DNS 설정

dns 설정은 /etc/config/dhcp 있으며 장치의 DNSDHCP 서버 옵션을 모두 제어합니다 (DHCPDNS 서비스는 모두 dnsmasq 를 사용하여 구현됩니다).

기본 설정에서 이 파일에는 DNS 및 데몬 관련 옵션을 지정하는 하나의 공통 세션 과 네트워크 인터페이스에서 DHCP 제공을 정의하는 하나 이상의 DHCP 풀이 있습니다 .

dhcp 설정 파일의 가능한 섹션 유형은 아래에 정의되어 있습니다. 모든 유형이 파일에 나타날 수있는 것은 아니며 대부분의 경우 특수 설정에만 필요합니다. 일반적인 옵션 은 Common Options , DHCP Pools 및 Static Leases 입니다.

config 섹션 유형 dnsmasq 는 dnsmasq의 전체 작업과 관련된 값과 옵션 및 제공된 모든 인터페이스의 DHCP 옵션을 결정합니다. 다음 표는 사용 가능한 모든 옵션과 해당 기본값뿐만 아니라 해당 dnsmasq 명령 행 옵션을 나열합니다. the dnsmasq 메뉴얼을 참조하세요

공통 옵션의 기본 설정은 다음과 같습니다.

config 'dnsmasq'
	option domainneeded	 1
	option boguspriv	 1
	option filterwin2k	 0
	option localise_queries	 1
	option rebind_protection 1
	option rebind_localhost  0
	option local        	 '/lan/'
	option domain	         'lan'
	option expandhosts	 1
	option nonegcache	 0
	option authoritative	 1
	option readethers        1
	option leasefile	 '/tmp/dhcp.leases'
	option resolvfile	 '/tmp/resolv.conf.auto'
  • localdomain 옵션을 사용하면 dnsmasq 가 /etc/hosts 에 항목을 제공 할뿐만 아니라 DHCP 클라이언트의 이름을 lan DNS 도메인에 입력 한 것처럼 사용할 수 있습니다.
  • domainneeded , boguspriv , localise_queries, expandhosts 옵션은 이러한 로컬 호스트 이름에 대한 요청 (역방향 조회)이 upstream DNS 서버로 전달되지 않도록합니다.
  • 옵션 authoritative 는 라우터가 이 네트워크의 유일한 DHCP 서버가되게합니다. 클라이언트는 IP 임대를 빨리 수행합니다.
  • 옵션 leasefile 은 임대를 파일에 저장하므로 dnsmasq 을 다시 시작하면 다시 임대 할 수 있습니다.
  • 옵션 resolvfile 은 dnsmasq 에게 이 파일을 사용하여 upstream name server 찾는 것을 지시합니다. WAN DHCP 클라이언트 또는 PPP 클라이언트에 의해 생성됩니다.
  • “enable_tftp”및 “tftp_root”옵션은 TFTP 서버를 켜고 tftp_root에서 파일을 제공합니다. 클라이언트에서 서버의 IP를 설정해야 할 수도 있습니다. 클라이언트에서 “serverip”을 설정하여 변경하십시오 (예 : “setenv serverip 192.168.1.10”).
Name Type Default Option Description
add_local_domain boolean 1 Add the local domain as search directive in resolv.conf.
add_local_hostname boolean 1 Add A, AAAA, and PTR records for this router only on DHCP served LAN.
:!: enhanced function available on Trunk with option add_local_fqdn
add_local_fqdn integer 1 Add A, AAAA, and PTR records for this router only on DHCP served LAN. 0 - Disable. 1 - Hostname on Primary Address. 2 - Hostname on All Addresses. 3 - FDQN on All Addresses. 4 - iface.host.domain on All Addresses.
:!: add_local_fqdn on Trunk but not 17.01.0
add_wan_fqdn integer 0 Labels WAN interfaces like add_local_fqdn instead of your ISP assigned default which may be obscure. WAN is inferred from config dhcp sections with option ignore 1 set, so they do not need to be named WAN
:!: add_wan_fqdn on Trunk but not 17.01.0
addnhosts list of file paths (none) -H Additional host files to read for serving DNS responses
authoritative boolean 1 -K Force dnsmasq into authoritative mode. This speeds up DHCP leasing. Used if this is the only server on the network
bogusnxdomain list of IP addresses (none) -B IP addresses to convert into NXDOMAIN responses (to counteract “helpful” upstream DNS servers that never return NXDOMAIN).
boguspriv boolean 0 -b Reject reverse lookups to private IP ranges where no corresponding entry exists in /etc/hosts
cachelocal boolean 1 When set to 0, use each network interface's dns address in the local /etc/resolv.conf. Normally, only the loopback address is used, and all queries go through dnsmasq.
cachesize integer 150 -c Size of dnsmasq query cache.
dbus boolean 0 -1 Enable DBus messaging for dnsmasq.
:!: Standard builds of dnsmasq on OpenWRT do not include DBus support.
dhcp_boot string (none)
--dhcp-boot
Specifies BOOTP options, in most cases just the file name. You can also use: “file name, tftp server name, tftp ip address
dhcphostsfile file path (none)
--dhcp-hostsfile
Specify an external file with per host DHCP options
dhcpleasemax integer 150 -X Maximum number of DHCP leases
dnsforwardmax integer 150 -0 (zero) Maximum number of concurrent connections
domain domain name (none) -s DNS domain handed out to DHCP clients
domainneeded boolean 1 -D Tells dnsmasq never to forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a “not found” answer is returned
dnssec boolean 0
--dnssec
Validate DNS replies and cache DNSSEC data.
:!: Requires the dnsmasq-full package.
dnsseccheckunsigned boolean 0
--dnssec-check-unsigned
Check the zones of unsigned replies to ensure that unsigned replies are allowed in those zones. This protects against an attacker forging unsigned replies for signed DNS zones, but is slower and requires that the nameservers upstream of dnsmasq are DNSSEC-capable.
:!: Requires the dnsmasq-full package.
:!: Caution: If you use this option on a device that doesn't have a hardware clock, dns resolution may break after a reboot of the device due to an incorrect system time.
ednspacket_max integer 1280 -P Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder
enable_tftp boolean 0
--enable-tftp
Enable the builtin TFTP server
expandhosts boolean 1 -E Add the local domain part to names found in /etc/hosts
filterwin2k boolean 0 -f Do not forward requests that cannot be answered by public name servers
fqdn boolean 0
--dhcp-fqdn
Do not resolve unqualifed local hostnames. Needs domain to be set.
interface list of interface names (all interfaces) -i List of interfaces to listen on. If unspecified, dnsmasq will listen to all interfaces except those listed in notinterface. Note that dnsmasq listens on loopback by default.
leasefile file path (none) -l (ell) Store DHCP leases in this file
local string (none) -S Look up DNS entries for this domain from /etc/hosts. This follows the same syntax as server entries, see the man page.
localise_queries boolean 0 -y Choose IP address to match the incoming interface if multiple addresses are assigned to a host name in /etc/hosts. :!: Note well the spelling of this option.
localservice boolean 1
--local-service
Accept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server.
logqueries boolean 0 -q Log the results of DNS queries, dump cache on SIGUSR1
nodaemon boolean 0 -d Don't daemonize the dnsmasq process
nohosts boolean 0 -h Don't read DNS names from /etc/hosts
nonegcache boolean 0 -N Disable caching of negative “no such domain” responses
noresolv boolean 0 -R Don't read upstream servers from /etc/resolv.conf
notinterface list of interface names (none) -I (eye) Interfaces dnsmasq should not listen on.
nonwildcard boolean 0 -z Bind only configured interface addresses, instead of the wildcard address.
port port number 53 -p Listening port for DNS queries, disables DNS server functionality if set to 0
queryport integer (none) -Q Use a fixed port for outbound DNS queries
readethers boolean 0 -Z Read static lease entries from /etc/ethers, re-read on SIGHUP
rebind_protection boolean 1
--stop-dns-rebind
Enables DNS rebind attack protection by discarding upstream RFC1918 responses
rebind_localhost boolean 0
--rebind-localhost-ok
Allows upstream 127.0.0.0/8 responses, required for DNS based blacklist services, only takes effect if rebind protection is enabled
rebind_domain list of domain names (none)
--rebind-domain-ok
List of domains to allow RFC1918 responses for, only takes effect if rebind protection is enabled
resolvfile file path /etc/resolv.conf -r Specifies an alternative resolv file
server list of strings (none) -S List of DNS servers to forward requests to. See the dnsmasq man page for syntax details.
strictorder boolean 0 -o Obey order of DNS servers in /etc/resolv.conf
tftp_root directory path (none)
--tftp-root
Specifies the TFTP root directory

전통적인 /etc/dnsmasq.conf 설정 파일을 /etc/config/dhcp 에있는 옵션과 함께 사용할 수 있습니다.

dnsmasq.conf 파일은 기본적으로 존재하지 않지만 시작시 dnsmasq 에 의해 처리됩니다 (있는 경우). /etc/config/dhcp 옵션은 명령 줄 인수로 변환되므로 dnsmasq.conf보다 우선합니다.

dnsmasq 가 모든 작업에서 스크립트를 실행할 수 있도록 설정할 수 있습니다.

dhcp-script=/sbin/action.sh

DNS는 TCP and UDP 방화벽 53번포트를 열어야 합니다. 자세한 내용은 http://wiki.openwrt.org/doc/recipes/guest-wlanhttp://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html (viz ”--dhcp-alternate-port”) 을 참조하세요

여기를 참조하세요.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2019/04/07 11:45
  • by vgaetera