcd, edit `/etc/dhcpcd.conf` +and add `nohook resolv.conf` at the end.
+Restart the machine, disable the immutability, edit it again, +add immutability, and check. + +* `sudo chattr -i /etc/resolv.conf` +* `sudo nano /etc/resolv.conf` +* `sudo chattr +i /etc/resolv.conf` +* `cat /etc/resolv.conf` + # /etc/hosts -dnsmasq reads all the DNS hosts and names from the /etc/hosts file, -so add your DNS hosts IP addresses and name pairs as shown. +dnsmasq reads `/etc/hosts` for IP hostname pairs entries. +This is where you can add hostnames you wish to route to local servers. + +Unfortunately no wildcard support. +But as seen in the `dnsmasq.conf` there is a wildcard section solving this, +so blabla stuff here is redundant. + +`hosts` +``` +127.0.0.1 docker-host +192.168.1.2 docker-host +192.168.1.1 gateway +192.168.1.2 blabla.org +192.168.1.2 nextcloud.blabla.org +192.168.1.2 book.blabla.org +192.168.1.2 passwd.blabla.org +192.168.1.2 grafana.blabla.org +``` + +# Start the services + +`sudo systemctl enable --now dnsmasq` + +# Test it + +##### DHCP + +Set some machine to use DHCP for its network setting. -127.0.0.1 dnsmasq -192.168.56.10 dnsmasq -192.168.56.1 gateway -192.168.56.100 maas-controller -192.168.56.20 nagios -192.168.56.25 webserver1 +It should just work. +You can check on the dnsmasq host file `/var/lib/misc/dnsmasq.leases` +for the active leases. + +##### DNS + +* `nslookup google.com` +* `nslookup gateway` +* `nslookup docker-host` +* `nslookup blabla.org` +* `nslookup whateverandom.blabla.org` +* `nslookup plex.blabla.org` # Update -* [watchtower](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/watchtower) - updates the image automaticly +During host linux packages update. + +# Backup and restore + +##### Backup + +Using [BorgBackup setup](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup) +that makes daily snapshot of the entire /etc directory +which contains the config files. + +##### restore -* manual image update
- `docker-compose pull`
- `docker-compose up -d`
- `docker image prune` +Replace the config files with the one from backup