(Reproduced) Use Dnsmasq to build your own DNS server

Use Dnsmasq to build your own DNS server

Oct 1st, 2012 | Comments

 

foreword

I recently bought an iPad mini, and in the process of constant tossing and tossing, I found something that made me very, very speechless... It is still related to the network, that is, under normal circumstances, the connection speed of the App Store in the iPad mini is quite slow, It is so slow that I need to go to the home page of the App Store software for 20~30s to be able to access it successfully, so the situation of downloading an application can be imagined. Because when writing wyatt_hosts , it is also in order to solve the problem of Mac OS on iMac. The problem of slow update, so basically the same solution for iPad mini.

Before I thought of tossing a dnsmasq, I also searched for other solutions on the Internet, such as V2EX DNS, but for me, on the iPad mini, I also need other fast access, such as Google Drive, etc., and these problems The solutions are all in that hosts file, it would be nice if I could jailbreak the iPad mini...

Initial recognition

Since the iPad mini is not jailbroken, the only way I can think of now is to build a dns server by myself, search the Internet for linux dns, mac os dns in many cases, use bind 9 software, when I read some configuration guides Later ( for example ), to be honest, I was intimidated by TT's super complicated... Then, I saw another paragraph in a certain article "using dnsmasq for dns caching" attracted me, which led me to search. dnsmasq , lol, It is designed to provide DNS and, optionally, DHCP, to a small network. This is great, and for my purposes, bind 9 is a very popular and battle-tested dns server, but it also means Do I need to toss a behemoth for the 20% functions that I don't need? So I finally chose the lighter dnsmasq.

Install

It is very convenient to install software under *nix, because I am a Mac OS, so I first brew search dnsmsearched to see if there is any ready-made, and I found it. Next brew install dnsmasq, after a series of script installations, I got a paragraph:

To configure dnsmasq, copy the example configuration to /usr/local/etc/dnsmasq.conf and edit to taste.

cp /usr/local/Cellar/dnsmasq/2.61/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf

To load dnsmasq automatically on startup, install and load the provided launchd item as follows:

sudo cp /usr/local/Cellar/dnsmasq/2.61/homebrew.mxcl.dnsmasq.plist /Library/LaunchDaemons sudo launchctl load -w /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist

Configuring Autoboot on Mac OS Unless I read this doc, I'm really confused...

configure

See a dnsmasq.conf file, it still needs a little configuration, but very, very little.

• Configure the upstream dns server of dnsmasq; (this is a dns cache, so it still needs an upstream server to perform a domain name resolution)
• Configure the system's dns server, set dnsmasq to look in the first place
• Set the IP address that dnsmasq needs to listen to, so that other servers can find him

Corresponding to the above three things, there are only 4 configurations. Don't open dnsmasq.conf and be shocked when you see a large piece of content.

1. First configure resolv-file=/etc/resolv.dnsmasq.conf This parameter indicates that dnsmasq will find the upstream dns server from this specified file
2. Add 127.0.0.1 to the first line of the /etc/resolv.conf file to let the system first look for strict-orderthe until a successful parsing succeeds
3. Make sure to comment it out no-hosts, it is commented out by default, dnsmasq will first look for the local hosts file, then look for the cached domain name, and finally look for the upstream dns server.
4. Setting listen-address=127.0.0.1, indicating that this dnsmasq machine is valid for its own use.
5. There is a pit listen-addres here , it took me a long time to climb out..

In these configurations, the parameters of listen-address have been tricking me for a long time, and finally I can understand how to configure it. For example, I also need to allow other servers in the LAN to access this dnsmasq first for domain name resolution. How to configure? listen-address=192.168.1.100(where dnsmasq is located ip in the server LAN), well, so the 127.0.0.1 configured by your local machine will have no effect... If it is set to listen-address=127.0.0.1that , other servers in the LAN will not be able to access this dnsmasq, in fact, it should be set listen-address=192.168.1.100,127.0.0.1like this so that you can satisfy both parties However, it should be noted that if the ip address of the server where dnsmasq is located in the LAN has changed and is different from the one in the configuration file, then the ip in the configuration file will be used as a matter of course, and other servers in the LAN will not be able to find it. If you use dnsmasq, you will not be able to use the local dns cache.

Summary

Finally, to summarize, it can be quickly deployed.

resolv.conf

1 2	# 让操作系统去 127.0.0.1 找 dnsmasq nameserver 127.0.0.1

resolv.dnsmasq.conf

1 2 3 4

# 让 v2ex(这些) dns 的地址成为 dnsmasq 的上游 DNS nameserver 199.91.73.222 nameserver 8.8.8.8 nameserver 8.8.4.4

dnsmasq.conf

1 2 3

resolv-file=/etc/resolv.dnsmasq.conf strict-order listen-address=192.168.1.100,127.0.0.1

After setting the above, let's start dnsmasq:

1. Manual start: sudo dnsmasqjust it.
2. Mac OS starts automatically after booting, which is how I set it now. First run it to brew info dnsmasqcheck software information, and see a sentence

   To load dnsmasq: sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist

Just do it, note that the use of different versions of Homebrew will be slightly different, in version 0.9.4, it is simplified, you don't need to copy a plist file under Mac OS by yourself (the specific answer can be found in /usr/local /Library/Formula/dnsmasq.rb).

closure

If you want to close it, just use *nix to ps ax | grep dnsfind pid and then kill -9 [pid]just do it, because -9 is a SIGKILL signal. At the same time, if you want dnsmasq to clear all cached dns records, send a SIGHUP(1) signal to pid. kill -1 [pid]These can be passed man dnsmasqto see.

test

The last thing is to test whether the test works. This is the easiest, just use the digcommand , execute it more than 2 times, and check the result of "Query time: x msec" returned. If x=0 after the second time, Then the configuration is successful.

Example: dig google.comView detailed results

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

wyatt ~$ dig google.com ; <<>> DiG 9.7.3-P3 <<>> google.com.hk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28003 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 0 IN A 74.125.235.131 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Nov 22 22:49:42 2012 ;; MSG SIZE rcvd: 47

dig baidu.com +shortJust look at the resolved ip

1 2 3

220.181.111.85 220.181.111.86 123.125.114.144

Turn on dnsmasq on the computer, then connect the iPad mini to the LAN, set the first DNS service to the ip where the dnsmasq server is located, the second to V2EX, and the third to 8.8.8.8 (in English, separated by ). This time, when downloading the app from the App Store, I can finally see the obvious progress bar scrolling TT