内网主机名解析相关类DNS协议记录:修订间差异

来自三线的随记
可视化wikitext
无编辑摘要
无编辑摘要
 
(未显示同一用户的2个中间版本)
第2行: 第2行:


#MDNS
#MDNS
#LLMNR
#LLMNR (windows默认开启)
#NBNS
#NBNS
#路由器自己发现了设备(通过arp / dhcp lease ..),路由器DNS实现解析的
#路由器自己发现了设备(通过arp / dhcp lease ..),路由器DNS实现解析的
第13行: 第13行:


#安装systemd-resolved
#安装systemd-resolved
#配置开启LLMNR<br />
#配置开启LLMNR
#关闭防火墙或者放行相关规则<br />


====systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)====
====systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)====
第63行: 第64行:
  #hosts:    db files nisplus nis dns
  #hosts:    db files nisplus nis dns
  hosts:      files dns myhostname resolve
  hosts:      files dns myhostname resolve
 
 
====>= linux 8开启LLMNR====
====>= linux 8开启LLMNR====
  sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
  sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
第70行: 第72行:
修改 /etc/nsswitch.conf  文件 host 块值添加resolve, 注意在nsswitch.conf  文件中 <code>[NOTFOUND=return]</code> 意味着如果前面的方法返回没有结果那么搜索就会停止
修改 /etc/nsswitch.conf  文件 host 块值添加resolve, 注意在nsswitch.conf  文件中 <code>[NOTFOUND=return]</code> 意味着如果前面的方法返回没有结果那么搜索就会停止
  hosts:      files dns myhostname resolve  
  hosts:      files dns myhostname resolve  


===related commands (部分仅linux 8+可用)===
===related commands (部分仅linux 8+可用)===
第99行: 第102行:
__无编辑段落__
__无编辑段落__
__无新段落链接__
__无新段落链接__
{{DEFAULTSORT:dns}}

2022年3月11日 (五) 10:45的最新版本

windows 内网解析主机名用到的常见相关协议

  1. MDNS
  2. LLMNR (windows默认开启)
  3. NBNS
  4. 路由器自己发现了设备(通过arp / dhcp lease ..),路由器DNS实现解析的


Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)

引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/

相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/

  1. 安装systemd-resolved
  2. 配置开启LLMNR
  3. 关闭防火墙或者放行相关规则

systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)

[root@master-1 ~]# rpm -q systemd systemd-resolved
systemd-219-57.el7.x86_64
package systemd-resolved is not installed



# yum install systemd-resolved
Dependencies Resolved

=============================================================================================================================================================
 Package                                   Arch                            Version                                   Repository                         Size
=============================================================================================================================================================
Installing:
 systemd-resolved                          x86_64                          219-67.el7_7.2                            updates                           412 k
Installing for dependencies:
 json-c                                    x86_64                          0.11-4.el7_0                              base                               31 k
Updating for dependencies:
 cryptsetup-libs                           x86_64                          2.0.3-5.el7                               base                              338 k
 systemd                                   x86_64                          219-67.el7_7.2                            updates                           5.1 M
 systemd-libs                              x86_64                          219-67.el7_7.2                            updates                           411 k
 systemd-sysv                              x86_64                          219-67.el7_7.2                            updates                            88 k

Transaction Summary
=============================================================================================================================================================
Install  1 Package  (+1 Dependent package)
Upgrade             ( 4 Dependent packages)

Total download size: 6.3 M

[root@master-1 ~]# rpm -q systemd systemd-resolved
systemd-219-67.el7_7.2.x86_64
systemd-resolved-219-67.el7_7.2.x86_64

sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf

systemctl --now enable systemd-resolved

[root@master-1 ~]# ss -anptu | grep resolve
udp    UNCONN     0      0         *:5355                  *:*                   users:(("systemd-resolve",pid=28108,fd=12))
udp    UNCONN     0      0      [::]:5355               [::]:*                   users:(("systemd-resolve",pid=28108,fd=11))
tcp    LISTEN     0      128       *:5355                  *:*                   users:(("systemd-resolve",pid=28108,fd=14))
tcp    LISTEN     0      128    [::]:5355               [::]:*                   users:(("systemd-resolve",pid=28108,fd=15))
注意

centos 需要 /etc/nsswitch.conf 中 hosts 需要添加 resolve 以开启 nss 模块 

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname resolve


>= linux 8开启LLMNR

sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf

systemctl --now enable systemd-resolved

修改 /etc/nsswitch.conf 文件 host 块值添加resolve, 注意在nsswitch.conf 文件中 [NOTFOUND=return] 意味着如果前面的方法返回没有结果那么搜索就会停止 

hosts:      files dns myhostname resolve


related commands (部分仅linux 8+可用)

resolvectl status

systemd-resolve --status

systemd-resolve {hostname / domain}

resolvectl query {hostname / domain}


Extra information

  1. systemd-resolve解析服务默认监听在 127.0.0.53%lo:53
  2. /var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置
  3. LLMNR默认依靠UDP 5355通讯
  4. LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险


参考

http://www.jinbuguo.com/systemd/nss-resolve.html

http://man7.org/linux/man-pages/man8/nss-resolve.8.html


取自“https://wiki.sanxian.tech/index.php?title=内网主机名解析相关类DNS协议记录&oldid=1146