网关上做DNS透明代理

#!/bin/sh

cd /root/sysadm
LOG="/root/sysadm/logs/upt_dns253.log"

OLD_DNS=`/sbin/iptables -t nat -L -n | grep "udp dpt:53" | awk '{print $8}' | awk -F\: '{print $2}'`
NEW_DNS=`cat /etc/resolv.conf | head -1 | awk '{print $2}'`

if [ "$OLD_DNS" != "$NEW_DNS" ]; then
        /sbin/iptables -t nat -D PREROUTING -p udp -d 0.0.0.0/0 --dport 53 -j DNAT --to $OLD_DNS:53
        /sbin/iptables -t nat -A PREROUTING -p udp -d 0.0.0.0/0 --dport 53 -j DNAT --to $NEW_DNS:53
        echo `date "+%Y-%m-%d %H:%M:%S"` " Dns Proxy updating.. [$OLD_DNS -> $NEW_DNS]" >> $LOG
fi