1. Dnsmasq installation

Dnsmasq Installation: yum install dnsmasq -y 
Dnsmasq edition: dnsmasq -v
Dnsmasq Start: service dnsmasq start
 see Dnsmasq Normal startup: netstat -tunlp|grep 53

2. Dnsmasq configuration

1. The Dnsmasq configuration file is placed in / etc/dnsmasq.conf, vi  / Edit the configuration in / etc/dnsmasq.conf:

1,resolv-file=/etc/resolv.dnsmasq.conf，express dnsmasq Will look for upstream from this specified file dns The server
2,Cancel at the same time strict-order Previous registration#number;
3,inspect no-hosts Is there already one ahead#No. by default, dnsmasq will first find the local hosts file, then the cached domain name, and finally the upstream dns server;
4,set up: listen-address=127.0.0.1，Means this dnsmasq This machine is effective for its own use. Note: if you want this machine to be
 Other computers on the LAN can also be used Dnsmasq，The local area network should be IP Add: listen-address=192.168.1.123,
127.0.0.1. Note: if you want to allow all users to use your DNS Parse server listen-address Just remove it.

2. Modify / etc/resolv.conf:

 
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
cp /etc/resolv.conf /etc/resolv.dnsmasq.conf
echo 'nameserver 8.8.8.8' >> /etc/resolv.dnsmasq.conf
echo 'nameserver 192.168.1.21' >> /etc/resolv.dnsmasq.conf
cp /etc/hosts /etc/dnsmasq.hosts
echo 'addn-hosts=/etc/dnsmasq.hosts' >> /etc/dnsmasq.conf

The real nameserver is set in resolv.dnsmasq.conf, and some public DNS can be used.

3. Dnsmasq start

1. Set Dnsmasq startup and restart Dnsmasq service:

chkconfig dnsmasq on
service dnsmasq restart

2. Execute: netstat -tunlp|grep 53 to check whether Dnsmasq has started normally:

3. Test: dig www.baidu.com  ；

4. Dnsmasq use

1. Local DNS. Use Dnsmasq as a local DNS server and directly modify the IP address of the local DNS of the computer.

2. Deal with DNS hijacking by ISP. Enter a domain name that does not exist. Under normal circumstances, the browser displays that it cannot connect. DNS hijacking will jump to an advertising page. First, just nslookup a nonexistent domain name and look at the IP address hijacked by the ISP; Then edit the / etc/dnsmasq.conf file and add bogus nxdomain = 123.123.123.123. The following IP address is the DNS hijacking IP address just queried; Restart dnsmasq and try to open the nonexistent domain name. At this time, the browser will display the normal unable to connect page.

3. Intelligent DNS speeds up resolution. Open the / etc/dnsmasq.conf file and add the specified DNS after server = for example, different websites at home and abroad use different DNS.

#Domestic designated DNS
server=/cn/114.114.114.114
server=/taobao.com/114.114.114.114
server=/taobaocdn.com/114.114.114.114
#Foreign designated DNS
server=/google.com/223.5.5.5

server=/cn / means that all cn domain names use 114. server=/taobao.com / means that all taobao.com domain names use 114223.5.5.5. It is Alibaba cloud's public DNS. You can change it to another one.

4. Block web advertising. By specifying 127 as the IP address for the URL of the advertisement, you can remove the annoying advertisements on the web page.

address=/ad.youku.com/127.0.0.1
address=/ad.iqiyi.com/127.0.0.1

5. The specified domain name resolves to a specific IP. This function allows you to control the access of some websites. Illegal DNS often resolves some formal websites to incorrect IP addresses.

address=/www.test.com/192.168.1.21

6. Intranet DNS. First, set the local DNS of all devices in the LAN to the server IP address where Dnsmasq has been installed. Then modify the Hosts file of the server where Dnsmasq has been installed: / etc/hosts, and specify the domain name to a specific IP.

For example, if you want all users in the LAN to access www.test.com, jump to 192.168.1.25 and add: 192.168.1.25 www.test.com can be found in the Hosts file. The whole process can also be called "DNS hijacking".

5. Dnsmasq summary

1. As a local DNS server, Dnsmasq is easy to install and operate, and there are not many changes. If domestic VPS is used to build local DNS, the response speed will be faster and more stable.

2. Dnsmasq has powerful functions, such as anti DNS hijacking, accelerating resolution speed, shielding advertising, controlling intranet DNS, forcing domain names to jump to specific IP, etc. these functions are very useful in our actual life.