内网主机名解析相关类DNS协议记录:修订间差异

来自三线的随记
无编辑摘要
无编辑摘要
第7行: 第7行:




===Linux 开启 LLMNR支持===
===Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)===
引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/
引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/


相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/
相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/
<br />


====My systemd-resolved install steps====
# 安装systemd-resolved
# 配置开启LLMNR<br />
 
====systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)====
  [root@master-1 ~]# rpm -q systemd systemd-resolved
  [root@master-1 ~]# rpm -q systemd systemd-resolved
  systemd-219-57.el7.x86_64
  systemd-219-57.el7.x86_64
  package systemd-resolved is not installed
  package systemd-resolved is not installed
 
<br />
  # yum install systemd-resolved
  # yum install systemd-resolved
  Dependencies Resolved
  Dependencies Resolved
第44行: 第46行:
  systemd-219-67.el7_7.2.x86_64
  systemd-219-67.el7_7.2.x86_64
  systemd-resolved-219-67.el7_7.2.x86_64
  systemd-resolved-219-67.el7_7.2.x86_64
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf


  systemctl --now enable systemd-resolved
  systemctl --now enable systemd-resolved
第59行: 第63行:
  #hosts:    db files nisplus nis dns
  #hosts:    db files nisplus nis dns
  hosts:      files dns myhostname resolve
  hosts:      files dns myhostname resolve
参考:  
=== >= linux 8开启LLMNR ===
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
 
systemctl --now enable systemd-resolved
修改 /etc/nsswitch.conf  文件 host 块值添加resolve, 注意在nsswitch.conf  文件中 <code>[NOTFOUND=return]</code> 意味着如果前面的方法返回没有结果那么搜索就会停止
hosts:     files dns myhostname resolve
 
=== related commands (部分仅linux 8+可用) ===
resolvectl status
 
systemd-resolve --status
 
systemd-resolve {hostname / domain}
 
resolvectl query {hostname / domain}
<br />
 
=== Extra information ===
 
# systemd-resolve解析服务默认监听在 127.0.0.53%lo:53
# /var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置
# LLMNR默认依靠UDP 5355通讯
# LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险
 
<br />


=== 参考 ===
http://www.jinbuguo.com/systemd/nss-resolve.html
http://www.jinbuguo.com/systemd/nss-resolve.html


第67行: 第97行:
[[分类:Windows]]
[[分类:Windows]]
[[分类:Dns]]
[[分类:Dns]]
__无编辑段落__
__无新段落链接__

2021年6月18日 (五) 12:21的版本

windows 内网解析主机名用到的相关协议

  1. MDNS
  2. LLMNR
  3. NBNS
  4. 路由器自己发现了设备,路由器解析的


Linux 开启 LLMNR支持(不能在生产环境开启,有安全风险)

引述: https://tech.yj777.cn/%E7%94%A8-llmnr%E5%8D%8F%E8%AE%AE%E5%AE%9E%E7%8E%B0-windows-%E5%92%8C-linux-%E7%9A%84%E7%BB%9F%E4%B8%80%E8%AE%BF%E9%97%AE/

相关: systemd update :: https://linoxide.com/linux-how-to/install-systemd-centos-redhat/

  1. 安装systemd-resolved
  2. 配置开启LLMNR

systemd-resolved install steps (低于linux 8需要升级systemd并且安装systemd-resolved)

[root@master-1 ~]# rpm -q systemd systemd-resolved
systemd-219-57.el7.x86_64
package systemd-resolved is not installed


# yum install systemd-resolved
Dependencies Resolved

=============================================================================================================================================================
 Package                                   Arch                            Version                                   Repository                         Size
=============================================================================================================================================================
Installing:
 systemd-resolved                          x86_64                          219-67.el7_7.2                            updates                           412 k
Installing for dependencies:
 json-c                                    x86_64                          0.11-4.el7_0                              base                               31 k
Updating for dependencies:
 cryptsetup-libs                           x86_64                          2.0.3-5.el7                               base                              338 k
 systemd                                   x86_64                          219-67.el7_7.2                            updates                           5.1 M
 systemd-libs                              x86_64                          219-67.el7_7.2                            updates                           411 k
 systemd-sysv                              x86_64                          219-67.el7_7.2                            updates                            88 k

Transaction Summary
=============================================================================================================================================================
Install  1 Package  (+1 Dependent package)
Upgrade             ( 4 Dependent packages)

Total download size: 6.3 M
[root@master-1 ~]# rpm -q systemd systemd-resolved
systemd-219-67.el7_7.2.x86_64
systemd-resolved-219-67.el7_7.2.x86_64
sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved
[root@master-1 ~]# ss -anptu | grep resolve
udp    UNCONN     0      0         *:5355                  *:*                   users:(("systemd-resolve",pid=28108,fd=12))
udp    UNCONN     0      0      [::]:5355               [::]:*                   users:(("systemd-resolve",pid=28108,fd=11))
tcp    LISTEN     0      128       *:5355                  *:*                   users:(("systemd-resolve",pid=28108,fd=14))
tcp    LISTEN     0      128    [::]:5355               [::]:*                   users:(("systemd-resolve",pid=28108,fd=15))
注意

centos 需要 /etc/nsswitch.conf 中 hosts 需要添加 resolve 以开启 nss 模块

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname resolve

>= linux 8开启LLMNR

sed -ir "s/^(#)?LLMNR.*/LLMNR=yes/" /etc/systemd/resolved.conf
systemctl --now enable systemd-resolved

修改 /etc/nsswitch.conf 文件 host 块值添加resolve, 注意在nsswitch.conf 文件中 [NOTFOUND=return] 意味着如果前面的方法返回没有结果那么搜索就会停止

hosts:      files dns myhostname resolve 

related commands (部分仅linux 8+可用)

resolvectl status
systemd-resolve --status
systemd-resolve {hostname / domain}
resolvectl query {hostname / domain}


Extra information

  1. systemd-resolve解析服务默认监听在 127.0.0.53%lo:53
  2. /var/run/systemd/resolve 文件夹下的配置文件可用于建立软连接,部分发行版os默认会建立软连接/etc/resolv.conf到systemd-resolved,然后由systemd-resolved接管系统DNS配置
  3. LLMNR默认依靠UDP 5355通讯
  4. LLMNR由于协议的广播性以及无认证性有中间人攻击安全风险


参考

http://www.jinbuguo.com/systemd/nss-resolve.html

http://man7.org/linux/man-pages/man8/nss-resolve.8.html