linux – 如何强制dnsmasq仅为某些指定的域名使用上游dns服务器?

现在我在dnsmasq.conf中有以下行,它可以很好地处理所有请求(/#/匹配任何域;这是必需的):
address=/#/127.0.0.1

但是,有些域需要解析为127.0.0.1以外的IP地址.

作为临时解决方案,它们已添加到/ etc / hosts中:

209.85.148.95   ajax.googleapis.com
207.97.227.245  underscorejs.org
72.21.194.31    s3.amazonaws.com

不幸的是,这是一个非常临时的解决方案:一旦任何目标域的IP地址发生变化,它就会停止工作.

我的问题是:如何强制dnsmasq使用上游DNS服务器来解析某些(指定)域名的IP地址?

解决方法

您可以使用server =指令执行此操作,例如
server=/ajax.googleapis.com/8.8.8.8

会同样地在google公共DNS服务器上查询ajax.googleapis.com域名

server=/amazonaws.com/209.244.0.3

将查询Level3的amazonaws.com域的公共DNS服务器.

您可以将多个域组合在一起

server=/co.uk/com/8.8.4.4

将.co.uk和.com域名发送到DNS服务器8.8.4.4

您也可以拥有多个server =指令

−S,–server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]

Specify IP address of upstream severs directly. Setting this flag does not suppress reading of /etc/resolv.conf,use -R to do that. If one or more optional domains are given,that server is used only for those domains and they are queried only using the specified server. This is intended for private nameservers: if you have a nameserver on your network which deals with names of the form xxx.internal.thekelleys.org.uk at 192.168.1.1 then giving the flag -S /internal.thekelleys.org.uk/192.168.1.1 will send all queries for internal machines to that nameserver,everything else will go to the servers in /etc/resolv.conf. An empty domain specification,// has the special meaning of “unqualified names only” ie names without any dots in them. A non-standard port may be specified as part of the IP address using a # character. More than one -S flag is allowed,with repeated domain or ipaddr parts as required.

Also permitted is a -S flag which gives a domain but no IP address; this tells dnsmasq that a domain is local and it may answer queries from /etc/hosts or DHCP but should never forward queries on that domain to any upstream servers. local is a synonym for server to make configuration files clearer in this case.

The optional second IP address after the @ character tells dnsmasq how to set the source address of the queries to this nameserver. It should be an address belonging to the machine on which dnsmasq is running otherwise this server line will be logged and then ignored. The query-port flag is ignored for any servers which have a source address specified but the port may be specified directly as part of the source address.

相关文章

/etc/sysctl.conf这个目录主要是配置一些系统信息,/etc/sys...
1.作用 useradd或adduser命令用来建立用户帐号和创建用户的起...
它们都是多模式编辑器,不同的是vim 是vi的升级版本,它不仅...
不管是我们在安装软件还是监测软件的使用性能,我们都要随时...
装好Tomcat7后,发现除了本机能访问外界访问不了,岂有此理。...
修改防火墙配置需要修改 /etc/sysconfig/iptables 这个文件,...