Ubuntu2024 + Dnsmasq 2.90 部署内网DNS服务器参考配置

准备工作

关闭本地解析服务，释放53端口（也有二者共存的方案，但不适合生产环境）

systemctl stop systemd-resolved.service
systemctl disable systemd-resolved.service

修改配置

/etc/dnsmasq.conf

port=53   #DNS端口53
no-hosts  #无视 /etc/hosts
no-resolv #无视 /etc/resolv.conf
server=223.5.5.5 # 指定上游DNS服务器
listen-address=127.0.0.53,127.0.0.1,192.168.0.53 #注意这些IP
cache-size=150
log-queries #记录DNS查询日志

注意：

• 由于 systemd-resolved 的配置文件 /etc/resolv.conf 默认使用了 127.0.0.53 作为本地DNS服务器，为了不影响本地解析，需要监听上这个IP
• conf-dir 用默认值，可以按需修改

/etc/dnsmasq.d/目录下的文件

⚠️ 注意 README 文件：

除了那几个dpkg的后缀，/etc/dnsmasq.d/ 下的文件都会被当成配置文件，所以书写格式要注意规范。

# All files in this directory will be read by dnsmasq as
# configuration files, except if their names end in
# ".dpkg-dist",".dpkg-old" or ".dpkg-new"
#
# This can be changed by editing /etc/default/dnsmasq

addr.conf

address=/xxx.com/10.10.10.123

cname.conf 目标域名需以.结尾，否则会被视为当前域的子域名

cname=img.xxx.com,imgxxx.qiniudns.com.

hosts.conf

host-record=test.xxx.com,127.0.0.1

mx.conf

mx-host=xxx.com,mail1.xxx.com,10
mx-host=xxx.com,mail2.xxx.com,20

启动并查看DNS查询日志

systemctl restart dnsmasq.service
journalctl -fu dnsmasq.service

本地测试

# dig www.qq.com
www.qq.com.		120	IN	CNAME	ins-r23tsuuf.ias.tencent-cloud.net.
ins-r23tsuuf.ias.tencent-cloud.net. 24 IN A	175.27.8.138
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)

异地测试

# dig www.qq.com @192.168.0.53
www.qq.com.		120	IN	CNAME	ins-r23tsuuf.ias.tencent-cloud.net.
ins-r23tsuuf.ias.tencent-cloud.net. 24 IN A	175.27.8.138
;; SERVER: 192.168.0.53#53(192.168.0.53)