Differences

This shows you the differences between two versions of the page.

--- kb:linux:dnsmasq_instalacija [2017/03/04 12:35] – created milano
+++ kb:linux:dnsmasq_instalacija [2022/02/03 18:47] (current) – milano
@@ Line 1: / Line 1: @@
-===== Setting up DNSMasq instead of BIND for bulletproof internal DNS resolution (SplitDNS) =====
+====== Instalacija DNSMasq za interno DNS razrešavanje (SplitDNS) ======
-This guide will guide you through the setup of DNSMasq in order to achieve the following:\\
+[[https://community.zextras.com/forum/zimbra-howto/setting-up-dnsmasq-instead-of-bind-for-bulletproof-internal-dns-resolution-splitdns/|Originalna verzija članka]]
-- When the Zimbra server performs a DNS query for the A record of the Public Service Hostname of one of the hosted domains, answer with the LAN IP of the server itself.\\
-- When the Zimbra server performs a DNS query for the MX record of one of the hosted domains, answer with the LAN IP of the server itself.\\
-- When the Zimbra server performs any other DNS query, let another DNS server manage it.\\
-- Let DNSMasq only bind to the interface it's using so that other DNS servers can be ran on the server is needed.\\
-\\
-**Why DNSMasq instead of BIND?** \\
-One word: SIMPLICITY.\\
-BIND is a full-fledged DNS server that can perform the roles of both an Authoritative and a Recursive nameserver, but chances are that you don't need this, as you probably already have an authoritative server for your domain - for example the one of your domain Registrar or a local Active Directory server - and one or more Recursive nameservers either internal, provided by your ISP or by a dedicated DNS service such as OpenDNS. So why using it when DNSMasq, a lightweight DNS forwarder, can let you achieve a Split DNS situation in a much easier way?\\
-\\
-**Our Example Environment:** \\
-.168.0.2 is the LAN ip of your server\\
-mail.domain.com is the hostname of the server\\
-domain.com is the main mail domain\\
-domain2.com is an additional mail domain\\
-.8.8.8 and 8.8.4.4 are the DNS servers you want to use (in this case, Google's public DNS servers)\\
-\\
-**Config Files:** \\
-/etc/resolv.conf
-Code:
+Ovaj vodič vodi kroz podešavanja dnsmask u cilju postizanja sledećeg:
-<bbcode_code>
+  * Kada Zimbra servera pošalje A DNS upit za svoj javni //Hostname//  nekom od javnih DNS servisa, umesto javne IP adrese dobiće IP adresu samog sebe (severa).
-nameserver 192.168.0.2
+  * Kada Zimbra servera pošalje DNS upit za MKS zapis jednom od javnih DNS domena, dobiće, takođe, sopstvenu LAN IP adresu (umeto javne)
-</bbcode_code>
+  * Kada Zimbra servera pošalje bilo koji drugi DNS upit, javni DNS će vratiti ispravnu (javnu) adresu.
+  * Neka dnsmask vezuje se samo za interfejs koji koristi tako da drugi DNS serveri mogu da rade paralelno ako treba (glavni server, AD, HOME domena)
-DNSMasq will bind on the local address to answer DNS queries.\\
+Zašto //dnsmask// umesto //BIND//? \\ Jedna reč: jednostavnost.
-\\
-/etc/resolv.dnsmasq
-Code:
+Bind je punopravan DNS server koji može obavljati ulogu //autorizatora// i rekurzivnog //nameservera//, ali nam to, za ovu svrhu, ne treba. Već imamo server za autorizaciju u domenu (Active Directory server), i jedan ili više rekurzivnih nameservera (AD DNS). Dnsmask je lagan DNS špediter, koji u ovom slučaju obezbeđuje jednostavno konfigurisanje tzv, **//Split DNS//**  modela.
-<bbcode_code>
+===== Primer instalacije=====
-nameserver 8.8.8.8
-nameserver 8.8.4.4
-</bbcode_code>
-We'll instruct DNSMasq to answer just some queries and in the way we want, while all other queries will be forwarded to this servers.\\
+Postavke iskorišćene za primer:
-\\
-/etc/dnsmasq.conf (the file is quite large, I'll only write the config elements relevant to this guide)
-Code:
+''192.168.0.2'' je LAN IP servera \\
+''mail.domain.com'' je ime hosta servera \\
+''domain.com'' je glavni domen \\
+''domain2.com'' je dodatni glavni domen \\
+''8.8.8.8'' i ''8.8.4.4'' su javni DNS serveri (internet)
-<bbcode_code>
+Usmeravanje DNS zahteva na servis vrši se upisom //nameserver//-a u konfiguracioni fajl na lokaciji ''/etc/resolv.conf'' \\
-address=/mail.domain.com/192.168.0.2
-resolv-file=/etc/resolv.dnsmasq
-except-interface=lo
-listen-address=192.168.0.2
-bind-interfaces
-</bbcode_code>
-This sets up DNSMasq to listen on the local IP address and to only bind on the interface it's listening on. Also, it forces to answer any A-record DNS requests for mail.domain.com with the LAN ip. This is a "naive" trick that allows you to provisionally use the same hostname on two servers without any issues of sort.\\
 \\
-In the same file, add one line like the following for each domain on your server:
+Vezaćemo *Dnsmask* za lokalnu adresu da odgovori na DNS upite. \\
+<file>
+nameserver 192.168.0.2
+</file>
+ \\
+Uputili smo dnsmask da odgovori samo specifičan upiti i na način na koji želimo, a svi ostali upiti će biti prosleđen internet DNS serverima. \\
+Uređejom ''/etc/resolv.dnsmask'' \\
+<file>
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+</file>
-Code:
+Konfiguracioni fajl samog servisa je ''/etc/dnsmask.conf''. Fajl je prilično velika, opisaću samo elemente relevantne za ovaj primer. \\
-<bbcode_code>
+<file>
-mx-host=domain.com,mail.domain.com,10
+address = /mail.domain.com/192.168.0.2
-</bbcode_code>
+resolv-file = /etc/resolv.dnsmask
+except-interfejs = lo
+listen-address = 192.168.0.2
+bind-interfaces
+</file>
-This lines instruct DNSMasq to always return "mail.domain.com" as the MX record for your domains which, if your /etc/hosts file is correctly configured, will always point to the local server (DNSMasq will then forward any other request to the DNS servers in the resolv.dnsmasq file).\\
+Ovo postavlja *dnsmask* da sluša na lokalnoj IP adresi i da se ne vezuje za //loopback// interfejs ''lo'' (127.0.0.01), odnosno da se veže samo za stvarne interfejse. \\
+Takođe, tera ga da na bilo koji DNS ''A-record'' zahtev za ''mail.domain.com'' odgovori sa LAN IP adresom računara. Ovaj "naivan" trik omogućava da upotrebimo isti //hostname// na dva servera, bez bilo kakvog konflikta. \\
+\\
+U isti fajl dodajmo liniju
+<file>
+mx-host = domain.com,mail.domain.com,10
+</file> \\
+Ova linija će uputiti *dnsmask* da uvek vraća "mail.domain.com" kao ''MX record'' za definisani domen. \\
 \\
 \\
-**Service Restart and check:** \\
+**Konkretne postavke za ''mail.melany.rs'' su:**
-Restart DNSMasq with
-Code:
+<file>
+address=/mail.melany.rs/192.168.0.250
+resolv-file=/etc/resolv.dnsmask
+mx-host=melany.rs,mail.melany.rs,10
+except-interface=lo
+listen-address=192.168.0.250
+bind-interfaces
+</file>
+\\
-<bbcode_code>
+=== Restart i provera servisa ===
-/etc/init.d/dnsmasq restart
-</bbcode_code>
-and check that
+Restartovati dnsmask sa \\
+<file>
-Code:
+/etc/init.d/dnsmask restart
+</file>
-<bbcode_code>
+\\
+i proveriti da \\
+<file>
 dig mx domain.com
-</bbcode_code>
+</file>
+vraća lokalni //hostname// / adresu. \\
-returns the local hostname/address.\\
+\\
-\\
+Takođe, uverite se da server može ispravno da razreši bilo koju drugu IP adresu preko servera navedenih u /etc/resolv.dnsmask \\
-Also, make sure that the server can correctly resolve any other IP through the servers specified in /etc/resolv.dnsmasq\\
+\\
-\\
+**Dodatne dnsmask.conf opcije:** \\
-**Additional dnsmasq.conf options:** \\
+– Da biste naveli autoritativni server za domen:
-- To specify an Authoritative server for a domain:
+<file>
-Code:
-<bbcode_code>
 server=/domain.com/10.0.0.1
-</bbcode_code>
+</file>
+sa 10.0.0.1 kao IP na autoritativni DNS za domain.com \\
-with 10.0.0.1 being the IP of the Authoritative DNS for domain.com\\
 \\
-- To specify a Reverse DNS resolution (PTR Record) for a domain:
+– Da biste naveli obrnutu DNS rezoluciju (PTR zapis) za domen: \\
+<file>
-Code:
-<bbcode_code>
 server=/192.168.in-addr.arpa/192.168.100.1
-</bbcode_code>
+</file>
+- Zapišite sve DNS upite (u svrhu otklanjanja grešaka) \\
-- Log all the DNS queries (for debug purpouse)
+<file>
-Code:
-<bbcode_code>
 log-queries
-</bbcode_code>
+</file>
+- Lokalno vrati SPF zapis za domen \\
+<file>
+txt-record=zextras.com,"v=spf1 mx -all"
-- Locally return an SPF record for a domain
-Code:
-<bbcode_code>
-txt-record=zextras.com,"v=spf1 mx -all"
-</bbcode_code>
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+</file>
+----
+Dodatne reference \\ \\
+[[https://community.zextras.com/how-to-install-your-dns-server-using-dnsmasq/|How to Install Your DNS Server Using Dnsmasq]] \\
+[[https://community.zextras.com/dns-server-installation-guide-on-centos-7-rhel-7-and-centos-8-rhel-8-using-dnsmasq/|Installing DNS Server on CentOS/RHEL using dnsmasq]]