OpenWrt 是一个专门面向嵌入式设备的 Linux 发行版。你可以将 OpenWrt 支持的型号的嵌入式设备,比如各种路由器上的系统,换成一个有更多可能性可以折腾的 Linux 系统。 OpenWrt 官方网站
这是一个创建于 1069 天前的主题,其中的信息可能已经有所发展或是发生改变。
RT ,openwrt 里使用 dnsmasq 作为内网的 DNS server 和 DHCP server ,但是我理解 dnsmasq 总要找一个外网的 DNS server 作为上游
现在的问题是,怎么看 dnsmasq 到底把哪个外网的 DNS server 作为上游?
/etc/ppp/resolv.conf 里确实可以看到电信 PPPOE 通告的两个 DNS ,116.x.x.x 180.x.x.x,但不确定 dnsmasq 是否使用这两个地址
/etc/dnsmasq.conf 里面没有填写任何 server 的信息,也没有 resolv-file 的信息,只有一行 log-facility
以上请教 V 友
 | 1 hefish 2022-11-09 10:49:56 +08:00 pppoe 的话,应该用的就是获取到的 dns 吧。 |
 | 3 Greenm 2022-11-09 10:58:11 +08:00 不确定的话,可以用 dig +trace example.com 来看查询的顺序和细节。 |
 | 4 ashong 2022-11-09 10:58:55 +08:00 server="dns server" 就是 dnsmasq 用的上游服务器 如果没有设置就会用自动下发的 dns server |
| 5 hefish 2022-11-09 11:05:10 +08:00  1 openwrt 的 dnsmasq.conf 好像是在 /tmp 里面。拨号完成后,会更新 dnsmasq.conf 的。 |
| 6 ashong 2022-11-09 11:13:54 +08:00 1 ps 看看 dnsmasql.conf 具体位置 一般在 /var/etc/dnsmasq.conf.xxxx , 是根据 /etc/config/dhcp 生成的 |
7
wanmyj OP
root@OpenWrt:~# dig +trace qq.com
; <<>> DiG 9.18.1 <<>> +trace qq.com
;; global options: +cmd
. 406137 IN NS d.root-servers.net.
. 406137 IN NS a.root-servers.net.
. 406137 IN NS c.root-servers.net.
. 406137 IN NS k.root-servers.net.
. 406137 IN NS g.root-servers.net.
. 406137 IN NS e.root-servers.net.
. 406137 IN NS i.root-servers.net.
. 406137 IN NS f.root-servers.net.
. 406137 IN NS j.root-servers.net.
. 406137 IN NS m.root-servers.net.
. 406137 IN NS h.root-servers.net.
. 406137 IN NS b.root-servers.net.
. 406137 IN NS l.root-servers.net.
;; Received 267 bytes from 127.0.0.1#53(127.0.0.1) in 7 ms
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20221121170000 20221108160000 18733 . ZgW2dKMBP6rqIgQSGN5uzFhNFZuIPUg7JrkXzgE9VKh68LOIuQlFgTTV xt3Sz4ytgru8JWcwCHgiqCTjbaN3WeHcrDVf0ItG0Az/01ofBWfoAu9S 1JFYcOrYkTUidn8R4vROkwzsTrZMirnB/4yrA4MD5thWVBr3IczcnFto DbADuw8Qy/RUEUfcu+LcQ4Ge+OzIP8eE1T6+nbMRqFZBSMFoBO1w0Mmk xNGyEclfFkymQ4CsYxnvYVstljpLqh1OhoAEwY6D+0cSh9dKNQ5LKhgq UXqfJ+zmdcvL+cVvMjfcB0Wj6/hmEkpEp1ISawlTjFUDgiKNZxiow02r JL4tsw==
;; Received 1166 bytes from 192.58.128.30#53(j.root-servers.net) in 207 ms
qq.com. 172800 IN NS ns1.qq.com.
qq.com. 172800 IN NS ns2.qq.com.
qq.com. 172800 IN NS ns3.qq.com.
qq.com. 172800 IN NS ns4.qq.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20221115052452 20221108041452 53929 com. I6WchJ68DWfxK/dUcVdCPHXEP0j/JONgBdU1cV0eK1CLYVDNVYJes0sH WIgBHteIuwGPCQR3a9ZIbfhfMLcYmKYfVVko0XwMOVXRzsgT0VDTXzxt xXRDdCC/MJkFVVKOMtG3EWlqZADXJEEqfYhY1Jcz+BBdkDsbxRfppJLy MqjGtAoiZoGz5je4DuZaCYtCT4b8j+F1w9pUenEHBVxoUw==
J976NFATTQBBQVJN3D1JJ5I441I469H9.com. 86400 IN NSEC3 1 1 0 - J976V9IM8597ALLH81MQKOSCKFOC08F5 NS DS RRSIG
J976NFATTQBBQVJN3D1JJ5I441I469H9.com. 86400 IN RRSIG NSEC3 8 2 86400 20221115070531 20221108055531 53929 com. OwNX8t8CWSGut3yCdam0g5AEc2AfBt7CHYoW1roQNMs5rS/l6CK2fMMY Ph08FKbWc27ttFBQNnnI379oPCGlEn5ISte8Sc+/V3imR6V+wrc9WFkS mRKW6xbWujl1QuWSqy9UjpG0ny0k7IphifuckeBrKLMhSS9mGETk63u2 XKMcFMVDBt14J0V02i69lLsZSwg/YQWM3LgfduYBEm/KHA==
;; Received 952 bytes from 192.41.162.30#53(l.gtld-servers.net) in 143 ms
qq.com. 600 IN A 61.129.7.47
qq.com. 600 IN A 183.3.226.35
qq.com. 600 IN A 203.205.254.157
qq.com. 600 IN A 123.151.137.18
qq.com. 86400 IN NS ns3.qq.com.
qq.com. 86400 IN NS ns4.qq.com.
qq.com. 86400 IN NS ns1.qq.com.
qq.com. 86400 IN NS ns2.qq.com.
;; Received 171 bytes from 203.205.220.251#53(ns1.qq.com) in 359 ms
@Greenm 这个结果看起来,应该是没有用 pppoe 下发的 DNS server ?
@ashong dnsmasq.conf 里并没有 server="dns server" 这一行
; <<>> DiG 9.18.1 <<>> +trace qq.com
;; global options: +cmd
. 406137 IN NS d.root-servers.net.
. 406137 IN NS a.root-servers.net.
. 406137 IN NS c.root-servers.net.
. 406137 IN NS k.root-servers.net.
. 406137 IN NS g.root-servers.net.
. 406137 IN NS e.root-servers.net.
. 406137 IN NS i.root-servers.net.
. 406137 IN NS f.root-servers.net.
. 406137 IN NS j.root-servers.net.
. 406137 IN NS m.root-servers.net.
. 406137 IN NS h.root-servers.net.
. 406137 IN NS b.root-servers.net.
. 406137 IN NS l.root-servers.net.
;; Received 267 bytes from 127.0.0.1#53(127.0.0.1) in 7 ms
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20221121170000 20221108160000 18733 . ZgW2dKMBP6rqIgQSGN5uzFhNFZuIPUg7JrkXzgE9VKh68LOIuQlFgTTV xt3Sz4ytgru8JWcwCHgiqCTjbaN3WeHcrDVf0ItG0Az/01ofBWfoAu9S 1JFYcOrYkTUidn8R4vROkwzsTrZMirnB/4yrA4MD5thWVBr3IczcnFto DbADuw8Qy/RUEUfcu+LcQ4Ge+OzIP8eE1T6+nbMRqFZBSMFoBO1w0Mmk xNGyEclfFkymQ4CsYxnvYVstljpLqh1OhoAEwY6D+0cSh9dKNQ5LKhgq UXqfJ+zmdcvL+cVvMjfcB0Wj6/hmEkpEp1ISawlTjFUDgiKNZxiow02r JL4tsw==
;; Received 1166 bytes from 192.58.128.30#53(j.root-servers.net) in 207 ms
qq.com. 172800 IN NS ns1.qq.com.
qq.com. 172800 IN NS ns2.qq.com.
qq.com. 172800 IN NS ns3.qq.com.
qq.com. 172800 IN NS ns4.qq.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20221115052452 20221108041452 53929 com. I6WchJ68DWfxK/dUcVdCPHXEP0j/JONgBdU1cV0eK1CLYVDNVYJes0sH WIgBHteIuwGPCQR3a9ZIbfhfMLcYmKYfVVko0XwMOVXRzsgT0VDTXzxt xXRDdCC/MJkFVVKOMtG3EWlqZADXJEEqfYhY1Jcz+BBdkDsbxRfppJLy MqjGtAoiZoGz5je4DuZaCYtCT4b8j+F1w9pUenEHBVxoUw==
J976NFATTQBBQVJN3D1JJ5I441I469H9.com. 86400 IN NSEC3 1 1 0 - J976V9IM8597ALLH81MQKOSCKFOC08F5 NS DS RRSIG
J976NFATTQBBQVJN3D1JJ5I441I469H9.com. 86400 IN RRSIG NSEC3 8 2 86400 20221115070531 20221108055531 53929 com. OwNX8t8CWSGut3yCdam0g5AEc2AfBt7CHYoW1roQNMs5rS/l6CK2fMMY Ph08FKbWc27ttFBQNnnI379oPCGlEn5ISte8Sc+/V3imR6V+wrc9WFkS mRKW6xbWujl1QuWSqy9UjpG0ny0k7IphifuckeBrKLMhSS9mGETk63u2 XKMcFMVDBt14J0V02i69lLsZSwg/YQWM3LgfduYBEm/KHA==
;; Received 952 bytes from 192.41.162.30#53(l.gtld-servers.net) in 143 ms
qq.com. 600 IN A 61.129.7.47
qq.com. 600 IN A 183.3.226.35
qq.com. 600 IN A 203.205.254.157
qq.com. 600 IN A 123.151.137.18
qq.com. 86400 IN NS ns3.qq.com.
qq.com. 86400 IN NS ns4.qq.com.
qq.com. 86400 IN NS ns1.qq.com.
qq.com. 86400 IN NS ns2.qq.com.
;; Received 171 bytes from 203.205.220.251#53(ns1.qq.com) in 359 ms
@Greenm 这个结果看起来,应该是没有用 pppoe 下发的 DNS server ?
@ashong dnsmasq.conf 里并没有 server="dns server" 这一行
| 8 wanmyj OP @hefish @Greenm @ashong 多谢 V 友,找到了配置文件,在这里 root@OpenWrt:~# find / -name dnsmasq.conf.* /tmp/etc/dnsmasq.conf.cfg01411c root@OpenWrt:~# cat /tmp/etc/dnsmasq.conf.cfg01411c # auto-generated config file from /etc/config/dhcp conf-file=/etc/dnsmasq.conf dhcp-authoritative domain-needed localise-queries read-ethers enable-ubus=dnsmasq expand-hosts bind-dynamic local-service filter-aaaa port=53 domain=lan local=/lan/ addn-hosts=/tmp/hosts dhcp-leasefile=/tmp/dhcp.leases resolv-file=/tmp/resolv.conf.d/resolv.conf.auto stop-dns-rebind rebind-localhost-ok dhcp-broadcast=tag:needs-broadcast conf-dir=/tmp/dnsmasq.d user=dnsmasq group=dnsmasq dhcp-ignore-names=tag:dhcp_bogus_hostname conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf srv-host=_vlmcs._tcp,OpenWrt,1688,0,100 bogus-priv conf-file=/usr/share/dnsmasq/rfc6761.conf dhcp-range=set:lan,192.168.5.100,192.168.5.249,255.255.255.0,12h no-dhcp-interface=pppoe-wan root@OpenWrt:~# cat /tmp/resolv.conf.d/resolv.conf.auto # Interface wan_6 nameserver 240e:58:-------------------------- nameserver 240e:58:---------------- # Interface wan nameserver 116.228.111.118 nameserver 180.168.255.18 |
| 9 wanmyj OP 但还是奇怪为什么 dig +trace example.com 会直接去根 DNSserver 请求,而不是去 116.x.x.x 这个 ISP DNS server 请求? |
| 10 hefish 2022-11-09 11:30:09 +08:00 指定了 resolv-file=/tmp/resolv.conf.d/resolv.conf.auto 这个就应该可以了吧。 |
| 13 wanmyj OP @julyclyde thanks for clarification. 是的,我后来也搜了下 dig +trace 的用法,它的作用就从根开始查。而不是我预想的先查 dnsmasq ,dnsmasq 如果没缓存则 dnsmasq 去查 ISP DNS ,如果没有再查根。 |
 | 14 baobao1270 2022-11-10 06:32:12 +08:00 使用的是 /etc/resolv.conf 的服务器,默认是 PPPoE 下发的服务器,如果你自己在 LAN 填了 DNS ,会都使用。 但是这个 dnsmasq 不是必须的,可以去 DHCP 设置里把 DNS 地址改成别的。比如我就改了 1.1.1.1 |
 | 15 wonderblank 2022-11-15 14:02:56 +08:00 我的是强制的,直接重定向到我的 DNS 服务器。 ``` root@main:~# nft list ruleset | grep DNS iifname "br-lan" meta l4proto { tcp, udp } th dport 53 counter packets 9765 bytes 686829 ip saddr != 10.0.10.53 dnat ip to 10.0.10.53 comment "DNS" oifname "br-lan" meta l4proto { tcp, udp } th dport 53 ip daddr 10.0.10.53 counter packets 8793 bytes 600911 snat ip to 10.0.10.1 comment "DNS" ``` |
| 16 wanmyj OP 给后来人参考,我用 tcpdump 抓 DNS 包 wan 口筛选 53 端口始终是没有报文,最后发现是因为二层用了 PPPOE 的协议 如果用 PPPOE 拨号,tcpdump 的抓包要注意修改一下加 pppoes 字段,参考 tcpdump -n -i eth1 -c 100 pppoes and port 53 |
Select Language