内网主机名解析相关类DNS协议记录:修订间差异
来自三线的随记
小无编辑摘要 |
小无编辑摘要 |
||
(未显示同一用户的7个中间版本) | |||
第1行: | 第1行: | ||
windows | windows 内网解析主机名用到的常见相关协议 | ||
#MDNS | #MDNS | ||
#LLMNR | #LLMNR (windows默认开启) | ||
#NBNS | #NBNS | ||
# | #路由器自己发现了设备(通过arp / dhcp lease ..),路由器DNS实现解析的 | ||
===Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)=== | |||
===Linux 开启 LLMNR支持=== | |||
引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/ | 引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/ | ||
相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/ | 相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/ | ||
==== | #安装systemd-resolved | ||
#配置开启LLMNR | |||
#关闭防火墙或者放行相关规则<br /> | |||
====systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)==== | |||
[root@master-1 ~]# rpm -q systemd systemd-resolved | [root@master-1 ~]# rpm -q systemd systemd-resolved | ||
systemd-219-57.el7.x86_64 | systemd-219-57.el7.x86_64 | ||
package systemd-resolved is not installed | package systemd-resolved is not installed | ||
<br /> | |||
# yum install systemd-resolved | # yum install systemd-resolved | ||
Dependencies Resolved | Dependencies Resolved | ||
第33行: | 第33行: | ||
Updating for dependencies: | Updating for dependencies: | ||
cryptsetup-libs x86_64 2.0.3-5.el7 base 338 k | cryptsetup-libs x86_64 2.0.3-5.el7 base 338 k | ||
systemd x86_64 219-67.el7_7.2 | systemd x86_64 219-67.el7_7.2 updates 5.1 M | ||
systemd-libs x86_64 219-67.el7_7.2 | systemd-libs x86_64 219-67.el7_7.2 updates 411 k | ||
systemd-sysv x86_64 219-67.el7_7.2 | systemd-sysv x86_64 219-67.el7_7.2 updates 88 k | ||
Transaction Summary | Transaction Summary | ||
第47行: | 第47行: | ||
systemd-219-67.el7_7.2.x86_64 | systemd-219-67.el7_7.2.x86_64 | ||
systemd-resolved-219-67.el7_7.2.x86_64 | systemd-resolved-219-67.el7_7.2.x86_64 | ||
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf | |||
systemctl --now enable systemd-resolved | systemctl --now enable systemd-resolved | ||
第56行: | 第58行: | ||
tcp LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=28108,fd=15)) | tcp LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=28108,fd=15)) | ||
===== 注意 ===== | =====注意===== | ||
centos 需要 /etc/nsswitch.conf 中 hosts 需要添加 resolve 以开启 nss 模块 | centos 需要 /etc/nsswitch.conf 中 hosts 需要添加 resolve 以开启 nss 模块 | ||
第62行: | 第64行: | ||
#hosts: db files nisplus nis dns | #hosts: db files nisplus nis dns | ||
hosts: files dns myhostname resolve | hosts: files dns myhostname resolve | ||
====>= linux 8开启LLMNR==== | |||
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf | |||
systemctl --now enable systemd-resolved | |||
修改 /etc/nsswitch.conf 文件 host 块值添加resolve, 注意在nsswitch.conf 文件中 <code>[NOTFOUND=return]</code> 意味着如果前面的方法返回没有结果那么搜索就会停止 | |||
hosts: files dns myhostname resolve | |||
===related commands (部分仅linux 8+可用)=== | |||
resolvectl status | |||
systemd-resolve --status | |||
systemd-resolve {hostname / domain} | |||
resolvectl query {hostname / domain} | |||
<br /> | |||
===Extra information=== | |||
#systemd-resolve解析服务默认监听在 127.0.0.53%lo:53 | |||
#/var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置 | |||
#LLMNR默认依靠UDP 5355通讯 | |||
#LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险 | |||
<br /> | |||
===参考=== | |||
http://www.jinbuguo.com/systemd/nss-resolve.html | http://www.jinbuguo.com/systemd/nss-resolve.html | ||
http://man7.org/linux/man-pages/man8/nss-resolve.8.html | http://man7.org/linux/man-pages/man8/nss-resolve.8.html | ||
[[分类:Linux]] | [[分类:Linux]] | ||
[[分类:Windows]] | |||
[[分类:Dns]] | |||
__无编辑段落__ | |||
__无新段落链接__ | |||
{{DEFAULTSORT:dns}} |
2022年3月11日 (五) 10:45的最新版本
windows 内网解析主机名用到的常见相关协议
- MDNS
- LLMNR (windows默认开启)
- NBNS
- 路由器自己发现了设备(通过arp / dhcp lease ..),路由器DNS实现解析的
Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)
相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/
- 安装systemd-resolved
- 配置开启LLMNR
- 关闭防火墙或者放行相关规则
systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)
[root@master-1 ~]# rpm -q systemd systemd-resolved systemd-219-57.el7.x86_64 package systemd-resolved is not installed
# yum install systemd-resolved Dependencies Resolved ============================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================= Installing: systemd-resolved x86_64 219-67.el7_7.2 updates 412 k Installing for dependencies: json-c x86_64 0.11-4.el7_0 base 31 k Updating for dependencies: cryptsetup-libs x86_64 2.0.3-5.el7 base 338 k systemd x86_64 219-67.el7_7.2 updates 5.1 M systemd-libs x86_64 219-67.el7_7.2 updates 411 k systemd-sysv x86_64 219-67.el7_7.2 updates 88 k Transaction Summary ============================================================================================================================================================= Install 1 Package (+1 Dependent package) Upgrade ( 4 Dependent packages) Total download size: 6.3 M
[root@master-1 ~]# rpm -q systemd systemd-resolved systemd-219-67.el7_7.2.x86_64 systemd-resolved-219-67.el7_7.2.x86_64
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved
[root@master-1 ~]# ss -anptu | grep resolve udp UNCONN 0 0 *:5355 *:* users:(("systemd-resolve",pid=28108,fd=12)) udp UNCONN 0 0 [::]:5355 [::]:* users:(("systemd-resolve",pid=28108,fd=11)) tcp LISTEN 0 128 *:5355 *:* users:(("systemd-resolve",pid=28108,fd=14)) tcp LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=28108,fd=15))
注意
centos 需要 /etc/nsswitch.conf 中 hosts 需要添加 resolve 以开启 nss 模块
如
#hosts: db files nisplus nis dns hosts: files dns myhostname resolve
>= linux 8开启LLMNR
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved
修改 /etc/nsswitch.conf 文件 host 块值添加resolve, 注意在nsswitch.conf 文件中 [NOTFOUND=return]
意味着如果前面的方法返回没有结果那么搜索就会停止
hosts: files dns myhostname resolve
resolvectl status
systemd-resolve --status
systemd-resolve {hostname / domain}
resolvectl query {hostname / domain}
Extra information
- systemd-resolve解析服务默认监听在 127.0.0.53%lo:53
- /var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置
- LLMNR默认依靠UDP 5355通讯
- LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险
参考
http://www.jinbuguo.com/systemd/nss-resolve.html
http://man7.org/linux/man-pages/man8/nss-resolve.8.html