内网主机名解析相关类DNS协议记录:修订间差异
来自三线的随记
小无编辑摘要 |
小无编辑摘要 |
||
| 第7行: | 第7行: | ||
===Linux 开启 LLMNR支持=== | ===Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)=== | ||
引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/ | 引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/ | ||
相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/ | 相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/ | ||
==== | # 安装systemd-resolved | ||
# 配置开启LLMNR<br /> | |||
====systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)==== | |||
[root@master-1 ~]# rpm -q systemd systemd-resolved | [root@master-1 ~]# rpm -q systemd systemd-resolved | ||
systemd-219-57.el7.x86_64 | systemd-219-57.el7.x86_64 | ||
package systemd-resolved is not installed | package systemd-resolved is not installed | ||
<br /> | |||
# yum install systemd-resolved | # yum install systemd-resolved | ||
Dependencies Resolved | Dependencies Resolved | ||
| 第44行: | 第46行: | ||
systemd-219-67.el7_7.2.x86_64 | systemd-219-67.el7_7.2.x86_64 | ||
systemd-resolved-219-67.el7_7.2.x86_64 | systemd-resolved-219-67.el7_7.2.x86_64 | ||
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf | |||
systemctl --now enable systemd-resolved | systemctl --now enable systemd-resolved | ||
| 第59行: | 第63行: | ||
#hosts: db files nisplus nis dns | #hosts: db files nisplus nis dns | ||
hosts: files dns myhostname resolve | hosts: files dns myhostname resolve | ||
=== >= linux 8开启LLMNR === | |||
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf | |||
systemctl --now enable systemd-resolved | |||
修改 /etc/nsswitch.conf 文件 host 块值添加resolve, 注意在nsswitch.conf 文件中 <code>[NOTFOUND=return]</code> 意味着如果前面的方法返回没有结果那么搜索就会停止 | |||
hosts: files dns myhostname resolve | |||
=== related commands (部分仅linux 8+可用) === | |||
resolvectl status | |||
systemd-resolve --status | |||
systemd-resolve {hostname / domain} | |||
resolvectl query {hostname / domain} | |||
<br /> | |||
=== Extra information === | |||
# systemd-resolve解析服务默认监听在 127.0.0.53%lo:53 | |||
# /var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置 | |||
# LLMNR默认依靠UDP 5355通讯 | |||
# LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险 | |||
<br /> | |||
=== 参考 === | |||
http://www.jinbuguo.com/systemd/nss-resolve.html | http://www.jinbuguo.com/systemd/nss-resolve.html | ||
| 第67行: | 第97行: | ||
[[分类:Windows]] | [[分类:Windows]] | ||
[[分类:Dns]] | [[分类:Dns]] | ||
__无编辑段落__ | |||
__无新段落链接__ | |||
2021年6月18日 (五) 12:21的版本
windows 内网解析主机名用到的相关协议
- MDNS
- LLMNR
- NBNS
- 路由器自己发现了设备,路由器解析的
Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)
相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/
- 安装systemd-resolved
- 配置开启LLMNR
systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)
[root@master-1 ~]# rpm -q systemd systemd-resolved systemd-219-57.el7.x86_64 package systemd-resolved is not installed
# yum install systemd-resolved Dependencies Resolved ============================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================= Installing: systemd-resolved x86_64 219-67.el7_7.2 updates 412 k Installing for dependencies: json-c x86_64 0.11-4.el7_0 base 31 k Updating for dependencies: cryptsetup-libs x86_64 2.0.3-5.el7 base 338 k systemd x86_64 219-67.el7_7.2 updates 5.1 M systemd-libs x86_64 219-67.el7_7.2 updates 411 k systemd-sysv x86_64 219-67.el7_7.2 updates 88 k Transaction Summary ============================================================================================================================================================= Install 1 Package (+1 Dependent package) Upgrade ( 4 Dependent packages) Total download size: 6.3 M
[root@master-1 ~]# rpm -q systemd systemd-resolved systemd-219-67.el7_7.2.x86_64 systemd-resolved-219-67.el7_7.2.x86_64
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved
[root@master-1 ~]# ss -anptu | grep resolve
udp UNCONN 0 0 *:5355 *:* users:(("systemd-resolve",pid=28108,fd=12))
udp UNCONN 0 0 [::]:5355 [::]:* users:(("systemd-resolve",pid=28108,fd=11))
tcp LISTEN 0 128 *:5355 *:* users:(("systemd-resolve",pid=28108,fd=14))
tcp LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=28108,fd=15))
注意
centos 需要 /etc/nsswitch.conf 中 hosts 需要添加 resolve 以开启 nss 模块
如
#hosts: db files nisplus nis dns hosts: files dns myhostname resolve
>= linux 8开启LLMNR
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved
修改 /etc/nsswitch.conf 文件 host 块值添加resolve, 注意在nsswitch.conf 文件中 [NOTFOUND=return] 意味着如果前面的方法返回没有结果那么搜索就会停止
hosts: files dns myhostname resolve
resolvectl status
systemd-resolve --status
systemd-resolve {hostname / domain}
resolvectl query {hostname / domain}
Extra information
- systemd-resolve解析服务默认监听在 127.0.0.53%lo:53
- /var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置
- LLMNR默认依靠UDP 5355通讯
- LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险
参考
http://www.jinbuguo.com/systemd/nss-resolve.html
http://man7.org/linux/man-pages/man8/nss-resolve.8.html
