PHPor 的Blog – 第135页

使用dnsmasq架设一个自己的dns server

下载地址： http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.57.tar.gz
帮助文档： https://help.ubuntu.com/community/Dnsmasq

配置文件：/etc/dnsmasq.conf

# Configuration file for <a title="dnsmasq" href="http://htyp.org/dnsmasq">dnsmasq</a>.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# uneccessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link uneccessarily.

# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv

# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests,
# so don't use it if you use eg Kerberos.
# This option only affects forwarding, SRV records originating for
# dnsmasq (via srv-host= lines) are not suppressed by it.
#filterwin2k

# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/<a title="resolv.conf" href="http://htyp.org/resolv.conf">resolv.conf</a>
#resolv-file=
resolv-file=/etc/dnsmasqupstreamservers

# By  default,  dnsmasq  will  send queries to any of the upstream
# servers it knows about and tries to favour servers to are  known
# to  be  up.  Uncommenting this forces dnsmasq to try each query
# with  each  server  strictly  in  the  order  they   appear   in
# /etc/resolv.conf
#strict-order

# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this
#no-resolv

# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
#no-poll

# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
#server=166.70.63.3

# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
#local=/localnet/

# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
#address=/doubleclick.net/127.0.0.1

# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
#user=
#group=

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP on it.
#no-dhcp-interface=

# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
#bind-interfaces

# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
addn-hosts=/etc/dnsmasqhosts

# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
#expand-hosts

# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=thekelleys.org.uk

# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range=192.168.0.50,192.168.0.150,12h

# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h

# This is an example of a DHCP range with a network-id, so that
# some DHCP options may be set only for this network.
#dhcp-range=red,192.168.0.50,192.168.0.150

# Supply parameters for specified hosts using DHCP. There are lots
# of valid alternatives, so we will give examples of each. Note that
# IP addresses DO NOT have to be in the range given above, they just
# need to be on the same network. The order of the parameters in these
# do not matter, it's permissble to give name,adddress and MAC in any order

# Always allocate the host with ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60

# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred

# Always give the host with ethernet address 11:22:33:44:55:66
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
dhcp-host=00:0e:2e:0d:44:be,Bunsen,192.168.0.106

# Give the machine which says it's name is "bert" IP address
# 192.168.0.70 and an infinite lease
#dhcp-host=bert,192.168.0.70,infinite

# Always give the host with client identifier 01:02:02:04
# the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60

# Always give the host with client identifier "marjorie"
# the IP address 192.168.0.60
#dhcp-host=id:marjorie,192.168.0.60

# Enable the address given for "judge" in /etc/hosts
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge

# Never offer DHCP service to a machine whose ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore

# Ignore any client-id presented by the machine with ethernet
# address 11:22:33:44:55:66. This is useful to prevent a machine
# being treated differently when running under different OS's or
# between PXE boot and OS boot.
#dhcp-host=11:22:33:44:55:66,id:*

# Send extra options which are tagged as "red" to
# the machine with ethernet address 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,net:red

# Send extra options which are tagged as "red" to
# any machine with ethernet address starting 11:22:33:
#dhcp-host=11:22:33:*:*:*,net:red

# Send extra options which are tagged as "red" to any machine whose
# DHCP vendorclass string includes the substring "Linux"
#dhcp-vendorclass=red,Linux

# Send extra options which are tagged as "red" to any machine one
# of whose DHCP userclass strings includes the substring "accounts"
#dhcp-userclass=red,accounts

# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers

# Send options to hosts which ask for a DHCP lease.
# See <a href="http://tools.ietf.org/html/rfc2132">RFC 2132</a> for details of available options.
# Note that all the common settings, such as netmask and
# broadcast address, DNS server and default route, are given
# sane defaults by dnsmasq. You very likely will not need any
# any dhcp-options. If you use Windows clients and Samba, there
# are some options which are recommended, they are detailed at the
# end of this section.
# For reference, the common options are:
# subnet mask - 1
# default router - 3
# DNS server - 6
# broadcast address - 28

# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=42,192.168.0.4,10.10.0.5
dhcp-option=3,192.168.0.1

# Set the NTP time server address to be the same machine as
# is running dnsmasq
#dhcp-option=42,0.0.0.0

# Set the NIS domain name to "welly"
#dhcp-option=40,welly

# Set the default time-to-live to 50
#dhcp-option=23,50

# Set the "all subnets are local" flag
#dhcp-option=27,1

# Send the etherboot magic flag and then etherboot options (a string).
#dhcp-option=128,e4:45:74:68:00:00
#dhcp-option=129,NIC=eepro100

# Specify an option which will only be sent to the "red" network
# (see dhcp-range for the declaration of the "red" network)
#dhcp-option=red,42,192.168.1.1

# The following DHCP options set up dnsmasq in the same way as is specified
# for the ISC dhcpcd in
# <a href="http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt" rel="nofollow">http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt</a>
# adapted for a typical dnsmasq installation where the host running
# dnsmasq is also the host running samba.
# you may want to uncomment them if you use Windows clients and Samba.
#dhcp-option=19,0           # option ip-forwarding off
#dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=45,0.0.0.0     # netbios datagram distribution server
#dhcp-option=46,8           # netbios node type
#dhcp-option=47             # empty netbios scope.

# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
# probably doesn't support this......
#dhcp-option=119,eng.apple.com,marketing.apple.com

# Send encapsulated vendor-class specific options. The vendor-class
# is sent as DHCP option 60, and all the options marked with the
# vendor class are send encapsulated in DHCP option 43. The meaning of
# the options is defined by the vendor-class. This example sets the
# mtftp address to 0.0.0.0 for PXEClients
#dhcp-option=vendor:PXEClient,1,0.0.0.0

# Set the boot filename and tftpd server name and address
# for BOOTP. You will only need this is you want to
# boot machines over the network.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3

# Set the limit on DHCP leases, the default is 150
#dhcp-lease-max=150

# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases

# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
# whether it has a record of the lease or not. This avoids long timeouts
# when a machine wakes up on a new network. DO NOT enable this if there's
# the slighest chance that you might end up accidentally configuring a DHCP
# server for your campus/company accidentally. The ISC server uses the same
# the same option, and this URL provides more information:
# <a href="http://www.isc.org/index.pl?/sw/dhcp/authoritative.php" rel="nofollow">http://www.isc.org/index.pl?/sw/dhcp/authoritative.php</a>
#dhcp-authoritative

# Set the cachesize here.
#cache-size=150

# If you want to disable negative caching, uncomment this.
#no-negcache

# Normally responses which come form /etc/hosts and the DHCP lease
# file have Time-To-Live set as zero, which conventionally means
# do not cache further. If you are happy to trade lower load on the
# server for potentially stale date, you can set a time-to-live (in
# seconds) here.
#local-ttl=

# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11

# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
#alias=1.2.3.4,5.6.7.8
# and this maps 1.2.3.x to 5.6.7.x
#alias=1.2.3.0,5.6.7.0,255.255.255.0

# Change these lines if you want dnsmasq to serve MX records.

# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50

# Set the default target for MX records created using the localmx option.
#mx-target=servermachine.com

# Return an MX record pointing to the mx-target for all local
# machines.
#localmx

# Return an MX record pointing to itself for all local machines.
#selfmx

# Change the following lines if you want dnsmasq to serve SRV
# records.  These are useful if you want to serve ldap requests for
# Active Directory and other windows-originated DNS requests.
# See <a href="http://tools.ietf.org/html/rfc2782">RFC 2782</a>.
# You may add multiple srv-host lines.
# The fields are &lt;name&gt;,&lt;target&gt;,&lt;port&gt;,&lt;priority&gt;,&lt;weight&gt;
# If the domain part if missing from the name (so that is just has the
# service and protocol sections) then the domain given by the domain=
# config option is used. (Note that expand-hosts does not need to be
# set for this to work.)

# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 289
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389

# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 289 (using domain=)
#domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389

# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2

# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com

# Change the following lines to enable dnsmasq to serve TXT records.
# These are used for things like SPF and zeroconf. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for TXT records.)

#Example SPF.
#txt-record=example.com,v=spf1 a -all

#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4

# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries

# Include a another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

# Configuration file for <a title="dnsmasq" href="http://htyp.org/dnsmasq">dnsmasq</a>.

# Format is one option per line, legal options are the same

# as the long options legal on the command line. See

# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

# The following two options make you a better netizen, since they

# tell dnsmasq to filter out queries which the public DNS cannot

# answer, and which load the servers (especially the root servers)

# uneccessarily. If you have a dial-on-demand link they also stop

# these requests from bringing up the link uneccessarily.

# Never forward plain names (without a dot or domain part)

domain-needed

# Never forward addresses in the non-routed address spaces.

bogus-priv

# Uncomment this to filter useless windows-originated DNS requests

# which can trigger dial-on-demand links needlessly.

# Note that (amongst other things) this blocks all SRV requests,

# so don't use it if you use eg Kerberos.

# This option only affects forwarding, SRV records originating for

# dnsmasq (via srv-host= lines) are not suppressed by it.

#filterwin2k

# Change this line if you want dns to get its upstream servers from

# somewhere other that /etc/<a title="resolv.conf" href="http://htyp.org/resolv.conf">resolv.conf</a>

#resolv-file=

resolv-file=/etc/dnsmasqupstreamservers

# By default, dnsmasq will send queries to any of the upstream

# servers it knows about and tries to favour servers to are known

# to be up. Uncommenting this forces dnsmasq to try each query

# with each server strictly in the order they appear in

# /etc/resolv.conf

#strict-order

# If you don't want dnsmasq to read /etc/resolv.conf or any other

# file, getting its servers from this file instead (see below), then

# uncomment this

#no-resolv

# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv

# files for changes and re-read them then uncomment this.

#no-poll

# Add other name servers here, with domain specs if they are for

# non-public domains.

#server=/localnet/192.168.0.1

#server=166.70.63.3

# Add local-only domains here, queries in these domains are answered

# from /etc/hosts or DHCP only.

#local=/localnet/

# Add domains which you want to force to an IP address here.

# The example below send any host in doubleclick.net to a local

# webserver.

#address=/doubleclick.net/127.0.0.1

# If you want dnsmasq to change uid and gid to something other

# than the default, edit the following lines.

#user=

#group=

# If you want dnsmasq to listen for DHCP and DNS requests only on

# specified interfaces (and the loopback) give the name of the

# interface (eg eth0) here.

# Repeat the line for more than one interface.

#interface=

# Or you can specify which interface _not_ to listen on

#except-interface=

# Or which to listen on by address (remember to include 127.0.0.1 if

# you use this.)

#listen-address=

# If you want dnsmasq to provide only DNS service on an interface,

# configure it as shown above, and then use the following line to

# disable DHCP on it.

#no-dhcp-interface=

# On systems which support it, dnsmasq binds the wildcard address,

# even when it is listening on only some interfaces. It then discards

# requests that it shouldn't reply to. This has the advantage of

# working even when interfaces come and go and change address. If you

# want dnsmasq to really bind only the interfaces it is listening on,

# uncomment this option. About the only time you may need this is when

# running another nameserver on the same machine.

#bind-interfaces

# If you don't want dnsmasq to read /etc/hosts, uncomment the

# following line.

#no-hosts

# or if you want it to read another file, as well as /etc/hosts, use

# this.

#addn-hosts=/etc/banner_add_hosts

addn-hosts=/etc/dnsmasqhosts

# Set this (and domain: see below) if you want to have a domain

# automatically added to simple names in a hosts-file.

#expand-hosts

# Set the domain for dnsmasq. this is optional, but if it is set, it

# does the following things.

# 1) Allows DHCP hosts to have fully qualified domain names, as long

# as the domain part matches this setting.

# 2) Sets the "domain" DHCP option thereby potentially setting the

# domain of all systems configured by DHCP

# 3) Provides the domain part for "expand-hosts"

#domain=thekelleys.org.uk

# Uncomment this to enable the integrated DHCP server, you need

# to supply the range of addresses available for lease and optionally

# a lease time. If you have more than one network, you will need to

# repeat this for each network on which you want to supply DHCP

# service.

dhcp-range=192.168.0.50,192.168.0.150,12h

# This is an example of a DHCP range where the netmask is given. This

# is needed for networks we reach the dnsmasq DHCP server via a relay

# agent. If you don't know what a DHCP relay agent is, you probably

# don't need to worry about this.

#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h

# This is an example of a DHCP range with a network-id, so that

# some DHCP options may be set only for this network.

#dhcp-range=red,192.168.0.50,192.168.0.150

# Supply parameters for specified hosts using DHCP. There are lots

# of valid alternatives, so we will give examples of each. Note that

# IP addresses DO NOT have to be in the range given above, they just

# need to be on the same network. The order of the parameters in these

# do not matter, it's permissble to give name,adddress and MAC in any order

# Always allocate the host with ethernet address 11:22:33:44:55:66

# The IP address 192.168.0.60

#dhcp-host=11:22:33:44:55:66,192.168.0.60

# Always set the name of the host with hardware address

# 11:22:33:44:55:66 to be "fred"

#dhcp-host=11:22:33:44:55:66,fred

# Always give the host with ethernet address 11:22:33:44:55:66

# the name fred and IP address 192.168.0.60 and lease time 45 minutes

#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m

dhcp-host=00:0e:2e:0d:44:be,Bunsen,192.168.0.106

# Give the machine which says it's name is "bert" IP address

# 192.168.0.70 and an infinite lease

#dhcp-host=bert,192.168.0.70,infinite

# Always give the host with client identifier 01:02:02:04

# the IP address 192.168.0.60

#dhcp-host=id:01:02:02:04,192.168.0.60

# Always give the host with client identifier "marjorie"

# the IP address 192.168.0.60

#dhcp-host=id:marjorie,192.168.0.60

# Enable the address given for "judge" in /etc/hosts

# to be given to a machine presenting the name "judge" when

# it asks for a DHCP lease.

#dhcp-host=judge

# Never offer DHCP service to a machine whose ethernet

# address is 11:22:33:44:55:66

#dhcp-host=11:22:33:44:55:66,ignore

# Ignore any client-id presented by the machine with ethernet

# address 11:22:33:44:55:66. This is useful to prevent a machine

# being treated differently when running under different OS's or

# between PXE boot and OS boot.

#dhcp-host=11:22:33:44:55:66,id:*

# Send extra options which are tagged as "red" to

# the machine with ethernet address 11:22:33:44:55:66

#dhcp-host=11:22:33:44:55:66,net:red

# Send extra options which are tagged as "red" to

# any machine with ethernet address starting 11:22:33:

#dhcp-host=11:22:33:*:*:*,net:red

# Send extra options which are tagged as "red" to any machine whose

# DHCP vendorclass string includes the substring "Linux"

#dhcp-vendorclass=red,Linux

# Send extra options which are tagged as "red" to any machine one

# of whose DHCP userclass strings includes the substring "accounts"

#dhcp-userclass=red,accounts

# If this line is uncommented, dnsmasq will read /etc/ethers and act

# on the ethernet-address/IP pairs found there just as if they had

# been given as --dhcp-host options. Useful if you keep

# MAC-address/host mappings there for other purposes.

#read-ethers

# Send options to hosts which ask for a DHCP lease.

# See <a href="http://tools.ietf.org/html/rfc2132">RFC 2132</a> for details of available options.

# Note that all the common settings, such as netmask and

# broadcast address, DNS server and default route, are given

# sane defaults by dnsmasq. You very likely will not need any

# any dhcp-options. If you use Windows clients and Samba, there

# are some options which are recommended, they are detailed at the

# end of this section.

# For reference, the common options are:

# subnet mask - 1

# default router - 3

# DNS server - 6

# broadcast address - 28

# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5

#dhcp-option=42,192.168.0.4,10.10.0.5

dhcp-option=3,192.168.0.1

# Set the NTP time server address to be the same machine as

# is running dnsmasq

#dhcp-option=42,0.0.0.0

# Set the NIS domain name to "welly"

#dhcp-option=40,welly

# Set the default time-to-live to 50

#dhcp-option=23,50

# Set the "all subnets are local" flag

#dhcp-option=27,1

# Send the etherboot magic flag and then etherboot options (a string).

#dhcp-option=128,e4:45:74:68:00:00

#dhcp-option=129,NIC=eepro100

# Specify an option which will only be sent to the "red" network

# (see dhcp-range for the declaration of the "red" network)

#dhcp-option=red,42,192.168.1.1

# The following DHCP options set up dnsmasq in the same way as is specified

# for the ISC dhcpcd in

# <a href="http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt" rel="nofollow">http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt</a>

# adapted for a typical dnsmasq installation where the host running

# dnsmasq is also the host running samba.

# you may want to uncomment them if you use Windows clients and Samba.

#dhcp-option=19,0 # option ip-forwarding off

#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)

#dhcp-option=45,0.0.0.0 # netbios datagram distribution server

#dhcp-option=46,8 # netbios node type

#dhcp-option=47 # empty netbios scope.

# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client

# probably doesn't support this......

#dhcp-option=119,eng.apple.com,marketing.apple.com

# Send encapsulated vendor-class specific options. The vendor-class

# is sent as DHCP option 60, and all the options marked with the

# vendor class are send encapsulated in DHCP option 43. The meaning of

# the options is defined by the vendor-class. This example sets the

# mtftp address to 0.0.0.0 for PXEClients

#dhcp-option=vendor:PXEClient,1,0.0.0.0

# Set the boot filename and tftpd server name and address

# for BOOTP. You will only need this is you want to

# boot machines over the network.

#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3

# Set the limit on DHCP leases, the default is 150

#dhcp-lease-max=150

# The DHCP server needs somewhere on disk to keep its lease database.

# This defaults to a sane location, but if you want to change it, use

# the line below.

#dhcp-leasefile=/var/lib/misc/dnsmasq.leases

# Set the DHCP server to authoritative mode. In this mode it will barge in

# and take over the lease for any client which broadcasts on the network,

# whether it has a record of the lease or not. This avoids long timeouts

# when a machine wakes up on a new network. DO NOT enable this if there's

# the slighest chance that you might end up accidentally configuring a DHCP

# server for your campus/company accidentally. The ISC server uses the same

# the same option, and this URL provides more information:

# <a href="http://www.isc.org/index.pl?/sw/dhcp/authoritative.php" rel="nofollow">http://www.isc.org/index.pl?/sw/dhcp/authoritative.php</a>

#dhcp-authoritative

# Set the cachesize here.

#cache-size=150

# If you want to disable negative caching, uncomment this.

#no-negcache

# Normally responses which come form /etc/hosts and the DHCP lease

# file have Time-To-Live set as zero, which conventionally means

# do not cache further. If you are happy to trade lower load on the

# server for potentially stale date, you can set a time-to-live (in

# seconds) here.

#local-ttl=

# If you want dnsmasq to detect attempts by Verisign to send queries

# to unregistered .com and .net hosts to its sitefinder service and

# have dnsmasq instead return the correct NXDOMAIN response, uncomment

# this line. You can add similar lines to do the same for other

# registries which have implemented wildcard A records.

#bogus-nxdomain=64.94.110.11

# If you want to fix up DNS results from upstream servers, use the

# alias option. This only works for IPv4.

# This alias makes a result of 1.2.3.4 appear as 5.6.7.8

#alias=1.2.3.4,5.6.7.8

# and this maps 1.2.3.x to 5.6.7.x

#alias=1.2.3.0,5.6.7.0,255.255.255.0

# Change these lines if you want dnsmasq to serve MX records.

# Return an MX record named "maildomain.com" with target

# servermachine.com and preference 50

#mx-host=maildomain.com,servermachine.com,50

# Set the default target for MX records created using the localmx option.

#mx-target=servermachine.com

# Return an MX record pointing to the mx-target for all local

# machines.

#localmx

# Return an MX record pointing to itself for all local machines.

#selfmx

# Change the following lines if you want dnsmasq to serve SRV

# records. These are useful if you want to serve ldap requests for

# Active Directory and other windows-originated DNS requests.

# See <a href="http://tools.ietf.org/html/rfc2782">RFC 2782</a>.

# You may add multiple srv-host lines.

# The fields are <name>,<target>,<port>,<priority>,<weight>

# If the domain part if missing from the name (so that is just has the

# service and protocol sections) then the domain given by the domain=

# config option is used. (Note that expand-hosts does not need to be

# set for this to work.)

# A SRV record sending LDAP for the example.com domain to

# ldapserver.example.com port 289

#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389

# A SRV record sending LDAP for the example.com domain to

# ldapserver.example.com port 289 (using domain=)

#domain=example.com

#srv-host=_ldap._tcp,ldapserver.example.com,389

# Two SRV records for LDAP, each with different priorities

#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1

#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2

# A SRV record indicating that there is no LDAP server for the domain

# example.com

#srv-host=_ldap._tcp.example.com

# Change the following lines to enable dnsmasq to serve TXT records.

# These are used for things like SPF and zeroconf. (Note that the

# domain-name expansion done for SRV records _does_not

# occur for TXT records.)

#Example SPF.

#txt-record=example.com,v=spf1 a -all

#Example zeroconf

#txt-record=_http._tcp.example.com,name=value,paper=A4

# For debugging purposes, log each DNS query as it passes through

# dnsmasq.

#log-queries

# Include a another lot of configuration options.

#conf-file=/etc/dnsmasq.more.conf

关于Memcached的认证支持

Memcached 1.4.5里面通过sasl提供了认证支持，编译的时候可以启用该功能，编译参数：
[memcached-1.4.5]# ./configure –help| grep -i sasl
–enable-sasl Enable SASL authentication
–enable-sasl-pwdb Enable plaintext password db

SASL全称Simple Authentication and Security Layer，是一种用来扩充C/S模式验证能力的机制;

关于sasl：
参考文档：http://tools.ietf.org/html/rfc4422
c库实现： http://asg.web.cmu.edu/sasl/sasl-library.html
GNU libgsasl实现： http://www.gnu.org/software/gsasl/
其它资料：
http://asg.web.cmu.edu/sasl/

Memcached-1.4.5的一些新特性

memcached 1.2.8

-p <num> TCP port number to listen on (default: 11211)

-U <num> UDP port number to listen on (default: 11211, 0 is off)

-s <file> unix socket path to listen on (disables network support)

-a <mask> access mask for unix socket, in octal (default 0700)

-l <ip_addr> interface to listen on, default is INDRR_ANY

-d run as a daemon

-r maximize core file limit

-u <username> assume identity of <username> (only when run as root)

-m <num> max memory to use for items in megabytes, default is 64 MB

-M return error on memory exhausted (rather than removing items)

-c <num> max simultaneous connections, default is 1024

-k lock down all paged memory. Note that there is a

limit on how much memory you may lock. Trying to

allocate more than that would fail, so be sure you

set the limit correctly for the user you started

the daemon with (not for -u <username> user;

under sh this is done with ‘ulimit -S -l NUM_KB’).

-v verbose (print errors/warnings while in event loop)

-vv very verbose (also print client commands/reponses)

-h print this help and exit

-i print memcached and libevent license

-P <file> save PID in <file>, only used with -d option

-f <factor> chunk size growth factor, default 1.25

-n <bytes> minimum space allocated for key+value+flags, default 48

-R Maximum number of requests per event

limits the number of requests process for a given con nection

to prevent starvation. default 20

-b Set the backlog queue limit (default 1024)

——————————————————————-

memcached 1.4.5

-p <num> TCP port number to listen on (default: 11211)

-U <num> UDP port number to listen on (default: 11211, 0 is off)

-s <file> UNIX socket path to listen on (disables network support)

-a <mask> access mask for UNIX socket, in octal (default: 0700)

-l <ip_addr> interface to listen on (default: INADDR_ANY, all addresses)

-d run as a daemon

-r maximize core file limit

-u <username> assume identity of <username> (only when run as root)

-m <num> max memory to use for items in megabytes (default: 64 MB)

-M return error on memory exhausted (rather than removing items)

-c <num> max simultaneous connections (default: 1024)

-k lock down all paged memory. Note that there is a

limit on how much memory you may lock. Trying to

allocate more than that would fail, so be sure you

set the limit correctly for the user you started

the daemon with (not for -u <username> user;

under sh this is done with ‘ulimit -S -l NUM_KB’).

-v verbose (print errors/warnings while in event loop)

-vv very verbose (also print client commands/reponses)

-vvv extremely verbose (also print internal state transitions)

-h print this help and exit

-i print memcached and libevent license

-P <file> save PID in <file>, only used with -d option

-f <factor> chunk size growth factor (default: 1.25)

-n <bytes> minimum space allocated for key+value+flags (default: 48)

-L Try to use large memory pages (if available). Increasing

the memory page size could reduce the number of TLB misses

and improve the performance. In order to get large pages

from the OS, memcached will allocate the total item-cache

in one large chunk.

-D <char> Use <char> as the delimiter between key prefixes and IDs.

This is used for per-prefix stats reporting. The default is

":" (colon). If this option is specified, stats collection

is turned on automatically; if not, then it may be turned on

by sending the "stats detail on" command to the server.

-t <num> number of threads to use (default: 4)

-R Maximum number of requests per event, limits the number of

requests process for a given connection to prevent

starvation (default: 20)

-C Disable use of CAS

-b Set the backlog queue limit (default: 1024)

-B Binding protocol – one of ascii, binary, or auto (default)

-I Override the size of each slab page. Adjusts max item size

(default: 1mb, min: 1k, max: 128m)

对于新的版本，增加了多线程处理机制，这样设定可能会提高memcache官方提供95%的命中率的问题。

对于memcache的使用，尽量使用内网，减少服务器连接的时间。

对于高并发的处理，memcache如果效果不太理想，可以尝试使用magent，memcache负载均衡。

关于Memcache长连接自动重连的问题

使用PHP的memcache模块写了一个访问tokyotrant的long-live程序，因为是long-live的，所以我就connect一次之后一直使用了，理论上我connect之后就可以一直使用，中间不会出现重新连接的问题，为了确认我的推断，启动进程之后，我用strace跟踪了一些进程，令我意外的是，隔一段时间连接就会关闭，然后重新连接，怎么回事呢？

我怀疑两个方面：
1. 我的程序有问题
2. server端有问题，用一段时间会关掉我的连接

首先，我用了大约1个小时的时间，简直把我的程序拆的支离破碎了，结果没有发现哪里有问题。
其次，我使用tcpdump观察了一下，发现主动关闭连接的不是server端，而是我的程序。
百思不得其解。这件事简直成了我的一块心病。

隔了一段时间，当我再次使用tcpdump观察的时候，结果如下：
1.   21:27:20.273522 IP 10.55.38.62.60953 > 10.55.38.70.2004: . ack 132 win 501 <nop,nop,timestamp 3026990738 3683027032>
2.  21:27:20.273757 IP 10.55.38.62.60953 > 10.55.38.70.2004: P 20:142(122) ack 132 win 501 <nop,nop,timestamp 3026990738 3683027032>
3.  21:27:20.273871 IP 10.55.38.70.2004 > 10.55.38.62.60953: . ack 142 win 255 <nop,nop,timestamp 3683027032 3026990738>
4. 21:27:21.273955 IP 10.55.38.62.60953 > 10.55.38.70.2004: F 142:142(0) ack 132 win 501 <nop,nop,timestamp 3026991738 3683027032>
5. 21:27:21.274038 IP 10.55.38.62.37298 > 10.55.38.70.2004: S 3948732568:3948732568(0) win 5792 <mss 1460,sackOK,timestamp 3026991738 3683027542,nop,wscale 7>
6. 21:27:21.274165 IP 10.55.38.70.2004 > 10.55.38.62.37298: S 34634952:34634952(0) ack 3948732569 win 5792 <mss 1460,sackOK,timestamp 3683028032 3026991738,nop,wscale 7>
21:27:21.274185 IP 10.55.38.62.37298 > 10.55.38.70.2004: . ack 1 win 46 <nop,nop,timestamp 3026991738 3683028032>
21:27:21.274196 IP 10.55.38.62.37298 > 10.55.38.70.2004: P 1:123(122) ack 1 win 46 <nop,nop,timestamp 3026991738 3683028032>
21:27:21.274320 IP 10.55.38.70.2004 > 10.55.38.62.37298: . ack 123 win 46 <nop,nop,timestamp 3683028032 3026991738>
21:27:21.313329 IP 10.55.38.70.2004 > 10.55.38.62.60953: . ack 143 win 255 <nop,nop,timestamp 3683028072 3026991738>
21:27:21.533806 IP 10.55.38.70.2004 > 10.55.38.62.37298: P 1:9(8) ack 123 win 46 <nop,nop,timestamp 3683028292 3026991738>
21:27:21.533822 IP 10.55.38.62.37298 > 10.55.38.70.2004: . ack 9 win 46 <nop,nop,timestamp 3026991998 3683028292>
21:27:22.604843 IP 10.55.38.70.2004 > 10.55.38.62.60953: P 132:140(8) ack 143 win 255 <nop,nop,timestamp 3683029363 3026991738>
21:27:22.604859 IP 10.55.38.62.60953 > 10.55.38.70.2004: R 3898017016:3898017016(0) win 0
21:27:24.072995 IP 10.55.38.62.37298 > 10.55.38.70.2004: P 123:143(20) ack 9 win 46 <nop,nop,timestamp 3026994537 3683028292>

============================================
我意外地发现有一个reset包，感觉很奇怪，顺着 60953 端口网上查，发现：
第2个包：向server端发送数据
第3个包： server端回复收到数据
第4个包：按说应该server端返回响应数据，但是这里却是client端发了一个finish包
观察第3个包与第4个包之间的时间间隔，基本是1s，这令我想起了memcache的默认超时时间也是1s，是巧合？显然不是。因为：
第5个包： client端重新发起了连接操作
显然是超时了，于是重连有了答案。

当然，虽然client关闭了连接，server端却还没有关闭，直到 21:27:22.604859 的时候，服务器端给出了响应数据，但是client已经关闭了，所以出现了被reset的现象。

==========================================
还有一个问题：
我的程序里面是做了容错处理的，但是我的容错策略是，如果出错了，则sleep(2)；之后重新连接；显然不符合上面的表现，怀着万般不解的心情开始看php的memcache模块的源码；
在memcache.c中：

Memcach.c

int mmc_pool_store(mmc_pool_t *pool, const char *command, int command_len, const char *key, int key_len, int flags, int
expire, const char *value, int value_len TSRMLS_DC) /* {{{ */
{
mmc_t *mmc;
char *request;
int request_len, result = –1;
char *key_copy = NULL, *data = NULL;
//…
while (result < 0 && (mmc = mmc_pool_find(pool, key, key_len TSRMLS_CC)) != NULL) {
if ((result = mmc_server_store(mmc, request, request_len TSRMLS_CC)) < 0) {
mmc_server_failure(mmc TSRMLS_CC);
}
}
// …
}
// ..
int mmc_server_failure(mmc_t *mmc TSRMLS_DC) /*
determines if a request should be retried or is a hard network failure {{{ */
{
switch (mmc->status) {
case MMC_STATUS_DISCONNECTED:
return 0;
/* attempt reconnect of sockets in unknown state */
case MMC_STATUS_UNKNOWN:
mmc->status = MMC_STATUS_DISCONNECTED;
return 0;
}
mmc_server_deactivate(mmc TSRMLS_CC);
return 1;
}

在这里，我们发现，如果store失败的话，下面会有一个容错处理，通过php -i | grep memcache 可以看到容错配置确实是打开的。
在容错的代码中明显发现做了断开连接的操作，但是在哪里重连的呢？

这要看mmc_hash_find_server的实现了，有时间再看。。。

vim 中插入utf-8的bom头

VIM和BOM

最近发现个怪现象, 从Vim中复制的文本(xsel的方式)和实际文本有点点区别, 会在头部加几个不可见的字节(0xEF 0xBB 0xBF), 粘贴到别的程序里有时会引发错误.

查了下, 原来这几个字节是Unicode的BOM(Byte order mark), 用来标记UTF-16和UTF-32编码文件的字节序, UTF-8并不需要. 但因为这个文件我曾经用Windows的记事本保存过, 它自作聪明地加了个BOM, 而Vim识别到文件有BOM就会自动打开bomb这个选项(具体解释请看Vim中bomb和fileencodings的帮助), so…

于是, 这样, 然后保存就好了:

:set nobomb

1	:set nobomb

小提示, 查看当前bomb是否打开可以这样:

:set bomb?

1	:set bomb?

——————————–

创建一个文件，输入一行中文，执行
:set fileencoding=utf-8
设置文件编码，并执行
:w
保存，然后执行
:e
重新加载，接着插入BOM头
:1s/^/\="\xef\xbb\xbf"
最后保存并退出：
😡
成功了！
xialulee@xialulee-pc3 ~/lab
$ xxd bom1.txt
0000000: efbb bfe6 b58b e8af 95e4 b880 e4b8 8b42

……………B
0000010: 4f4d 0d0a OM..
前三个字节正是ef bb bf。
他：现在好了，可以用你以前交给我的方法将大量的cue文件批量转换了。
我：什么方法？
他：就是那个-c参数啊！以非交互的方式运行Vim，如：
xialulee@xialulee-pc3 ~/lab
$ vim -c ‘set encoding=shift_jis | set fileencoding=utf-8 | w | e | 1s/^/\="\xef\xbb\xbf"/ | x’ CDImage.ape.cue
可以以非交互的方式使用，配合bash或者cmd的for循环，就可以搞定一堆cue文件了。
我：那是。要说现在cmd的for循环也蛮强大的。而且还有PowerShell可以用。在没有msys或者GnuWin32的情况下，将cmd或PowerShell与非交互的Vim结合起来进行批量处理，应该可行的。

后台使用top命令需注意使用-b选项

通过其他程序或脚本在非交互式模式下调用top命令，经常会出现:
top: failed tty get 错误

解决办法：加个-b 选项皆可

-b : Batch mode operation
Starts top in <A1><AF>Batch mode<A1><AF>, which could be useful for sending output from top to other programs or to a file. In this mode, top will not accept input and runs until the iterations limit you<A1><AF>ve set with the <A1><AF>-n<A1><AF> command-line option or until killed.

例如执行：
top -bn 1

监控某个进程的状态：
top -bn 1 -p 14370 | grep cmdname>>stats.log

PHP safe_mode = on 时的uid、gid的检查

safe_mode_gid = on 时，就只检查gid了。

原以为逻辑为：
if(safe_mode_gid == on && gid 符合) {
return 1；
} else if （uid 符合） {
return 1；
}

实际逻辑却是：
if (uid 符合 ) {
return 1;
} elseif (safe_mode_gid == on && gid 符合) {
return 1；
}
return 0；

这逻辑有点儿意思。。。

恶心的绊脚石

我在浏览器里面测试通过apache访问的脚本test.php 能不能读取 a.php 里面的内容，结果怎么也看不到a.php 的内容，但是也不报错，源代码为：

<?php
// test.php
echo file_get_contents("a.php");
?>

其实， a.php的内容和test.php 内容一样。

页面上没有显示a.php的内容，也没有报错信息，apache错误日志里面也没有任何报错信息。

我很奇怪，我只好去阅读file_get_contents的具体实现了，当我阅读到一半的时候，我突然想到：
不是读取失败，只是没有显示而已，因为a.php的内容是以 ‘<‘ 开头的，被解释成html标签了，所以页面什么也没有显示，查看页面源代码，果然如此

关于js正则表达式的一点注意

js中创建正则表达式对象有两种方法：

var reg = /pattern/;
var reg = new RegExp(‘pattern’)

如果 pattern是动态构造出来的，则第一种方式就不行了，如：
var reg = "/" + a_value + "/";
这个reg是字符串，不是正则表达式对象。这时候就需要使用第二种方式了。

使用第二种方式的时候也要注意，不要收第一种方式的影响，也不要受PHP中写法的影响，注意：
第二种方式创建的时候是不能有前后的反斜线的; // 这篇文章就说了这一句有用的话
参考资料：
http://www.cainiao8.com/web/js_note/js_regular_expression.html

将html中的图片和html保存在一个文件里

html是超文本标记语言，里面显示的图片一般是指向另一个url的，但是，在我使用word的时候，我发现word文件里面是可以包含图片的，而且图片是保存在word文件里面的，这个就比html方便多了，当我保存html的时候，一般需要把相应的资源文件（图片、css、js）保存到一个目录里面，这个感觉麻烦。
css、js是可以直接写在html里面的，那么，能不能将图片数据也直接写到html里面的，去google百度了一下，还真有：
http://hi.baidu.com/guodong828/blog/item/7d86960acf23052bb0351d7c.html

需要注意的是：
1. IE到IE8都还不支持（IE9没试）
2. base64的数据膨胀系数为 1/7，即原来的7位的数据被编码成了1个字节

避免变成死链接，这里copy一份：
—————————————————————————

所谓"data"类型的Url格式，是在RFC2397中提出的，目的对于一些“小”的数据，可以在网页中直接嵌入，而不是从外部文件载入。例如对于img这个Tag，哪怕这个图片非常非常的小，小到只有一个点，也是要从另外一个外部的图片文件例如gif文件中读入的，如果浏览器实现了data类型的Url格式，这个文件就可以直接从页面文件内部读入了。

　　data类型的Url格式早在1998年就提出了，时至今日，Firfox、Opera、Safari和Konqueror这些浏览器都已经支持，但是IE直到7.0版本都还没有支持，IE不支持的东西太多了，也不差这一个。

［小例子］

下面这个html代码可以在支持data类型Url的浏览器中运行，例如Firefox。运行后会看到一条蓝色渐变底色的标题。

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

.title { background-image:url(data:image/gif;base64,R0lGODlhAQAcALMAAMXh96HR97XZ98Hf98Xg97DX97nb98Lf97vc98Tg973d96rU97ba97%2Fe96XS9
wAAACH5BAAAAAAALAAAAAABABwAAAQVMLhVBDNItXESAURyDI2CGIxQLE4EADs%3D);

background-repeat:repeat-x;

height:28px;

line-height: 28px;

text-align:center;

}

</style>

</head>

<body>

<div class="title">Hello, world!</div>

</body>

</html>

　　这个渐变的蓝色底色实际上是用一个1×28的小图片通过横行重复(repeat-x)形成的。这个图片很小，不过104个字节，直接嵌入到html或css文件还是很合适的。

　　data格式的Url最直接的好处是，这些Url原本会引起一个新的网络访问，因为那里是一个网页的地址，现在不会有新的网络访问了，因为现在这里是网页的内容。这样做，会减少服务器的负载，当然同时也增加了当前网页的大小。所以对“小”数据特别有好处。

　　data类型Url的形式既然是Url，当然也可以直接在浏览器的地址栏中输入。

　　data:text/html,<html><body><p><b>Hello, world!</b></p></body></html>在浏览器中输入以上的Url，会得到一个加粗的"Hello, world!"。也就是说，data:后面的数据直接用做网页的内容，而不是网页的地址。

简单的说，data类型的Url大致有下面几种形式。

data:,<文本数据>data:text/plain,<文本数据>

data:text/html,<HTML代码>

data:text/html;base64,<base64编码的HTML代码>

data:text/css,<CSS代码>

data:text/css;base64,<base64编码的CSS代码>

data:text/javascript,<Javascript代码>

data:text/javascript;base64,<base64编码的Javascript代码>

data:image/gif;base64,base64编码的gif图片数据

data:image/png;base64,base64编码的png图片数据

data:image/jpeg;base64,base64编码的jpeg图片数据

data:image/x-icon;base64,base64编码的icon图片数据

　　因为Url是一种基于文本的协议，所以gif/png/jpeg这种二进制属于需要用base64进行编码。换句话说，引入base64以后，就可以支持任意形式的数据格式。下面是个png图片的例子，会在浏览器中显示一个Mozilla的图标。

data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHd

hcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVHjaYvz//z8DJQAggJiQOe/fv2fv7Oz8rays/N+VkfG/iYnJfyD/1+rVq7ffu3dP

FpsBAAHEAHIBCJ85c8bN2Nj4vwsDw/8zQLwKiO8CcRoQu0DxqlWrdsHUwzBAAIGJmTNnPgYa9j8UqhFElwPxf2MIDeIrKSn9FwSJoRkAE

EAM0DD4DzMAyPi/G+QKY4hh5WAXGf8PDQ0FGwJ22d27CjADAAIIrLmjo+MXA9R2kAHvGBA2wwx6B8W7od6CeQcggKCmCEL8bgwxYCbUIG

TDVkHDBia+CuotgACCueD3TDQN75D4xmAvCoK9ARMHBzAw0AECiBHkAlC0Mdy7x9ABNA3obAZXIAa6iKEcGlMVQHwWyjYuL2d4v2cPg8v

Zswx7gHyAAAK7AOif7SAbOqCmn4Ha3AHFsIDtgPq/vLz8P4MSkJ2W9h8ggBjevXvHDo4FQUQg/kdypqCg4H8lUIACnQ/SOBMYI8bAsAJF

Pcj1AAEEjwVQqLpAbXmH5BJjqI0gi9DTAAgDBBCcAVLkgmQ7yKCZxpCQxqUZhAECCJ4XgMl493ug21ZD+aDAXH0WLM4A9MZPXJkJIIAwT

AR5pQMalaCABQUULttBGCCAGCnNzgABBgAMJ5THwGvJLAAAAABJRU5ErkJggg==

　可以在Html的Img对象中使用，例如：

　可以在Css的background-image属性中使用，例如：

div.image { width:100px; height:100px; background-image:url(data:image/x-icon;base64,AAABAAEAEBAAAAAAAABoBQAAF…);}

　可以在Html的Css链接处使用，例如：

　可以在Html的Javascript链接处使用，例如：

　　完整的语法定义在RFC中，完整的语法定义如下：

dataurl:= "data:" [mediatype] [";base64"] "," datamediatype := [type"/"subtype] *( ";" parameter )data:= *urlcharparameter := attribute "=" valueurlchar指的就是一般url中允许的字符，有些字符需要转义，例如"="要转义为"%3D"，不过我测试下来，至少在Firefox里面，不转义也是可以的。

　　parameter可以对mediatype进行属性的扩展，常见的是charset，用来定义编码格式，在多语言情况下需要用到。例如下面的例子。

　　data:text/plain;charset=UTF-8;base64,5L2g5aW977yM5Lit5paH77yB这个例子会显示出"你好，中文！"。如果吧charset部分去掉，就会显示乱码，因为我用的是UTF-8编码。

　　Firefox有一个data类型Url的测试页面，列出了各种格式的data类型Url的测试Url，和测试结果说明。

base64编码和内容的隐秘

　　把二进制数据转换成为Base64不是什么难事，比如Total Commander就有这样的功能。还有一些在线资源：

　　http://www.greywyvern.com/code/php/binary2base64

　　http://www.kawa.net/works/js/data-scheme/base64-e.html

　　有些在线转换把base64里面的“=”转换成为%3D，这个在Url中和“=”是一样的，不转换也没什么问题。当然，这种Url还有一种隐秘的好处，就是将一些道貌岸然者不喜欢的东西，堂而皇之的放在页面上。