Update `/etc/dnsmasq.conf` & `/etc/systemd/resolved.conf` for `Ubuntu 22.04`.

This commit is contained in:
Kazuhiro MUSASHI 2022-10-01 11:56:17 +09:00
parent c40dc83965
commit 1875e14f29
4 changed files with 86 additions and 20 deletions

View File

@ -13,7 +13,7 @@ else
end end
ipaddr = run_command(cmd).stdout.chomp ipaddr = run_command(cmd).stdout.chomp
cmd = 'grep nameserver /run/systemd/resolve/resolv.conf | grep -v 8.8.8.8 | grep -v 127.0.0.1 | perl -pe "s/nameserver //g" | perl -pe "s/\n/ /g"' cmd = 'grep nameserver /run/systemd/resolve/resolv.conf | grep -v 8.8.8.8 | grep -v 127.0.0.1 | perl -pe "s/nameserver //g" | sort | uniq | perl -pe "s/\n/ /g"'
dns = run_command(cmd).stdout.chomp dns = run_command(cmd).stdout.chomp
node.reverse_merge!({ node.reverse_merge!({

View File

@ -7,7 +7,27 @@ package 'dnsmasq'
end end
case run_command('grep VERSION_ID /etc/os-release | awk -F\" \'{print $2}\'').stdout.chomp case run_command('grep VERSION_ID /etc/os-release | awk -F\" \'{print $2}\'').stdout.chomp
when "20.04", "22.04" when "22.04"
template '/etc/systemd/resolved.conf' do
owner 'root'
group 'root'
mode '644'
source 'templates/etc/systemd/resolved.conf.2022.erb'
variables(dns: node['consul']['dns'])
notifies :restart, 'service[systemd-resolved]', :immediately
end
remote_file '/etc/dnsmasq.conf' do
owner 'root'
group 'root'
mode '644'
notifies :restart, 'service[dnsmasq]', :immediately
end
when "20.04"
template '/etc/systemd/resolved.conf' do template '/etc/systemd/resolved.conf' do
owner 'root' owner 'root'
group 'root' group 'root'

View File

@ -63,7 +63,6 @@ strict-order
# Add other name servers here, with domain specs if they are for # Add other name servers here, with domain specs if they are for
# non-public domains. # non-public domains.
#server=/localnet/192.168.0.1
server=/consul/127.0.0.1#8600 server=/consul/127.0.0.1#8600
# Example of routing PTR queries to nameservers: this will send all # Example of routing PTR queries to nameservers: this will send all
@ -91,7 +90,7 @@ server=/consul/127.0.0.1#8600
# server=10.1.2.3@eth1 # server=10.1.2.3@eth1
# and this sets the source (ie local) address used to talk to # and this sets the source (ie local) address used to talk to
# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that # 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that
# IP on the machine, obviously). # IP on the machine, obviously).
# server=10.1.2.3@192.168.1.1#55 # server=10.1.2.3@192.168.1.1#55
@ -190,7 +189,7 @@ server=/consul/127.0.0.1#8600
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
# hosts. Use the DHCPv4 lease to derive the name, network segment and # hosts. Use the DHCPv4 lease to derive the name, network segment and
# MAC address and assume that the host will also have an # MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC alogrithm. # IPv6 address calculated using the SLAAC algorithm.
#dhcp-range=1234::, ra-names #dhcp-range=1234::, ra-names
# Do Router Advertisements, BUT NOT DHCP for this subnet. # Do Router Advertisements, BUT NOT DHCP for this subnet.
@ -211,7 +210,7 @@ server=/consul/127.0.0.1#8600
#dhcp-range=1234::, ra-stateless, ra-names #dhcp-range=1234::, ra-stateless, ra-names
# Do router advertisements for all subnets where we're doing DHCPv6 # Do router advertisements for all subnets where we're doing DHCPv6
# Unless overriden by ra-stateless, ra-names, et al, the router # Unless overridden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients # advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the # get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses. # clients don't use SLAAC addresses.
@ -252,7 +251,7 @@ server=/consul/127.0.0.1#8600
# the IP address 192.168.0.60 # the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60 #dhcp-host=id:01:02:02:04,192.168.0.60
# Always give the Infiniband interface with hardware address # Always give the InfiniBand interface with hardware address
# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the # 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
# ip address 192.168.0.61. The client id is derived from the prefix # ip address 192.168.0.61. The client id is derived from the prefix
# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of # ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
@ -289,7 +288,7 @@ server=/consul/127.0.0.1#8600
# Give a fixed IPv6 address and name to client with # Give a fixed IPv6 address and name to client with
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients. # Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
# Note also the they [] around the IPv6 address are obilgatory. # Note also that the [] around the IPv6 address are obligatory.
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
# Ignore any clients which are not specified in dhcp-host lines # Ignore any clients which are not specified in dhcp-host lines
@ -355,11 +354,11 @@ server=/consul/127.0.0.1#8600
# Set option 58 client renewal time (T1). Defaults to half of the # Set option 58 client renewal time (T1). Defaults to half of the
# lease time if not specified. (RFC2132) # lease time if not specified. (RFC2132)
#dhcp-option=option:T1:1m #dhcp-option=option:T1,1m
# Set option 59 rebinding time (T2). Defaults to 7/8 of the # Set option 59 rebinding time (T2). Defaults to 7/8 of the
# lease time if not specified. (RFC2132) # lease time if not specified. (RFC2132)
#dhcp-option=option:T2:2m #dhcp-option=option:T2,2m
# Set the NTP time server address to be the same machine as # Set the NTP time server address to be the same machine as
# is running dnsmasq # is running dnsmasq
@ -437,22 +436,22 @@ server=/consul/127.0.0.1#8600
#dhcp-option-force=211,30i #dhcp-option-force=211,30i
# Set the boot filename for netboot/PXE. You will only need # Set the boot filename for netboot/PXE. You will only need
# this is you want to boot machines over the network and you will need # this if you want to boot machines over the network and you will need
# a TFTP server; either dnsmasq's built in TFTP server or an # a TFTP server; either dnsmasq's built-in TFTP server or an
# external one. (See below for how to enable the TFTP server.) # external one. (See below for how to enable the TFTP server.)
#dhcp-boot=pxelinux.0 #dhcp-boot=pxelinux.0
# The same as above, but use custom tftp-server instead machine running dnsmasq # The same as above, but use custom tftp-server instead machine running dnsmasq
#dhcp-boot=pxelinux,server.name,192.168.1.100 #dhcp-boot=pxelinux,server.name,192.168.1.100
# Boot for Etherboot gPXE. The idea is to send two different # Boot for iPXE. The idea is to send two different
# filenames, the first loads gPXE, and the second tells gPXE what to # filenames, the first loads iPXE, and the second tells iPXE what to
# load. The dhcp-match sets the gpxe tag for requests from gPXE. # load. The dhcp-match sets the ipxe tag for requests from iPXE.
#dhcp-match=set:gpxe,175 # gPXE sends a 175 option. #dhcp-boot=undionly.kpxe
#dhcp-boot=tag:!gpxe,undionly.kpxe #dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
#dhcp-boot=mybootimage #dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
# Encapsulated options for Etherboot gPXE. All the options are # Encapsulated options for iPXE. All the options are
# encapsulated within option 175 # encapsulated within option 175
#dhcp-option=encap:175, 1, 5b # priority code #dhcp-option=encap:175, 1, 5b # priority code
#dhcp-option=encap:175, 176, 1b # no-proxydhcp #dhcp-option=encap:175, 176, 1b # no-proxydhcp
@ -526,7 +525,7 @@ server=/consul/127.0.0.1#8600
# (using /etc/hosts) then that name can be specified as the # (using /etc/hosts) then that name can be specified as the
# tftp_servername (the third option to dhcp-boot) and in that # tftp_servername (the third option to dhcp-boot) and in that
# case dnsmasq resolves this name and returns the resultant IP # case dnsmasq resolves this name and returns the resultant IP
# addresses in round robin fasion. This facility can be used to # addresses in round robin fashion. This facility can be used to
# load balance the tftp load among a set of servers. # load balance the tftp load among a set of servers.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
@ -548,6 +547,14 @@ server=/consul/127.0.0.1#8600
# http://www.isc.org/files/auth.html # http://www.isc.org/files/auth.html
#dhcp-authoritative #dhcp-authoritative
# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
# option with a DHCPACK including a Rapid Commit option and fully committed address
# and configuration information. This must only be enabled if either the server is
# the only server for the subnet, or multiple servers are present and they each
# commit a binding for all clients.
#dhcp-rapid-commit
# Run an executable when a DHCP lease is created or destroyed. # Run an executable when a DHCP lease is created or destroyed.
# The arguments sent to the script are "add" or "del", # The arguments sent to the script are "add" or "del",
# then the MAC address, the IP address and finally the hostname # then the MAC address, the IP address and finally the hostname
@ -665,3 +672,8 @@ server=/consul/127.0.0.1#8600
# Include all files in a directory which end in .conf # Include all files in a directory which end in .conf
#conf-dir=/etc/dnsmasq.d/,*.conf #conf-dir=/etc/dnsmasq.d/,*.conf
# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
#dhcp-name-match=set:wpad-ignore,wpad
#dhcp-ignore-names=tag:wpad-ignore

View File

@ -0,0 +1,34 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.
[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
DNS=127.0.0.1 <%= @dns %> 8.8.8.8
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no