Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
kb:linux:dnsmasq_instalacija [2017/03/04 12:35] – created milano | kb:linux:dnsmasq_instalacija [2022/02/03 18:47] (current) – milano | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Setting up DNSMasq | + | ====== Instalacija |
- | This guide will guide you through the setup of DNSMasq in order to achieve the following:\\ | + | [[https://community.zextras.com/ |
- | - When the Zimbra server performs a DNS query for the A record of the Public Service Hostname of one of the hosted domains, answer with the LAN IP of the server itself.\\ | + | |
- | - When the Zimbra server performs a DNS query for the MX record of one of the hosted domains, answer with the LAN IP of the server itself.\\ | + | |
- | - When the Zimbra server performs any other DNS query, let another DNS server manage it.\\ | + | |
- | - Let DNSMasq only bind to the interface it's using so that other DNS servers can be ran on the server is needed.\\ | + | |
- | \\ | + | |
- | **Why DNSMasq | + | |
- | One word: SIMPLICITY.\\ | + | |
- | BIND is a full-fledged DNS server that can perform the roles of both an Authoritative and a Recursive nameserver, but chances are that you don't need this, as you probably already have an authoritative server for your domain | + | |
- | \\ | + | |
- | **Our Example Environment: | + | |
- | 192.168.0.2 is the LAN ip of your server\\ | + | |
- | mail.domain.com is the hostname of the server\\ | + | |
- | domain.com is the main mail domain\\ | + | |
- | domain2.com is an additional mail domain\\ | + | |
- | 8.8.8.8 and 8.8.4.4 are the DNS servers you want to use (in this case, Google' | + | |
- | \\ | + | |
- | **Config Files:** \\ | + | |
- | /etc/ | + | |
- | Code: | + | Ovaj vodič vodi kroz podešavanja dnsmask u cilju postizanja sledećeg: |
- | < | + | * Kada Zimbra servera pošalje A DNS upit za svoj javni // |
- | nameserver 192.168.0.2 | + | * Kada Zimbra servera pošalje DNS upit za MKS zapis jednom od javnih DNS domena, dobiće, takođe, sopstvenu LAN IP adresu (umeto javne) |
- | </ | + | * Kada Zimbra servera pošalje bilo koji drugi DNS upit, javni DNS će vratiti ispravnu (javnu) adresu. |
+ | * Neka dnsmask vezuje se samo za interfejs koji koristi tako da drugi DNS serveri mogu da rade paralelno ako treba (glavni server, AD, HOME domena) | ||
- | DNSMasq will bind on the local address | + | Zašto //dnsmask// umesto //BIND//? \\ Jedna reč: jednostavnost. |
- | \\ | + | |
- | /etc/resolv.dnsmasq | + | |
- | Code: | + | Bind je punopravan DNS server koji može obavljati ulogu // |
- | < | + | ===== Primer instalacije===== |
- | nameserver 8.8.8.8 | + | |
- | nameserver 8.8.4.4 | + | |
- | </ | + | |
- | We'll instruct DNSMasq to answer just some queries and in the way we want, while all other queries will be forwarded to this servers.\\ | + | Postavke iskorišćene za primer: |
- | \\ | + | |
- | / | + | |
- | Code: | + | '' |
+ | '' | ||
+ | '' | ||
+ | '' | ||
+ | '' | ||
- | < | + | Usmeravanje DNS zahteva na servis vrši se upisom // |
- | address=/mail.domain.com/192.168.0.2 | + | |
- | resolv-file=/ | + | |
- | except-interface=lo | + | |
- | listen-address=192.168.0.2 | + | |
- | bind-interfaces | + | |
- | </ | + | |
- | + | ||
- | This sets up DNSMasq to listen on the local IP address and to only bind on the interface it's listening on. Also, it forces to answer any A-record DNS requests for mail.domain.com with the LAN ip. This is a " | + | |
\\ | \\ | ||
- | In the same file, add one line like the following for each domain on your server: | + | Vezaćemo *Dnsmask* za lokalnu adresu da odgovori na DNS upite. \\ |
+ | <file> | ||
+ | nameserver 192.168.0.2 | ||
+ | </ | ||
+ | \\ | ||
+ | Uputili smo dnsmask da odgovori samo specifičan upiti i na način na koji želimo, a svi ostali upiti će biti prosleđen internet DNS serverima. \\ | ||
+ | Uređejom ''/ | ||
+ | < | ||
+ | nameserver 8.8.8.8 | ||
+ | nameserver 8.8.4.4 | ||
+ | </ | ||
- | Code: | + | Konfiguracioni fajl samog servisa je ''/ |
- | <bbcode_code> | + | <file> |
- | mx-host=domain.com,mail.domain.com,10 | + | address |
- | </bbcode_code> | + | resolv-file = / |
+ | except-interfejs = lo | ||
+ | listen-address = 192.168.0.2 | ||
+ | bind-interfaces | ||
+ | </file> | ||
- | This lines instruct DNSMasq to always return "mail.domain.com" | + | Ovo postavlja *dnsmask* da sluša na lokalnoj IP adresi i da se ne vezuje za // |
+ | Takođe, tera ga da na bilo koji DNS '' | ||
+ | \\ | ||
+ | U isti fajl dodajmo liniju | ||
+ | <file> | ||
+ | mx-host = domain.com,mail.domain.com, | ||
+ | </file> \\ | ||
+ | Ova linija će uputiti *dnsmask* da uvek vraća " | ||
\\ | \\ | ||
\\ | \\ | ||
- | **Service Restart and check:** \\ | + | **Konkretne postavke za '' |
- | Restart DNSMasq with | + | |
- | Code: | + | < |
+ | address=/ | ||
+ | resolv-file=/ | ||
+ | mx-host=melany.rs, | ||
+ | except-interface=lo | ||
+ | listen-address=192.168.0.250 | ||
+ | bind-interfaces | ||
+ | </ | ||
+ | \\ | ||
- | < | + | === Restart i provera servisa === |
- | / | + | |
- | </ | + | |
- | and check that | + | Restartovati dnsmask sa \\ |
- | + | < | |
- | Code: | + | / |
- | + | </ | |
- | <bbcode_code> | + | \\ |
+ | i proveriti da \\ | ||
+ | <file> | ||
dig mx domain.com | dig mx domain.com | ||
- | </bbcode_code> | + | </file> |
- | + | vraća lokalni //hostname// / adresu. \\ | |
- | returns the local hostname/address.\\ | + | \\ |
- | \\ | + | Takođe, uverite se da server |
- | Also, make sure that the server | + | \\ |
- | \\ | + | **Dodatne dnsmask.conf opcije:** \\ |
- | **Additional dnsmasq.conf options:** \\ | + | – Da biste naveli autoritativni |
- | - To specify an Authoritative | + | <file> |
- | + | ||
- | Code: | + | |
- | + | ||
- | <bbcode_code> | + | |
server=/ | server=/ | ||
- | </bbcode_code> | + | </file> |
- | + | sa 10.0.0.1 | |
- | with 10.0.0.1 | + | |
\\ | \\ | ||
- | - To specify a Reverse | + | – Da biste naveli obrnutu |
- | + | <file> | |
- | Code: | + | |
- | + | ||
- | <bbcode_code> | + | |
server=/ | server=/ | ||
- | </bbcode_code> | + | </file> |
- | + | - Zapišite sve DNS upite (u svrhu otklanjanja grešaka) \\ | |
- | - Log all the DNS queries | + | <file> |
- | + | ||
- | Code: | + | |
- | + | ||
- | <bbcode_code> | + | |
log-queries | log-queries | ||
- | </bbcode_code> | + | </file> |
+ | - Lokalno vrati SPF zapis za domen \\ | ||
+ | < | ||
+ | txt-record=zextras.com," | ||
- | - Locally return an SPF record for a domain | ||
- | |||
- | Code: | ||
- | |||
- | < | ||
- | txt-record=zextras.com," | ||
- | </ | ||
+ | nameserver 8.8.8.8 | ||
+ | nameserver 8.8.4.4 | ||
+ | </ | ||
+ | ---- | ||
+ | Dodatne reference \\ \\ | ||
+ | [[https:// | ||
+ | [[https:// |