1187,7 → 1187,14 |
param_dnsmasq () |
{ |
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default |
$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux |
# Option : on pré-active les logs DNS des clients |
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq |
# Option : exemple de paramètre supplémentaire pour le cache memoire |
echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq |
# Option : exemple de configuration avec un A.D. |
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq |
[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default |
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on. |
cat << EOF > /etc/dnsmasq.conf |
1213,9 → 1220,9 |
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail> |
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m |
EOF |
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blackhole") |
cat << EOF > /etc/dnsmasq-blackhole.conf |
# Configuration file for "dnsmasq with blackhole" |
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist") |
cat << EOF > /etc/dnsmasq-blacklist.conf |
# Configuration file for "dnsmasq with blacklist" |
# Inclusion de la blacklist <domains> de Toulouse dans la configuration |
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux |
1232,20 → 1239,30 |
server=$DNS1 |
server=$DNS2 |
EOF |
|
# Init file modification |
[ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default |
# Start and stop a 2nd process for the "DNS blackhole" |
cp -f $DIR_CONF/dnsmasq /etc/init.d/dnsmasq |
# Start after chilli (65) which create tun0 |
$SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq |
# Optionnellement on pré-active les logs DNS des clients |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default |
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq |
# Optionnellement, exemple de paramètre supplémentaire pour le cache memoire |
echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq |
# Optionnellement, exemple de configuration avec un A.D. |
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq |
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelis") |
cat << EOF > /etc/dnsmasq-blacklist.conf |
# Configuration file for "dnsmasq with whitelist" |
# Inclusion de la whitelist <domains> de Toulouse dans la configuration |
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux |
listen-address=$PRIVATE_IP |
port=55 |
no-dhcp-interface=$INTIF |
bind-interfaces |
cache-size=256 |
domain=$DOMAIN |
domain-needed |
expand-hosts |
bogus-priv |
filterwin2k |
address=/#/$PRIVATE_IP |
EOF |
# Create dnsmasq-blacklist and dnsmasq-whitelist unit |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
# Start after chilli which create tun0 |
# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq |
} # End dnsmasq |
|
########################################################## |