raspi dns server

#自宅鯖

DNSサーバを作る。

ラズパイ（Raspberry Pi）とDnsmasqで作るDNSサーバ | Device Plus - デバプラ

code:sh

sudo apt install dnsmasq

sudo systemctl enable dnsmasq

上流はとりあえず 8.8.8.8 にする。

設定ファイルは /etc/dnsmasq.conf にある。変更点は以下の通り。

code:diff

--- /etc/dnsmasq.conf.bak 2024-11-15 19:51:53.943517813 +0900

+++ /etc/dnsmasq.conf 2024-11-15 20:11:28.576887389 +0900

@@ -16,9 +16,9 @@

# these requests from bringing up the link unnecessarily.

# Never forward plain names (without a dot or domain part)

-#domain-needed

+domain-needed

# Never forward addresses in the non-routed address spaces.

-#bogus-priv

+bogus-priv

# Uncomment these to enable DNSSEC validation and caching:

# (Requires dnsmasq to be built with DNSSEC option.)

@@ -55,7 +55,7 @@

# If you don't want dnsmasq to read /etc/resolv.conf or any other

# file, getting its servers from this file instead (see below), then

# uncomment this.

-#no-resolv

+no-resolv

# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv

# files for changes and re-read them then uncomment this.

@@ -64,6 +64,8 @@

# Add other name servers here, with domain specs if they are for

# non-public domains.

#server=/localnet/192.168.0.1

+server=8.8.8.8 # 上流のDNSサーバ

+server=1.1.1.1

# Example of routing PTR queries to nameservers: this will send all

# address->name queries for 192.168.3/24 to nameserver 10.1.2.3

@@ -77,6 +79,7 @@

# The example below send any host in double-click.net to a local

# web-server.

#address=/double-click.net/127.0.0.1

+address=/hogeghoge.example.com/192.168.100.53 # 追加したいレコード

# --address (and --server) work with IPv6 addresses too.

#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83

別のネットワークからの名前解決リクエストに応答しない

Ubuntu 22.04LTS で dnsmasq を異ネットワークから応答出来るように設定する - Sig9 Memo v4.0

/etc/init.d/dnsmasq を以下のように変更する

code:diff

# or --auth-server exist in the configuration, so for most installations, it will

# have no effect, but for otherwise-unconfigured installations, it stops dnsmasq

# from being vulnerable to DNS-reflection attacks.

-DNSMASQ_OPTS="${DNSMASQ_OPTS} --local-service"

+DNSMASQ_OPTS="${DNSMASQ_OPTS}"

# If the dns-root-data package is installed, then the trust anchors will be

# available in ROOT_DS, in BIND zone-file format. Reformat as dnsmasq

# --trust-anchor options.

google/dnsmasq_exporter: dnsmasq exporter for Prometheus も入れてみた

https://scrapbox.io/files/673735498d43c7b7d68fd459.png

いろいろいじって完成したダッシュボードがこちら。

https://scrapbox.io/files/673762f2c1c92a668e7c2a69.png