DNS/DHCP SERVER
sudo apt install dnsutils
DNSMASQ
TEST :
A records
dig +nocmd +noall +answer +multiline asterisk.uruk.kan a
TXT records
dig +nocmd +noall +answer +multiline asterisk.uruk.kan txt
/etc/dnsmasq.d/kvm-net
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39 | ### DHCP SERVER CONFIG ###
domain=kalacmul.uruk.kan
interface=eno1
interface=vmbr0
no-dhcp-interface=eno1
dhcp-range=10.14.17.50,10.14.17.200,12h
dhcp-option=vmbr0,3,10.14.17.1
#dhcp-option=option:router,10.14.17.1
#dhcp-option=option:ntp-server,10.0.0.10
dhcp-option=option:dns-server,10.14.17.1,1.1.1.1,8.8.8.8
dhcp-option=option:netmask,255.255.255.0
# define statics
dhcp-host=f6:d4:f8:12:a3:f1,10.14.17.100
dhcp-authoritative
### DNS SERVER CONFIG ###
#strict-order
domain-needed
bogus-priv
#no-hosts
no-resolv
dns-forward-max=150
cache-size=1000
#no-negcache
neg-ttl=3600
#resolv-file=/etc/resolv.dnsmasq
#no-poll
# pools
conf-file=/etc/dnsmasq.d/kvm-banned-hosts.conf
conf-file=/etc/dnsmasq.d/kvm-allowed-hosts.conf
log-queries
log-dhcp
|
/etc/dnsmasq.d/kvm-allowed-hosts.conf
| # asterisk,uruk.kan
address=/asterisk.uruk.kan/10.14.17.100
txt-record=asterisk.uruk.kan,"v=spf1 a -all"
cname=phone.uruk.kan,asterisk.uruk.kan
# mail,uruk.kan
address=/mail.uruk.kan/10.14.17.110
txt-record=mail.uruk.kan,"v=spf1 a -all"
cname=email.uruk.kan,mail.uruk.kan
|
/etc/dnsmasq.d/kvm-banned-hosts.conf
| address=/caliente.mx/127.0.0.1
|
/etc/resolv.conf
| nameserver 127.0.0.1
nameserver 1.1.1.3
nameserver 8.8.8.8
|
/etc/network/interfaces
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90 | # network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
#### Configuration for VM as nat ####
#Uncomment when are in use :
allow-hotplug eno1
auto eno1
iface eno1 inet manual
address 192.168.1.224
netmask 255.255.255.0
gateway 192.168.1.254
ethernet-wol g
dns-search invalid
# cloudfare
#
#Malware Blocking Only
#Primary DNS: 1.1.1.2
#Secondary DNS: 1.0.0.2
#
#Malware and Adult Content
#Primary DNS: 1.1.1.3
#Secondary DNS: 1.0.0.3
# OpenDNS FamilyShield
# Preferred DNS Server: 208.67.222.123
# Alternate DNS Server: 208.67.220.123
#Norton ConnectSafe
#Security + Pornography + Non-Family Friendly
#Preferred DNS Server: 198.153.192.60
#Alternate DNS Server: 198.153.194.60
dns-nameservers 127.0.0.1 1.1.1.3 8.8.8.8
#up ip route replace 10.114.7.0/24 via 192.168.0.1 dev eno1
#Uncomment when are in use :
allow-hotplug vmbr0
auto vmbr0
iface vmbr0 inet static
address 10.14.17.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
# bridge_waitport 0
bridge_fd 0
# up route add -net 10.0.3.0 netmask 255.255.0.0 gw 10.14.17.1
up ip route add 10.14.17.0/24 via 10.14.17.1 dev vmbr0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.14.17.0/24' -o eno1 -j MASQUERADE
# NOTE ADD routes to ediq.mx
post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 4443 -j DNAT --to-destination 10.14.17.105:443
post-down iptables -t nat -D POSTROUTING -s '10.14.17.0/24' -o eno1 -j MASQUERADE
# post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
# post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
#
#
# Autostart Wifi Source
#
# allow-hotplug wlp3s0
# auto wlp3s0
iface wlp3s0 inet dhcp
iface wlp3s0 inet static
address 192.168.1.153
netmask 255.255.255.0
gateway 192.168.1.254
dns-search invalid
dns-nameservers 1.1.1.1 192.168.1.254
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
|
/etc/hosts/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 | 127.0.0.1 localhost
192.168.1.224 kalacmul.uruk.kan kalacmul
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
207.244.226.77 hypervisor
62.171.154.150 hypercloud
207.244.226.189 hypervpn
# Tunnel maps
10.44.45.1 tun45.baizabal.xyz
10.44.46.1 tun46.baizabal.xyz
#Integranas 192.168.20.168
187.190.252.166 integranas
#internal VM
10.14.17.100 asterisk.uruk.kan
10.14.17.110 mail.uruk.kan
# 10.14.17.105 bms
# 10.14.17.127 books
# Hypervisor trough tunnel
10.0.8.221 integramail
10.8.0.9 ironman
10.8.0.242 integraocs
|
CNAME
Source
You have to keep in mind, that the to be resolved hostname has to be added to the /etc/hosts file too
E.g.: the right part in the hosts file:
dnsmasq.conf entry: cname=cname.example.com,ip1.example.com
Test:
That’s all it takes ;-)
| ping cname.example.com
PING ip1.example.com (10.1.1.1) 56(84) bytes of data.
64 bytes from ip1.example.com (10.1.1.1): icmp_seq=1 ttl=64 time=0.063 ms
|
ISC-DHCP-SERVER
/etc/default/isc-dhcp-server
DHCP PROTOCOL
dnsmasq logs
for avaya example :
IP phone ack to dhcp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 | Oct 10 20:53:28 uxmal systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Oct 10 20:54:56 uxmal dnsmasq-dhcp[168841]: 3597900336 available DHCP range: 192.168.1.50 -- 192.168.1.200
Oct 10 20:54:56 uxmal dnsmasq-dhcp[168841]: 3597900336 client provides name: AVX51DA20
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 DHCPDISCOVER(enp1s5) 00:1b:4f:51:da:20
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 tags: enp1s5
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 DHCPOFFER(enp1s5) 192.168.1.54 00:1b:4f:51:da:20
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 requested options: 1:netmask, 28:broadcast, 3:router, 6:dns-server,
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 requested options: 15:domain-name, 42:ntp-server, 242
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 next server: 192.168.1.1
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 1 option: 53 message-type 2
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 4 option: 54 server-identifier 192.168.1.1
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 4 option: 51 lease-time 12h
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 4 option: 58 T1 6h
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 4 option: 59 T2 10h30m
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 4 option: 28 broadcast 192.168.1.255
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 4 option: 3 router 192.168.1.1
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 14 option: 15 domain-name uxmal.uruk.kan
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 12 option: 6 dns-server 192.168.1.1, 1.1.1.3, 8.8.8.8
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 4 option: 42 ntp-server 173.212.200.183
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3597900336 sent size: 4 option: 1 netmask 255.255.255.0
Oct 10 20:54:59 uxmal dnsmasq-dhcp[168841]: 3140276212 available DHCP range: 192.168.1.50 -- 192.168.1.200
|
for cisco
Cisco
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 | Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 available DHCP range: 192.168.1.50 -- 192.168.1.200
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 vendor class: Cisco Systems, Inc. IP Phone CP-6941
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 client provides name: SEP1CE6C798A582
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 DHCPREQUEST(enp1s5) 192.168.1.147 1c:e6:c7:98:a5:82
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 tags: enp1s5
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 DHCPACK(enp1s5) 192.168.1.147 1c:e6:c7:98:a5:82 SEP1CE6C798A582
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 requested options: 1:netmask, 28:broadcast, 3:router, 6:dns-server,
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 requested options: 15:domain-name, 35:arp-timeout, 66:tftp-server,
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 requested options: 150:tftp-server-address
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 next server: 192.168.1.1
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 broadcast response
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 sent size: 1 option: 53 message-type 5
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 sent size: 4 option: 54 server-identifier 192.168.1.1
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 sent size: 4 option: 51 lease-time 12h
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 sent size: 4 option: 58 T1 6h
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 sent size: 4 option: 59 T2 10h30m
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 sent size: 8 option: 15 domain-name uruk.kan
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 sent size: 12 option: 6 dns-server 192.168.1.1, 1.1.1.3, 8.8.8.8
Oct 11 16:39:51 uxmal dnsmasq-dhcp[650460]: 1979671737 sent size: 4 option: 1 netmask 255.255.255.0
|
Pretty Log dnsmasq
Log file can be parsed in real-time with tail+awk:
$ vi dnsmasq.awk
#!/usr/bin/awk -f
BEGIN {
OFS = ",";
}
$5 == "query[A]" {
time = mktime( \
sprintf("%04d %02d %02d %s\n", \
strftime("%Y", systime()), \
(match("JanFebMarAprMayJunJulAugSepOctNovDec",$1)+2)/3, \
$2, \
gensub(":", " ", "g", $3) \
) \
);
query = $6;
host = $8;
print time, host, query;
}
$ chmod +x dnsmasq.awk
$ tail -f /tmp/dnsmasq.log | ./dnsmasq.awk
1468999090,192.168.1.100,google.com
1468999092,192.168.1.101,youtube.com
1468999095,192.168.1.102,facebook.com
1468999097,192.168.1.100,qa.sockets.stackexchange.com
More advanced method is sending log via filebeat to ELK in realtime.
Last update:
Nov 20, 2024