内网主机名解析相关类DNS协议记录:修订间差异

来自三线的随记
无编辑摘要
无编辑摘要
 
(未显示同一用户的6个中间版本)
第1行: 第1行:
windows 内网解析主机名用到的相关协议
windows 内网解析主机名用到的常见相关协议


#MDNS
#MDNS
#LLMNR
#LLMNR (windows默认开启)
#NBNS
#NBNS
#路由器自己发现了设备,路由器解析的
#路由器自己发现了设备(通过arp / dhcp lease ..),路由器DNS实现解析的




===Linux 开启 LLMNR支持===
===Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)===
引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/
引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/


相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/
相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/
<br />


====My systemd-resolved install steps====
#安装systemd-resolved
#配置开启LLMNR
#关闭防火墙或者放行相关规则<br />
 
====systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)====
  [root@master-1 ~]# rpm -q systemd systemd-resolved
  [root@master-1 ~]# rpm -q systemd systemd-resolved
  systemd-219-57.el7.x86_64
  systemd-219-57.el7.x86_64
  package systemd-resolved is not installed
  package systemd-resolved is not installed
 
<br />
  # yum install systemd-resolved
  # yum install systemd-resolved
  Dependencies Resolved
  Dependencies Resolved
第30行: 第33行:
  Updating for dependencies:
  Updating for dependencies:
   cryptsetup-libs                          x86_64                          2.0.3-5.el7                              base                              338 k
   cryptsetup-libs                          x86_64                          2.0.3-5.el7                              base                              338 k
   systemd                                  x86_64                          219-67.el7_7.2                            daocloud                          5.1 M
   systemd                                  x86_64                          219-67.el7_7.2                            updates                          5.1 M
   systemd-libs                              x86_64                          219-67.el7_7.2                            daocloud                          411 k
   systemd-libs                              x86_64                          219-67.el7_7.2                            updates                          411 k
   systemd-sysv                              x86_64                          219-67.el7_7.2                            daocloud                          88 k
   systemd-sysv                              x86_64                          219-67.el7_7.2                            updates                            88 k
   
   
  Transaction Summary
  Transaction Summary
第44行: 第47行:
  systemd-219-67.el7_7.2.x86_64
  systemd-219-67.el7_7.2.x86_64
  systemd-resolved-219-67.el7_7.2.x86_64
  systemd-resolved-219-67.el7_7.2.x86_64
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf


  systemctl --now enable systemd-resolved
  systemctl --now enable systemd-resolved
第59行: 第64行:
  #hosts:    db files nisplus nis dns
  #hosts:    db files nisplus nis dns
  hosts:      files dns myhostname resolve
  hosts:      files dns myhostname resolve
参考:


====>= linux 8开启LLMNR====
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved
修改 /etc/nsswitch.conf  文件 host 块值添加resolve, 注意在nsswitch.conf  文件中 <code>[NOTFOUND=return]</code> 意味着如果前面的方法返回没有结果那么搜索就会停止
hosts:      files dns myhostname resolve
===related commands (部分仅linux 8+可用)===
resolvectl status
systemd-resolve --status
systemd-resolve {hostname / domain}
resolvectl query {hostname / domain}
<br />
===Extra information===
#systemd-resolve解析服务默认监听在 127.0.0.53%lo:53
#/var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置
#LLMNR默认依靠UDP 5355通讯
#LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险
<br />
===参考===
http://www.jinbuguo.com/systemd/nss-resolve.html
http://www.jinbuguo.com/systemd/nss-resolve.html


第67行: 第100行:
[[分类:Windows]]
[[分类:Windows]]
[[分类:Dns]]
[[分类:Dns]]
__无编辑段落__
__无新段落链接__
{{DEFAULTSORT:dns}}

2022年3月11日 (五) 10:45的最新版本

windows 内网解析主机名用到的常见相关协议

  1. MDNS
  2. LLMNR (windows默认开启)
  3. NBNS
  4. 路由器自己发现了设备(通过arp / dhcp lease ..),路由器DNS实现解析的


Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)

引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/

相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/

  1. 安装systemd-resolved
  2. 配置开启LLMNR
  3. 关闭防火墙或者放行相关规则

systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)

[root@master-1 ~]# rpm -q systemd systemd-resolved
systemd-219-57.el7.x86_64
package systemd-resolved is not installed


# yum install systemd-resolved
Dependencies Resolved

=============================================================================================================================================================
 Package                                   Arch                            Version                                   Repository                         Size
=============================================================================================================================================================
Installing:
 systemd-resolved                          x86_64                          219-67.el7_7.2                            updates                           412 k
Installing for dependencies:
 json-c                                    x86_64                          0.11-4.el7_0                              base                               31 k
Updating for dependencies:
 cryptsetup-libs                           x86_64                          2.0.3-5.el7                               base                              338 k
 systemd                                   x86_64                          219-67.el7_7.2                            updates                           5.1 M
 systemd-libs                              x86_64                          219-67.el7_7.2                            updates                           411 k
 systemd-sysv                              x86_64                          219-67.el7_7.2                            updates                            88 k

Transaction Summary
=============================================================================================================================================================
Install  1 Package  (+1 Dependent package)
Upgrade             ( 4 Dependent packages)

Total download size: 6.3 M
[root@master-1 ~]# rpm -q systemd systemd-resolved
systemd-219-67.el7_7.2.x86_64
systemd-resolved-219-67.el7_7.2.x86_64
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved
[root@master-1 ~]# ss -anptu | grep resolve
udp    UNCONN     0      0         *:5355                  *:*                   users:(("systemd-resolve",pid=28108,fd=12))
udp    UNCONN     0      0      [::]:5355               [::]:*                   users:(("systemd-resolve",pid=28108,fd=11))
tcp    LISTEN     0      128       *:5355                  *:*                   users:(("systemd-resolve",pid=28108,fd=14))
tcp    LISTEN     0      128    [::]:5355               [::]:*                   users:(("systemd-resolve",pid=28108,fd=15))
注意

centos 需要 /etc/nsswitch.conf 中 hosts 需要添加 resolve 以开启 nss 模块

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname resolve


>= linux 8开启LLMNR

sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved

修改 /etc/nsswitch.conf 文件 host 块值添加resolve, 注意在nsswitch.conf 文件中 [NOTFOUND=return] 意味着如果前面的方法返回没有结果那么搜索就会停止

hosts:      files dns myhostname resolve 


related commands (部分仅linux 8+可用)

resolvectl status
systemd-resolve --status
systemd-resolve {hostname / domain}
resolvectl query {hostname / domain}


Extra information

  1. systemd-resolve解析服务默认监听在 127.0.0.53%lo:53
  2. /var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置
  3. LLMNR默认依靠UDP 5355通讯
  4. LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险


参考

http://www.jinbuguo.com/systemd/nss-resolve.html

http://man7.org/linux/man-pages/man8/nss-resolve.8.html