Update `/etc/dnsmasq.conf` & `/etc/systemd/resolved.conf` for `Ubuntu 22.04`.
This commit is contained in:
parent
c40dc83965
commit
1875e14f29
|
@ -13,7 +13,7 @@ else
|
||||||
end
|
end
|
||||||
ipaddr = run_command(cmd).stdout.chomp
|
ipaddr = run_command(cmd).stdout.chomp
|
||||||
|
|
||||||
cmd = 'grep nameserver /run/systemd/resolve/resolv.conf | grep -v 8.8.8.8 | grep -v 127.0.0.1 | perl -pe "s/nameserver //g" | perl -pe "s/\n/ /g"'
|
cmd = 'grep nameserver /run/systemd/resolve/resolv.conf | grep -v 8.8.8.8 | grep -v 127.0.0.1 | perl -pe "s/nameserver //g" | sort | uniq | perl -pe "s/\n/ /g"'
|
||||||
dns = run_command(cmd).stdout.chomp
|
dns = run_command(cmd).stdout.chomp
|
||||||
|
|
||||||
node.reverse_merge!({
|
node.reverse_merge!({
|
||||||
|
|
|
@ -7,7 +7,27 @@ package 'dnsmasq'
|
||||||
end
|
end
|
||||||
|
|
||||||
case run_command('grep VERSION_ID /etc/os-release | awk -F\" \'{print $2}\'').stdout.chomp
|
case run_command('grep VERSION_ID /etc/os-release | awk -F\" \'{print $2}\'').stdout.chomp
|
||||||
when "20.04", "22.04"
|
when "22.04"
|
||||||
|
template '/etc/systemd/resolved.conf' do
|
||||||
|
owner 'root'
|
||||||
|
group 'root'
|
||||||
|
mode '644'
|
||||||
|
|
||||||
|
source 'templates/etc/systemd/resolved.conf.2022.erb'
|
||||||
|
variables(dns: node['consul']['dns'])
|
||||||
|
|
||||||
|
notifies :restart, 'service[systemd-resolved]', :immediately
|
||||||
|
end
|
||||||
|
|
||||||
|
remote_file '/etc/dnsmasq.conf' do
|
||||||
|
owner 'root'
|
||||||
|
group 'root'
|
||||||
|
mode '644'
|
||||||
|
|
||||||
|
notifies :restart, 'service[dnsmasq]', :immediately
|
||||||
|
end
|
||||||
|
|
||||||
|
when "20.04"
|
||||||
template '/etc/systemd/resolved.conf' do
|
template '/etc/systemd/resolved.conf' do
|
||||||
owner 'root'
|
owner 'root'
|
||||||
group 'root'
|
group 'root'
|
||||||
|
|
|
@ -63,7 +63,6 @@ strict-order
|
||||||
|
|
||||||
# Add other name servers here, with domain specs if they are for
|
# Add other name servers here, with domain specs if they are for
|
||||||
# non-public domains.
|
# non-public domains.
|
||||||
#server=/localnet/192.168.0.1
|
|
||||||
server=/consul/127.0.0.1#8600
|
server=/consul/127.0.0.1#8600
|
||||||
|
|
||||||
# Example of routing PTR queries to nameservers: this will send all
|
# Example of routing PTR queries to nameservers: this will send all
|
||||||
|
@ -91,7 +90,7 @@ server=/consul/127.0.0.1#8600
|
||||||
# server=10.1.2.3@eth1
|
# server=10.1.2.3@eth1
|
||||||
|
|
||||||
# and this sets the source (ie local) address used to talk to
|
# and this sets the source (ie local) address used to talk to
|
||||||
# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
|
# 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that
|
||||||
# IP on the machine, obviously).
|
# IP on the machine, obviously).
|
||||||
# server=10.1.2.3@192.168.1.1#55
|
# server=10.1.2.3@192.168.1.1#55
|
||||||
|
|
||||||
|
@ -190,7 +189,7 @@ server=/consul/127.0.0.1#8600
|
||||||
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
|
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
|
||||||
# hosts. Use the DHCPv4 lease to derive the name, network segment and
|
# hosts. Use the DHCPv4 lease to derive the name, network segment and
|
||||||
# MAC address and assume that the host will also have an
|
# MAC address and assume that the host will also have an
|
||||||
# IPv6 address calculated using the SLAAC alogrithm.
|
# IPv6 address calculated using the SLAAC algorithm.
|
||||||
#dhcp-range=1234::, ra-names
|
#dhcp-range=1234::, ra-names
|
||||||
|
|
||||||
# Do Router Advertisements, BUT NOT DHCP for this subnet.
|
# Do Router Advertisements, BUT NOT DHCP for this subnet.
|
||||||
|
@ -211,7 +210,7 @@ server=/consul/127.0.0.1#8600
|
||||||
#dhcp-range=1234::, ra-stateless, ra-names
|
#dhcp-range=1234::, ra-stateless, ra-names
|
||||||
|
|
||||||
# Do router advertisements for all subnets where we're doing DHCPv6
|
# Do router advertisements for all subnets where we're doing DHCPv6
|
||||||
# Unless overriden by ra-stateless, ra-names, et al, the router
|
# Unless overridden by ra-stateless, ra-names, et al, the router
|
||||||
# advertisements will have the M and O bits set, so that the clients
|
# advertisements will have the M and O bits set, so that the clients
|
||||||
# get addresses and configuration from DHCPv6, and the A bit reset, so the
|
# get addresses and configuration from DHCPv6, and the A bit reset, so the
|
||||||
# clients don't use SLAAC addresses.
|
# clients don't use SLAAC addresses.
|
||||||
|
@ -252,7 +251,7 @@ server=/consul/127.0.0.1#8600
|
||||||
# the IP address 192.168.0.60
|
# the IP address 192.168.0.60
|
||||||
#dhcp-host=id:01:02:02:04,192.168.0.60
|
#dhcp-host=id:01:02:02:04,192.168.0.60
|
||||||
|
|
||||||
# Always give the Infiniband interface with hardware address
|
# Always give the InfiniBand interface with hardware address
|
||||||
# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
|
# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
|
||||||
# ip address 192.168.0.61. The client id is derived from the prefix
|
# ip address 192.168.0.61. The client id is derived from the prefix
|
||||||
# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
|
# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
|
||||||
|
@ -289,7 +288,7 @@ server=/consul/127.0.0.1#8600
|
||||||
# Give a fixed IPv6 address and name to client with
|
# Give a fixed IPv6 address and name to client with
|
||||||
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
|
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
|
||||||
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
|
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
|
||||||
# Note also the they [] around the IPv6 address are obilgatory.
|
# Note also that the [] around the IPv6 address are obligatory.
|
||||||
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
|
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
|
||||||
|
|
||||||
# Ignore any clients which are not specified in dhcp-host lines
|
# Ignore any clients which are not specified in dhcp-host lines
|
||||||
|
@ -355,11 +354,11 @@ server=/consul/127.0.0.1#8600
|
||||||
|
|
||||||
# Set option 58 client renewal time (T1). Defaults to half of the
|
# Set option 58 client renewal time (T1). Defaults to half of the
|
||||||
# lease time if not specified. (RFC2132)
|
# lease time if not specified. (RFC2132)
|
||||||
#dhcp-option=option:T1:1m
|
#dhcp-option=option:T1,1m
|
||||||
|
|
||||||
# Set option 59 rebinding time (T2). Defaults to 7/8 of the
|
# Set option 59 rebinding time (T2). Defaults to 7/8 of the
|
||||||
# lease time if not specified. (RFC2132)
|
# lease time if not specified. (RFC2132)
|
||||||
#dhcp-option=option:T2:2m
|
#dhcp-option=option:T2,2m
|
||||||
|
|
||||||
# Set the NTP time server address to be the same machine as
|
# Set the NTP time server address to be the same machine as
|
||||||
# is running dnsmasq
|
# is running dnsmasq
|
||||||
|
@ -437,22 +436,22 @@ server=/consul/127.0.0.1#8600
|
||||||
#dhcp-option-force=211,30i
|
#dhcp-option-force=211,30i
|
||||||
|
|
||||||
# Set the boot filename for netboot/PXE. You will only need
|
# Set the boot filename for netboot/PXE. You will only need
|
||||||
# this is you want to boot machines over the network and you will need
|
# this if you want to boot machines over the network and you will need
|
||||||
# a TFTP server; either dnsmasq's built in TFTP server or an
|
# a TFTP server; either dnsmasq's built-in TFTP server or an
|
||||||
# external one. (See below for how to enable the TFTP server.)
|
# external one. (See below for how to enable the TFTP server.)
|
||||||
#dhcp-boot=pxelinux.0
|
#dhcp-boot=pxelinux.0
|
||||||
|
|
||||||
# The same as above, but use custom tftp-server instead machine running dnsmasq
|
# The same as above, but use custom tftp-server instead machine running dnsmasq
|
||||||
#dhcp-boot=pxelinux,server.name,192.168.1.100
|
#dhcp-boot=pxelinux,server.name,192.168.1.100
|
||||||
|
|
||||||
# Boot for Etherboot gPXE. The idea is to send two different
|
# Boot for iPXE. The idea is to send two different
|
||||||
# filenames, the first loads gPXE, and the second tells gPXE what to
|
# filenames, the first loads iPXE, and the second tells iPXE what to
|
||||||
# load. The dhcp-match sets the gpxe tag for requests from gPXE.
|
# load. The dhcp-match sets the ipxe tag for requests from iPXE.
|
||||||
#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
|
#dhcp-boot=undionly.kpxe
|
||||||
#dhcp-boot=tag:!gpxe,undionly.kpxe
|
#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
|
||||||
#dhcp-boot=mybootimage
|
#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
|
||||||
|
|
||||||
# Encapsulated options for Etherboot gPXE. All the options are
|
# Encapsulated options for iPXE. All the options are
|
||||||
# encapsulated within option 175
|
# encapsulated within option 175
|
||||||
#dhcp-option=encap:175, 1, 5b # priority code
|
#dhcp-option=encap:175, 1, 5b # priority code
|
||||||
#dhcp-option=encap:175, 176, 1b # no-proxydhcp
|
#dhcp-option=encap:175, 176, 1b # no-proxydhcp
|
||||||
|
@ -526,7 +525,7 @@ server=/consul/127.0.0.1#8600
|
||||||
# (using /etc/hosts) then that name can be specified as the
|
# (using /etc/hosts) then that name can be specified as the
|
||||||
# tftp_servername (the third option to dhcp-boot) and in that
|
# tftp_servername (the third option to dhcp-boot) and in that
|
||||||
# case dnsmasq resolves this name and returns the resultant IP
|
# case dnsmasq resolves this name and returns the resultant IP
|
||||||
# addresses in round robin fasion. This facility can be used to
|
# addresses in round robin fashion. This facility can be used to
|
||||||
# load balance the tftp load among a set of servers.
|
# load balance the tftp load among a set of servers.
|
||||||
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
|
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
|
||||||
|
|
||||||
|
@ -548,6 +547,14 @@ server=/consul/127.0.0.1#8600
|
||||||
# http://www.isc.org/files/auth.html
|
# http://www.isc.org/files/auth.html
|
||||||
#dhcp-authoritative
|
#dhcp-authoritative
|
||||||
|
|
||||||
|
# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
|
||||||
|
# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
|
||||||
|
# option with a DHCPACK including a Rapid Commit option and fully committed address
|
||||||
|
# and configuration information. This must only be enabled if either the server is
|
||||||
|
# the only server for the subnet, or multiple servers are present and they each
|
||||||
|
# commit a binding for all clients.
|
||||||
|
#dhcp-rapid-commit
|
||||||
|
|
||||||
# Run an executable when a DHCP lease is created or destroyed.
|
# Run an executable when a DHCP lease is created or destroyed.
|
||||||
# The arguments sent to the script are "add" or "del",
|
# The arguments sent to the script are "add" or "del",
|
||||||
# then the MAC address, the IP address and finally the hostname
|
# then the MAC address, the IP address and finally the hostname
|
||||||
|
@ -665,3 +672,8 @@ server=/consul/127.0.0.1#8600
|
||||||
|
|
||||||
# Include all files in a directory which end in .conf
|
# Include all files in a directory which end in .conf
|
||||||
#conf-dir=/etc/dnsmasq.d/,*.conf
|
#conf-dir=/etc/dnsmasq.d/,*.conf
|
||||||
|
|
||||||
|
# If a DHCP client claims that its name is "wpad", ignore that.
|
||||||
|
# This fixes a security hole. see CERT Vulnerability VU#598349
|
||||||
|
#dhcp-name-match=set:wpad-ignore,wpad
|
||||||
|
#dhcp-ignore-names=tag:wpad-ignore
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
# This file is part of systemd.
|
||||||
|
#
|
||||||
|
# systemd is free software; you can redistribute it and/or modify it under the
|
||||||
|
# terms of the GNU Lesser General Public License as published by the Free
|
||||||
|
# Software Foundation; either version 2.1 of the License, or (at your option)
|
||||||
|
# any later version.
|
||||||
|
#
|
||||||
|
# Entries in this file show the compile time defaults. Local configuration
|
||||||
|
# should be created by either modifying this file, or by creating "drop-ins" in
|
||||||
|
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
|
||||||
|
# Defaults can be restored by simply deleting this file and all drop-ins.
|
||||||
|
#
|
||||||
|
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
|
||||||
|
#
|
||||||
|
# See resolved.conf(5) for details.
|
||||||
|
|
||||||
|
[Resolve]
|
||||||
|
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
|
||||||
|
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
|
||||||
|
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
|
||||||
|
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
|
||||||
|
DNS=127.0.0.1 <%= @dns %> 8.8.8.8
|
||||||
|
#FallbackDNS=
|
||||||
|
#Domains=
|
||||||
|
#DNSSEC=no
|
||||||
|
#DNSOverTLS=no
|
||||||
|
#MulticastDNS=no
|
||||||
|
#LLMNR=no
|
||||||
|
#Cache=no-negative
|
||||||
|
#CacheFromLocalhost=no
|
||||||
|
DNSStubListener=no
|
||||||
|
#DNSStubListenerExtra=
|
||||||
|
#ReadEtcHosts=yes
|
||||||
|
#ResolveUnicastSingleLabel=no
|
Loading…
Reference in New Issue