技术标签: openstack-network dnsmasq kvm dhcp
了解Dnsmasq,还是从研究openstack neutron网络开始的,在openstack的网络中,dnsmasq为指定网络提供dhcp和dns功能,后台起的进程如下:
dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/host --addn-hosts=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/opts --dhcp-leasefile=/var/lib/neutron/dhcp/35b593af-7e57-4a4b-8346-975d227c557c/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap3043df67-be --dhcp-range=set:tag0,10.1.0.0,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=sample.openstack.org.
该进程在开启子网的dhcp或者dns功能时启动,如果在同一网络下开启多个子网的dhcp或者dns功能,那么会修改该网络下首次开启dnsmasq的进程。也就是说,如果第一个子网开启了dnsmasq进程,那么后面创建的通网络下面的子网不会重新启动新的进程,而是会修改第一次启动的进程。如下:
一个子网开启dnsmasq进程:
dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host --addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts --dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapf2df91fa-f7 --dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=65536 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=openstacklocal
两个子网开启dnsmasq进程:
dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host --addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts --dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapf2df91fa-f7 --dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s --dhcp-range=set:tag1,10.11.0.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=65792 --conf-file=/etc/neutron/dnsmasq.conf --server=8.8.8.8 --server=8.8.4.4 --domain=openstacklocal
我们会发现:多开启一个子网的dhcp或则dns功能,只会在首次创建的dnsmasq进程上修改,增加第二次子网的相关信息,比如:--dhcp-range=set:tag1,10.11.0.0,static,255.255.255.0,86400s。关于openstack的dnsmasq就简单说到这里,下面我们来具体说下dnsmasq的整体功能。
Dnsmasq (dnsmasq)
提供 DNS 缓存和 DHCP 服务功能。作为域名解析服务器(DNS),dnsmasq可以通过缓存 DNS 请求来提高我们对访问过的网址的连接速度。而作为DHCP 服务器,dnsmasq 可以为局域网(比如openstack中的网络)电脑(云主机)提供内网ip地址和路由。DNS和DHCP两个功能可以同时或分别单独实现。dnsmasq轻量且易配置,适用于个人用户或少于50台主机的网络。
下面说一下dnsmasq的配置,dnsmasq的配置文件在/etc/dnsmasq.conf,也可能会因为你linux版本的不同位于/etc/default/dnsmasq、/etc/dnsmasq.d/,或者 /etc/dnsmasq.d-available/目录下,我们也可以在启动dnsmasq的进程时指定配置文件地址或者在配置文件里面通过conf-file= 选项来调用其他的配置文件,这些根据需求可以灵活定义。
下面是摘自dnsmasq.conf里面比较重要且常使用的一些配置项以及简短说明:
不读取任何服务器 默认 /etc/resolv.conf 可以使用resolv-file自定义
不加载本地的 /etc/hosts 文件
#no-hosts
添加读取额外的 hosts 文件路径,可以多次指定。如果指定为目录,则读取目录中的所有文件。
#addn-hosts=/etc/dnsmasq.hosts.d
读取目录中的所有文件,文件更新将自动读取
#hostsdir=/etc/dnsmasq.hosts.d
指定用户和组
#user=nobody
#group=nobody
指定DNS的端口,默认53,设置 port=0 将完全禁用 DNS 功能,仅使用 DHCP/TFTP
#port=53
设置DNS缓存大小(单位:DNS解析条数)
#cache-size=500
不缓存未知域名缓存,默认情况下dnsmasq缓存未知域名并直接返回为客户端。
#no-negcache
指定DNS同属查询转发数量
#dns-forward-max=1000
定义dnsmasq监听的地址,默认是监控本机的所有网卡上。局域网内主机若要使用dnsmasq服务时,指定本机的IP地址。
#listen-address=192.168.26.111
address启用泛域名解析,即自定义解析a记录,如下:访问demon.com时的所有域名都会被解析成127.0.0.1
#address=/demon.com/127.0.0.1
#server指定dnsmasq程序使用哪个DNS服务器进行解析,对于不同的网站可以使用不同的域名对应解析
#表示对于google的服务,使用谷歌的DNS解析
#server=/google.com/8.8.8.8
定义dnsmasq从哪里获取上游DNS服务器的地址, 默认是从/etc/resolv.conf获取
#resolve-file
表示严格按照resolv-file文件中的顺序从上到下进行DNS解析,直到第一个解析成功为止
#strict-order
绑定接口,开启此项将仅监听指定的接口。
#bind-interfaces
对于新添加的接口也进行绑定。
#bind-dynamic
限制 Dnsmasq 监听的网络接口
#interface=eth0
指定需要排除监听的接口,排除优先级高,可以使用'*'通配符
#except-interface=
指定不提供 DHCP 或 TFTP 服务的接口,仅提供 DNS 服务。
#no-dhcp-interface=eth0
dhcp动态分配的地址范围
dhcp-range=10.10.10.10,10.10.10.100,24h
dhcp服务的静态绑定
# dhcp-host=00:0C:38:52:42:61,10.10.10.11
# dhcp-host=00:0C:38:52:43:62,10.10.10.12,infinite 无限租期
dhcp-host=00:0C:38:52:44:64,10.10.10.13,OS13
dhcp-host=00:0C:38:52:45:65,10.10.10.14,0S14
设置默认租期
#dhcp-lease-max=150
租期保存在下面文件
#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
忽略下面MAC地址的DHCP请求
#dhcp-host=11:22:33:44:55:66,ignore
dhcp所在的domain
#domain=test.com
设置默认路由出口,option 3为default route, 10.10.10.1为网关
#dhcp-option=3,10.10.10.1
看完配置文件,我们再来看下dnsmasq进程有那些参数可以配置:
可以参考英文文档:dnsmasq命令行参数解析
dnsmasq --test 测试配置是否正确
-w, --help #帮助命令
-v, --version #打印版本号
-H, --addn-hosts=<file>
--hostsdir=<path>
-d, --no-daemon #前台运行该进程
-x, --pid-file=<path> 将进程的pid号写到指定文件
-I, --except-interface=<interface name>
-2, --no-dhcp-interface=<interface name>
-a, --listen-address=<ipaddr>
-z, --bind-interfaces
--ignore-address=<ipaddr>
-r, --resolv-file=<file>
-R, --no-resolv
-o, --strict-order
-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
--dhcp-hostsfile=<path>
--dhcp-optsfile=<path>
上面是一些常用的配置项,没有解释的可以查看上文的配置文件解析
下面我们就上面的配置解析一下openstack中dnsmasq的进程参数:
dnsmasq --no-hosts #不加载本地的 /etc/hosts 文件
--no-resolv #不读取/etc/resolv.conf.,获取dns只从命令行或者dnsmasq配置文件读取
--strict-order #严格按照resolv.conf中的顺序进行查找
--except-interface=lo #不监听lo网卡
--pid-file=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/pid 保存dnsmasq进程pid号的文件
--dhcp-hostsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/host 读取该文件保存的dhcp 主机信息
--addn-hosts=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/addn_hosts #添加读取额外的 hosts 文件路径
--dhcp-optsfile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/opts #从指定的文件中读取DHCP选项信息
--dhcp-leasefile=/var/lib/neutron/dhcp/07b37097-c902-4f19-9214-6e23befd476b/leases #保存租约的文件
--dhcp-match=set:ipxe,175 #设置dhcp tag
--bind-interfaces #绑定接口,开启此项将仅监听指定的接口
--interface=tapf2df91fa-f7 #要监听的端口
--dhcp-range=set:tag0,10.10.0.0,static,255.255.0.0,86400s #1)设置网络的tag,2)dhcp监听的网络范围 3)static表示dnsmasq为指定的网络启用DHCP,而不是动态分配IP地址 4)租约时间
--dhcp-option-force=option:mtu,1450 为DHCP客户端指定不同的或额外的选项,这里为客户端指定mtu=1450
--dhcp-lease-max=65536 指定dnsmasq为dhcp提供租约的最大个数,默认为1000
--conf-file=/etc/neutron/dnsmasq.conf #调用其他的配置文件
--server=8.8.8.8 --server=8.8.4.4 #指定上游域名服务器
--domain=openstacklocal #为dhcp服务指定dns域名
容器中也是一样安装dnsmasq,下面安装是针对centos7版本的:
[root@test centos]# yum install dnsmasq
base | 3.6 kB 00:00:00
epel | 3.2 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/7): epel/x86_64/group_gz | 88 kB 00:00:00
(2/7): base/7/x86_64/group_gz | 166 kB 00:00:00
(3/7): epel/x86_64/updateinfo | 932 kB 00:00:00
(4/7): base/7/x86_64/primary_db | 5.9 MB 00:00:00
(5/7): epel/x86_64/primary | 3.6 MB 00:00:00
(6/7): extras/7/x86_64/primary_db | 174 kB 00:00:00
(7/7): updates/7/x86_64/primary_db | 5.0 MB 00:00:00
epel 12650/12650
Resolving Dependencies
--> Running transaction check
---> Package dnsmasq.x86_64 0:2.76-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================================================
Installing:
dnsmasq x86_64 2.76-5.el7 base 277 k
Transaction Summary
===========================================================================================================================================================================
Install 1 Package
Total download size: 277 k
Installed size: 586 k
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/dnsmasq-2.76-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for dnsmasq-2.76-5.el7.x86_64.rpm is not installed
dnsmasq-2.76-5.el7.x86_64.rpm | 277 kB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-4.1708.el7.centos.x86_64 (installed)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : dnsmasq-2.76-5.el7.x86_64 1/1
Verifying : dnsmasq-2.76-5.el7.x86_64 1/1
Installed:
dnsmasq.x86_64 0:2.76-5.el7
Complete!
简单使用:
[root@test centos]# dnsmasq --test
dnsmasq: syntax check OK.
[root@test centos]# dnsmasq --version
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.
[root@test centos]# dnsmasq --help
Usage: dnsmasq [options]
Valid options are:
-a, --listen-address=<ipaddr> Specify local address(es) to listen on.
-A, --address=/<domain>/<ipaddr> Return ipaddr for all hosts in specified domains.
-b, --bogus-priv Fake reverse lookups for RFC1918 private address ranges.
-B, --bogus-nxdomain=<ipaddr> Treat ipaddr as NXDOMAIN (defeats Verisign wildcard).
-c, --cache-size=<integer> Specify the size of the cache in entries (defaults to 150).
-C, --conf-file=<path> Specify configuration file (defaults to /etc/dnsmasq.conf).
-d, --no-daemon Do NOT fork into the background: run in debug mode.
-D, --domain-needed Do NOT forward queries with no domain part.
-e, --selfmx Return self-pointing MX records for local hosts.
-E, --expand-hosts Expand simple names in /etc/hosts with domain-suffix.
-f, --filterwin2k Don't forward spurious DNS requests from Windows hosts.
-F, --dhcp-range=<ipaddr>,... Enable DHCP in the range given with lease duration.
-g, --group=<groupname> Change to this group after startup (defaults to dip).
-G, --dhcp-host=<hostspec> Set address or hostname for a specified machine.
--dhcp-hostsfile=<path> Read DHCP host specs from file.
--dhcp-optsfile=<path> Read DHCP option specs from file.
--dhcp-hostsdir=<path> Read DHCP host specs from a directory.
--dhcp-optsdir=<path> Read DHCP options from a directory.
--tag-if=tag-expression Evaluate conditional tag expression.
-h, --no-hosts Do NOT load /etc/hosts file.
-H, --addn-hosts=<path> Specify a hosts file to be read in addition to /etc/hosts.
--hostsdir=<path> Read hosts files from a directory.
-i, --interface=<interface> Specify interface(s) to listen on.
-I, --except-interface=<interface> Specify interface(s) NOT to listen on.
-j, --dhcp-userclass=set:<tag>,<class> Map DHCP user class to tag.
--dhcp-circuitid=set:<tag>,<circuit>Map RFC3046 circuit-id to tag.
--dhcp-remoteid=set:<tag>,<remote> Map RFC3046 remote-id to tag.
--dhcp-subscrid=set:<tag>,<remote> Map RFC3993 subscriber-id to tag.
-J, --dhcp-ignore=tag:<tag>... Don't do DHCP for hosts with tag set.
--dhcp-broadcast[=tag:<tag>...] Force broadcast replies for hosts with tag set.
-k, --keep-in-foreground Do NOT fork into the background, do NOT run in debug mode.
-K, --dhcp-authoritative Assume we are the only DHCP server on the local network.
-l, --dhcp-leasefile=<path> Specify where to store DHCP leases (defaults to /var/lib/dnsmasq/dnsmasq.leases).
-L, --localmx Return MX records for local hosts.
-m, --mx-host=<host_name>,<target>,<prefSpecify an MX record.
-M, --dhcp-boot=<bootp opts> Specify BOOTP options to DHCP server.
-n, --no-poll Do NOT poll /etc/resolv.conf file, reload only on SIGHUP.
-N, --no-negcache Do NOT cache failed search results.
-o, --strict-order Use nameservers strictly in the order given in /etc/resolv.conf.
-O, --dhcp-option=<optspec> Specify options to be sent to DHCP clients.
--dhcp-option-force=<optspec> DHCP option sent even if the client does not request it.
-p, --port=<integer> Specify port to listen for DNS requests on (defaults to 53).
-P, --edns-packet-max=<integer> Maximum supported UDP packet size for EDNS.0 (defaults to 4096).
-q, --log-queries Log DNS queries.
-Q, --query-port=<integer> Force the originating port for upstream DNS queries.
-R, --no-resolv Do NOT read resolv.conf.
-r, --resolv-file=<path> Specify path to resolv.conf (defaults to /etc/resolv.conf).
--servers-file=<path> Specify path to file with server= options
-S, --server=/<domain>/<ipaddr> Specify address(es) of upstream servers with optional domains.
--rev-server=<addr>/<prefix>,<ipaddrSpecify address of upstream servers for reverse address queries
--local=/<domain>/ Never forward queries to specified domains.
-s, --domain=<domain>[,<range>] Specify the domain to be assigned in DHCP leases.
-t, --mx-target=<host_name> Specify default target in an MX record.
-T, --local-ttl=<integer> Specify time-to-live in seconds for replies from /etc/hosts.
--neg-ttl=<integer> Specify time-to-live in seconds for negative caching.
--max-ttl=<integer> Specify time-to-live in seconds for maximum TTL to send to clients.
--max-cache-ttl=<integer> Specify time-to-live ceiling for cache.
--min-cache-ttl=<integer> Specify time-to-live floor for cache.
-u, --user=<username> Change to this user after startup. (defaults to nobody).
-U, --dhcp-vendorclass=set:<tag>,<class>Map DHCP vendor class to tag.
-v, --version Display dnsmasq version and copyright information.
-V, --alias=<ipaddr>,<ipaddr>,<netmask> Translate IPv4 addresses from upstream servers.
-W, --srv-host=<name>,<target>,... Specify a SRV record.
-w, --help Display this message. Use --help dhcp or --help dhcp6 for known DHCP options.
-x, --pid-file=<path> Specify path of PID file (defaults to /var/run/dnsmasq.pid).
-X, --dhcp-lease-max=<integer> Specify maximum number of DHCP leases (defaults to 1000).
-y, --localise-queries Answer DNS queries based on the interface a query was sent to.
-Y, --txt-record=<name>,<txt>[,<txt] Specify TXT DNS record.
--ptr-record=<name>,<target> Specify PTR DNS record.
--interface-name=<name>,<interface> Give DNS name to IPv4 address of interface.
-z, --bind-interfaces Bind only to interfaces in use.
-Z, --read-ethers Read DHCP static host information from /etc/ethers.
-1, --enable-dbus[=<busname>] Enable the DBus interface for setting upstream servers, etc.
-2, --no-dhcp-interface=<interface> Do not provide DHCP on this interface, only provide DNS.
-3, --bootp-dynamic[=tag:<tag>]... Enable dynamic address allocation for bootp.
-4, --dhcp-mac=set:<tag>,<mac address> Map MAC address (with wildcards) to option set.
--bridge-interface=<iface>,<alias>..Treat DHCP requests on aliases as arriving from interface.
-5, --no-ping Disable ICMP echo address checking in the DHCP server.
-6, --dhcp-script=<path> Shell script to run on DHCP lease creation and destruction.
--dhcp-luascript=path Lua script to run on DHCP lease creation and destruction.
--dhcp-scriptuser=<username> Run lease-change scripts as this user.
--script-arp Call dhcp-script with changes to local ARP table.
-7, --conf-dir=<path> Read configuration from all the files in this directory.
-8, --log-facility=<facilty>|<file> Log to this syslog facility or file. (defaults to DAEMON)
-9, --leasefile-ro Do not use leasefile.
-0, --dns-forward-max=<integer> Maximum number of concurrent DNS queries. (defaults to 150)
--clear-on-reload Clear DNS cache when reloading /etc/resolv.conf.
--dhcp-ignore-names[=tag:<tag>]... Ignore hostnames provided by DHCP clients.
--dhcp-no-override Do NOT reuse filename and server fields for extra DHCP options.
--enable-tftp[=<intr>[,<intr>]] Enable integrated read-only TFTP server.
--tftp-root=<dir>[,<iface>] Export files by TFTP only from the specified subtree.
--tftp-unique-root Add client IP address to tftp-root.
--tftp-secure Allow access only to files owned by the user running dnsmasq.
--tftp-no-fail Do not terminate the service if TFTP directories are inaccessible.
--tftp-max=<integer> Maximum number of conncurrent TFTP transfers (defaults to 50).
--tftp-mtu=<integer> Maximum MTU to use for TFTP transfers.
--tftp-no-blocksize Disable the TFTP blocksize extension.
--tftp-lowercase Convert TFTP filenames to lowercase
--tftp-port-range=<start>,<end> Ephemeral port range for use by TFTP transfers.
--log-dhcp Extra logging for DHCP.
--log-async[=<integer>] Enable async. logging; optionally set queue length.
--stop-dns-rebind Stop DNS rebinding. Filter private IP ranges when resolving.
--rebind-localhost-ok Allow rebinding of 127.0.0.0/8, for RBL servers.
--rebind-domain-ok=/<domain>/ Inhibit DNS-rebind protection on this domain.
--all-servers Always perform DNS queries to all servers.
--dhcp-match=set:<tag>,<optspec> Set tag if client includes matching option in request.
--dhcp-alternate-port[=<ports>] Use alternative ports for DHCP.
--naptr-record=<name>,<naptr> Specify NAPTR DNS record.
--min-port=<port> Specify lowest port available for DNS query transmission.
--max-port=<port> Specify highest port available for DNS query transmission.
--dhcp-fqdn Use only fully qualified domain names for DHCP clients.
--dhcp-generate-names[=tag:<tag>] Generate hostnames based on MAC address for nameless clients.
--dhcp-proxy[=<ipaddr>]... Use these DHCP relays as full proxies.
--dhcp-relay=<local-addr>,<server>[,Relay DHCP requests to a remote server
--cname=<alias>,<target>[,<ttl>] Specify alias name for LOCAL DNS name.
--pxe-prompt=<prompt>,[<timeout>] Prompt to send to PXE clients.
--pxe-service=<service> Boot service for PXE menu.
--test Check configuration syntax.
--add-mac[=base64|text] Add requestor's MAC address to forwarded DNS queries.
--add-subnet=<v4 pref>[,<v6 pref>] Add specified IP subnet to forwarded DNS queries.
--add-cpe-id=<text> Add client identification to forwarded DNS queries.
--proxy-dnssec Proxy DNSSEC validation results from upstream nameservers.
--dhcp-sequential-ip Attempt to allocate sequential IP addresses to DHCP clients.
--conntrack Copy connection-track mark from queries to upstream connections.
--dhcp-client-update Allow DHCP clients to do their own DDNS updates.
--enable-ra Send router-advertisements for interfaces doing DHCPv6
--dhcp-duid=<enterprise>,<duid> Specify DUID_EN-type DHCPv6 server DUID
--host-record=<name>,<address>[,<ttlSpecify host (A/AAAA and PTR) records
--dns-rr=<name>,<RR-number>,[<data>]Specify arbitrary DNS resource record
--bind-dynamic Bind to interfaces in use - check for new interfaces
--auth-server=<NS>,<interface> Export local names to global DNS
--auth-zone=<domain>,[<subnet>...] Domain to export to global DNS
--auth-ttl=<integer> Set TTL for authoritative replies
--auth-soa=<serial>[,...] Set authoritive zone information
--auth-sec-servers=<NS>[,<NS>...] Secondary authoritative nameservers for forward domains
--auth-peer=<ipaddr>[,<ipaddr>...] Peers which are allowed to do zone transfer
--ipset=/<domain>/<ipset>[,<ipset>..Specify ipsets to which matching domains should be added
--synth-domain=<domain>,<range>,[<prSpecify a domain and address range for synthesised names
--dnssec Activate DNSSEC validation
--trust-anchor=<domain>,[<class>],..Specify trust anchor key digest.
--dnssec-debug Disable upstream checking for DNSSEC debugging.
--dnssec-check-unsigned Ensure answers without DNSSEC are in unsigned zones.
--dnssec-no-timecheck Don't check DNSSEC signature timestamps until first cache-reload
--dnssec-timestamp=<path> Timestamp file to verify system clock for DNSSEC
--ra-param=<interface>,[high,|low,]<Set priority, resend-interval and router-lifetime
--quiet-dhcp Do not log routine DHCP.
--quiet-dhcp6 Do not log routine DHCPv6.
--quiet-ra Do not log RA.
--local-service Accept queries only from directly-connected networks.
--dns-loop-detect Detect and remove DNS forwarding loops.
--ignore-address=<ipaddr> Ignore DNS responses containing ipaddr.
--dhcp-ttl=<ttl> Set TTL in DNS responses with DHCP-derived addresses.
简单的一个网络拓扑如下:在ovs+kvm环境中搭建如下网络,dnsmasq进程监听DHCP tap1设备,主机host1和host2发出的dhcp广播包被tap1接受,dnsmasq进程会到对应的host文件中找到匹配mac的ip并下发给主机,如果没找到,主机获取ip失败。
这个环境搭建请看:测试环境搭建
将两个主机的mac写入到对应的host文件中:
[root@cnc dhcp]# pwd
/root/dnsmasq/dhcp
[root@cnc dhcp]# ls
host pid
[root@cnc dhcp]# cat pid
[root@cnc dhcp]# cat host
52:54:00:aa:69:cc,10.10.10.20
52:54:00:aa:69:dd,10.10.10.30
启动进程:
[root@cnc ~]# dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/root/dnsmasq/dhcp/pid --dhcp-hostsfile=/root/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
进入虚拟机进行自动获取ip测试:
[root@cnc ~]# virsh console 2
Connected to domain cirros-test-vm2
Escape character is ^]
$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.30...
Lease of 10.10.10.30 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.1 0.0.0.0 UG 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@cnc dhcp]# virsh console 9
Connected to domain cirros-test-vm
Escape character is ^]
$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.20...
Lease of 10.10.10.20 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.1 0.0.0.0 UG 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@cnc ~]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/root/dnsmasq/dhcp/pid --dhcp-hostsfile=/root/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /root/dnsmasq/dhcp/host
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.20 52:54:00:aa:69:cc
容器中启动dnsmasq,需要容器以net=host的网络模式启动,如此才可以监控主机上的dhcp_tap接口,host 、pid等文件保存到容器内部。
[root@cnc ~]# docker exec -it 3da033d6c511 bash
[root@cnc dhcp]# pwd
/dnsmasq/dhcp
[root@cnc dhcp]# ls
host pid
[root@cnc dhcp]# cat pid
[root@cnc dhcp]# cat host
52:54:00:aa:69:cc,10.10.10.40
52:54:00:aa:69:dd,10.10.10.50
在容器中启动进程
[root@cnc dhcp]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/dnsmasq/dhcp/pid --dhcp-hostsfile=/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /dnsmasq/dhcp/host
注意:如果dnsmasq进程在容器中作为入口程序启动,需要添加-d参数,让这个进程在前台启动,而不能在后台启动。
经测试,在虚拟机获取ip时,进程报如下错误:
dnsmasq-dhcp: ARP-cache injection failed: Operation not permitted
操作不被允许,这里是因为权限的问题,当创建容器时,给与特权模式便可。
[root@cnc ~]# docker run -it --privileged --net=host library/centos /bin/bash
重新测试,虚拟机可以正常获取ip:
$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.40...
Lease of 10.10.10.40 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
$ sudo ifup eth0
udhcpc (v1.20.1) started
Sending discover...
Sending select for 10.10.10.50...
Lease of 10.10.10.50 obtained, lease time 86400
deleting routers
adding dns 8.8.8.8
[root@cnc dhcp]# dnsmasq -d --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/dnsmasq/dhcp/pid --dhcp-hostsfile=/dnsmasq/dhcp/host --dhcp-match=set:ipxe,175 --bind-interfaces --interface=dhcp_tap --dhcp-range=10.10.10.1,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=512 --dhcp-option=3,10.10.10.1 --dhcp-option=6,8.8.8.8
dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: warning: no upstream servers configured
dnsmasq-dhcp: DHCP, static leases only on 10.10.10.1, lease time 1d
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface dhcp_tap
dnsmasq: cleared cache
dnsmasq-dhcp: read /dnsmasq/dhcp/host
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.40 52:54:00:aa:69:cc
dnsmasq-dhcp: DHCPRELEASE(dhcp_tap) 10.10.10.30 52:54:00:aa:69:dd unknown lease
dnsmasq-dhcp: DHCPDISCOVER(dhcp_tap) 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPOFFER(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPREQUEST(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd
dnsmasq-dhcp: DHCPACK(dhcp_tap) 10.10.10.50 52:54:00:aa:69:dd
文章浏览阅读1.3w次。转载自 http://www.miui.com/thread-2003672-1-1.html 当手机在刷错包或者误修改删除系统文件后会出现无法开机或者是移动定制(联通合约机)版想刷标准版,这时就会用到线刷,首先就是安装线刷驱动。 在XP和win7上线刷是比较方便的,用那个驱动自动安装版,直接就可以安装好,完成线刷。不过现在也有好多机友换成了win8/8.1系统,再使用这个_mt65驱动
文章浏览阅读1k次。SonarQube是一个代码质量管理平台,可以扫描监测代码并给出质量评价及修改建议,通过插件机制支持25+中开发语言,可以很容易与gradle\maven\jenkins等工具进行集成,是非常流行的代码质量管控平台。通CheckStyle、findbugs等工具定位不同,SonarQube定位于平台,有完善的管理机制及强大的管理页面,并通过插件支持checkstyle及findbugs等既有的流..._sonar的客户端区别
文章浏览阅读3.4k次,点赞2次,收藏27次。神经图灵机是LSTM、GRU的改进版本,本质上依然包含一个外部记忆结构、可对记忆进行读写操作,主要针对读写操作进行了改进,或者说提出了一种新的读写操作思路。神经图灵机之所以叫这个名字是因为它通过深度学习模型模拟了图灵机,但是我觉得如果先去介绍图灵机的概念,就会搞得很混乱,所以这里主要从神经图灵机改进了LSTM的哪些方面入手进行讲解,同时,由于模型的结构比较复杂,为了让思路更清晰,这次也会分开几..._神经图灵机方法改进
文章浏览阅读2.8k次。一、模型迭代方法机器学习模型在实际应用的场景,通常要根据新增的数据下进行模型的迭代,常见的模型迭代方法有以下几种:1、全量数据重新训练一个模型,直接合并历史训练数据与新增的数据,模型直接离线学习全量数据,学习得到一个全新的模型。优缺点:这也是实际最为常见的模型迭代方式,通常模型效果也是最好的,但这样模型迭代比较耗时,资源耗费比较多,实时性较差,特别是在大数据场景更为困难;2、模型融合的方法,将旧模..._模型迭代
文章浏览阅读2.3k次。1、前言上传图片一般采用异步上传的方式,但是异步上传带来不好的地方,就如果图片有改变或者删除,图片服务器端就会造成浪费。所以有时候就会和参数同步提交。笔者喜欢base64图片一起上传,但是图片过多时就会出现数据丢失等异常。因为tomcat的post请求默认是2M的长度限制。2、解决办法有两种:① 修改tomcat的servel.xml的配置文件,设置 maxPostSize=..._base64可以装换zip吗
文章浏览阅读1k次,点赞17次,收藏22次。Opencv自然场景文本识别系统(源码&教程)_opencv自然场景实时识别文字
文章浏览阅读1.3k次。拷贝虚拟机文件时间比较长,因为虚拟机 flat 文件很大,所以要等。脚本完成后,以复制虚拟机文件夹。将以下脚本内容写入文件。_exsi6.7快速克隆centos
文章浏览阅读2k次。本文主要实现基于二度好友的推荐。数学公式参考于:http://blog.csdn.net/qq_14950717/article/details/52197565测试数据为自己随手画的关系图把图片整理成文本信息如下:a b c d e f yb c a f gc a b dd c a e h q re f h d af e a b gg h f bh e g i di j m n ..._本关任务:使用 spark core 知识完成 " 好友推荐 " 的程序。
文章浏览阅读367次。南京大学高级程序设计期末复习总结,c++面向对象编程_南京大学高级程序设计
文章浏览阅读3.1k次,点赞2次,收藏12次。实现朴素贝叶斯分类器,并且根据李航《统计机器学习》第四章提供的数据训练与测试,结果与书中一致分别实现了朴素贝叶斯以及带有laplace平滑的朴素贝叶斯%书中例题实现朴素贝叶斯%特征1的取值集合A1=[1;2;3];%特征2的取值集合A2=[4;5;6];%S M LAValues={A1;A2};%Y的取值集合YValue=[-1;1];%数据集和T=[ 1,4,-1;..._朴素贝叶斯 matlab训练和测试输出
文章浏览阅读1.6k次。Markdown 文本换行_markdowntext 换行
文章浏览阅读6.7w次,点赞2次,收藏37次。win10 2016长期服务版激活错误解决方法:打开“注册表编辑器”;(Windows + R然后输入Regedit)修改SkipRearm的值为1:(在HKEY_LOCAL_MACHINE–》SOFTWARE–》Microsoft–》Windows NT–》CurrentVersion–》SoftwareProtectionPlatform里面,将SkipRearm的值修改为1)重..._错误: 0xc0000022 在运行 microsoft windows 非核心版本的计算机上,运行“slui.ex