如何使用 systemd 识别详细的 DNS 行为？

Question

您可以设置的日志级别systemd-resolved，使用运行查询resolvectl query，然后检查的日志systemd-resolved。例如：

% sudo resolvectl log-level debug
% resolvectl query example.com
example.com: 93.184.216.34                     -- link: enp6s0
             2606:2800:220:1:248:1893:25c8:1946 -- link: enp6s0

-- Information acquired via protocol DNS in 14.0ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

并检查日志systemd-resolved：

% journalctl -u systemd-resolved
...
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.1142 path=n/a interface=n/a member=n/a cookie=36 reply_cookie=62 signature=u error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: D-Bus hostname resolution request from client PID 194160 (n/a) with UID 4294967295
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Looking up RR for example.com IN A.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Looking up RR for example.com IN AAAA.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=63 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=64 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.1142 path=n/a interface=n/a member=n/a cookie=38 reply_cookie=64 signature=s error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Cache miss for example.com IN A
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Firing regular transaction 61323 for <example.com IN A> scope dns on */* (validate=yes).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using feature level UDP+EDNS0 for transaction 61323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using DNS server 8.8.8.8 for transaction 61323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Announcing packet size 1472 in egress EDNS(0) packet.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Emitting UDP, link MTU is 1500, socket MTU is 1500, minimal MTU is 40
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sending query packet with id 61323 of size 40.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Cache miss for example.com IN AAAA
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Firing regular transaction 17323 for <example.com IN AAAA> scope dns on */* (validate=yes).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using feature level UDP+EDNS0 for transaction 17323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using DNS server 8.8.8.8 for transaction 17323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Announcing packet size 1472 in egress EDNS(0) packet.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Emitting UDP, link MTU is 1500, socket MTU is 1500, minimal MTU is 40
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sending query packet with id 17323 of size 40.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Cache miss for example.com IN AAAA
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Firing regular transaction 7013 for <example.com IN AAAA> scope dns on enp6s0/* (validate=yes).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using feature level UDP+EDNS0 for transaction 7013.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using DNS server 8.8.8.8 for transaction 7013.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Announcing packet size 1472 in egress EDNS(0) packet.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Emitting UDP, link MTU is 1500, socket MTU is 0, minimal MTU is 40
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sending query packet with id 7013 of size 40.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Cache miss for example.com IN A
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Firing regular transaction 32950 for <example.com IN A> scope dns on enp6s0/* (validate=yes).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using feature level UDP+EDNS0 for transaction 32950.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using DNS server 8.8.8.8 for transaction 32950.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Announcing packet size 1472 in egress EDNS(0) packet.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Emitting UDP, link MTU is 1500, socket MTU is 0, minimal MTU is 40
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sending query packet with id 32950 of size 40.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.1142 path=n/a interface=n/a member=n/a cookie=37 reply_cookie=63 signature=n/a error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Match type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0=':1.1170' successfully installed.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Received dns UDP packet of size 56, ifindex=2, ttl=0, fragsize=0, sender=8.8.8.8, destination=192.168.0.2
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Processing incoming packet of size 56 on transaction 61323 (rcode=SUCCESS).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Added positive unauthenticated non-confidential cache entry for example.com IN A 7200s on enp6s0/INET/8.8.8.8
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Regular transaction 61323 for <example.com IN A> on scope dns on */* now complete with <success> from network (unsigned; non-confidential).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Received dns UDP packet of size 68, ifindex=2, ttl=0, fragsize=0, sender=8.8.8.8, destination=192.168.0.2
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Processing incoming packet of size 68 on transaction 7013 (rcode=SUCCESS).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Added positive unauthenticated non-confidential cache entry for example.com IN AAAA 1277s on enp6s0/INET/8.8.8.8
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Regular transaction 7013 for <example.com IN AAAA> on scope dns on enp6s0/* now complete with <success> from network (unsigned; non-confidential).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Received dns UDP packet of size 68, ifindex=2, ttl=0, fragsize=0, sender=8.8.8.8, destination=192.168.0.2
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Processing incoming packet of size 68 on transaction 17323 (rcode=SUCCESS).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Added positive unauthenticated non-confidential cache entry for example.com IN AAAA 7200s on enp6s0/INET/8.8.8.8
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Regular transaction 17323 for <example.com IN AAAA> on scope dns on */* now complete with <success> from network (unsigned; non-confidential).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Freeing transaction 61323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Freeing transaction 7013.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Freeing transaction 32950.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Added socket 26 to graveyard
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sent message type=method_return sender=n/a destination=:1.1170 path=n/a interface=n/a member=n/a cookie=65 reply_cookie=2 signature=a(iiay)st error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=66 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Freeing transaction 17323.
...

我无法解释这种行为，但你可以详细地看到这种行为。

另请检查man systemd-resolved.service，在我看来，它对所使用的算法有相当详细的解释：

   •   Queries for multi-label names are routed via unicast DNS on
       local interfaces that have a DNS server configured, plus the
       globally configured DNS servers if there are any. Which
       interfaces are used is determined by the routing logic based
       on search and route-only domains, described below. [...]

   If lookups are routed to multiple interfaces, the first
   successful response is returned (thus effectively merging the
   lookup zones on all matching interfaces). If the lookup failed on
   all interfaces, the last failing response is returned.

   [...]

   The following query routing logic applies for unicast DNS lookups
   initiated by systemd-resolved.service:

   •   If a name to look up matches (that is: is equal to or has as
       suffix) any of the configured routing domains (search or
       route-only) of any link, or the globally configured DNS
       settings, "best matching" routing domain is determined: the
       matching one with the most labels. The query is then sent to
       all DNS servers of any links or the globally configured DNS
       servers associated with this "best matching" routing domain.
       (Note that more than one link might have this same "best
       matching" routing domain configured, in which case the query
       is sent to all of them in parallel).

       In case of single-label names, when search domains are
       defined, the same logic applies, except that the name is
       first suffixed by each of the search domains in turn. Note
       that this search logic doesn't apply to any names with at
       least one dot. Also see the discussion about compatibility
       with the traditional glibc resolver below.

   •   If a query does not match any configured routing domain
       (either per-link or global), it is sent to all DNS servers
       that are configured on links with the DefaultRoute= option
       set, as well as the globally configured DNS server.

   •   If there is no link configured as DefaultRoute= and no global
       DNS server configured, one of the compiled-in fallback DNS
       servers is used.

   •   Otherwise the unicast DNS query fails, as no suitable DNS
       servers can be determined.

Answer 1

您可以设置的日志级别systemd-resolved，使用运行查询resolvectl query，然后检查的日志systemd-resolved。例如：

% sudo resolvectl log-level debug
% resolvectl query example.com
example.com: 93.184.216.34                     -- link: enp6s0
             2606:2800:220:1:248:1893:25c8:1946 -- link: enp6s0

-- Information acquired via protocol DNS in 14.0ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

并检查日志systemd-resolved：

% journalctl -u systemd-resolved
...
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.1142 path=n/a interface=n/a member=n/a cookie=36 reply_cookie=62 signature=u error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: D-Bus hostname resolution request from client PID 194160 (n/a) with UID 4294967295
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Looking up RR for example.com IN A.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Looking up RR for example.com IN AAAA.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=63 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=64 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.1142 path=n/a interface=n/a member=n/a cookie=38 reply_cookie=64 signature=s error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Cache miss for example.com IN A
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Firing regular transaction 61323 for <example.com IN A> scope dns on */* (validate=yes).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using feature level UDP+EDNS0 for transaction 61323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using DNS server 8.8.8.8 for transaction 61323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Announcing packet size 1472 in egress EDNS(0) packet.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Emitting UDP, link MTU is 1500, socket MTU is 1500, minimal MTU is 40
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sending query packet with id 61323 of size 40.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Cache miss for example.com IN AAAA
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Firing regular transaction 17323 for <example.com IN AAAA> scope dns on */* (validate=yes).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using feature level UDP+EDNS0 for transaction 17323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using DNS server 8.8.8.8 for transaction 17323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Announcing packet size 1472 in egress EDNS(0) packet.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Emitting UDP, link MTU is 1500, socket MTU is 1500, minimal MTU is 40
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sending query packet with id 17323 of size 40.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Cache miss for example.com IN AAAA
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Firing regular transaction 7013 for <example.com IN AAAA> scope dns on enp6s0/* (validate=yes).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using feature level UDP+EDNS0 for transaction 7013.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using DNS server 8.8.8.8 for transaction 7013.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Announcing packet size 1472 in egress EDNS(0) packet.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Emitting UDP, link MTU is 1500, socket MTU is 0, minimal MTU is 40
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sending query packet with id 7013 of size 40.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Cache miss for example.com IN A
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Firing regular transaction 32950 for <example.com IN A> scope dns on enp6s0/* (validate=yes).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using feature level UDP+EDNS0 for transaction 32950.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Using DNS server 8.8.8.8 for transaction 32950.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Announcing packet size 1472 in egress EDNS(0) packet.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Emitting UDP, link MTU is 1500, socket MTU is 0, minimal MTU is 40
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sending query packet with id 32950 of size 40.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.1142 path=n/a interface=n/a member=n/a cookie=37 reply_cookie=63 signature=n/a error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Match type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0=':1.1170' successfully installed.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Received dns UDP packet of size 56, ifindex=2, ttl=0, fragsize=0, sender=8.8.8.8, destination=192.168.0.2
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Processing incoming packet of size 56 on transaction 61323 (rcode=SUCCESS).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Added positive unauthenticated non-confidential cache entry for example.com IN A 7200s on enp6s0/INET/8.8.8.8
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Regular transaction 61323 for <example.com IN A> on scope dns on */* now complete with <success> from network (unsigned; non-confidential).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Received dns UDP packet of size 68, ifindex=2, ttl=0, fragsize=0, sender=8.8.8.8, destination=192.168.0.2
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Processing incoming packet of size 68 on transaction 7013 (rcode=SUCCESS).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Added positive unauthenticated non-confidential cache entry for example.com IN AAAA 1277s on enp6s0/INET/8.8.8.8
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Regular transaction 7013 for <example.com IN AAAA> on scope dns on enp6s0/* now complete with <success> from network (unsigned; non-confidential).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Received dns UDP packet of size 68, ifindex=2, ttl=0, fragsize=0, sender=8.8.8.8, destination=192.168.0.2
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Processing incoming packet of size 68 on transaction 17323 (rcode=SUCCESS).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Added positive unauthenticated non-confidential cache entry for example.com IN AAAA 7200s on enp6s0/INET/8.8.8.8
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Regular transaction 17323 for <example.com IN AAAA> on scope dns on */* now complete with <success> from network (unsigned; non-confidential).
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Freeing transaction 61323.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Freeing transaction 7013.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Freeing transaction 32950.
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Added socket 26 to graveyard
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sent message type=method_return sender=n/a destination=:1.1170 path=n/a interface=n/a member=n/a cookie=65 reply_cookie=2 signature=a(iiay)st error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=66 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Apr 09 02:59:49 cthulhu systemd-resolved[193385]: Freeing transaction 17323.
...

我无法解释这种行为，但你可以详细地看到这种行为。

另请检查man systemd-resolved.service，在我看来，它对所使用的算法有相当详细的解释：

   •   Queries for multi-label names are routed via unicast DNS on
       local interfaces that have a DNS server configured, plus the
       globally configured DNS servers if there are any. Which
       interfaces are used is determined by the routing logic based
       on search and route-only domains, described below. [...]

   If lookups are routed to multiple interfaces, the first
   successful response is returned (thus effectively merging the
   lookup zones on all matching interfaces). If the lookup failed on
   all interfaces, the last failing response is returned.

   [...]

   The following query routing logic applies for unicast DNS lookups
   initiated by systemd-resolved.service:

   •   If a name to look up matches (that is: is equal to or has as
       suffix) any of the configured routing domains (search or
       route-only) of any link, or the globally configured DNS
       settings, "best matching" routing domain is determined: the
       matching one with the most labels. The query is then sent to
       all DNS servers of any links or the globally configured DNS
       servers associated with this "best matching" routing domain.
       (Note that more than one link might have this same "best
       matching" routing domain configured, in which case the query
       is sent to all of them in parallel).

       In case of single-label names, when search domains are
       defined, the same logic applies, except that the name is
       first suffixed by each of the search domains in turn. Note
       that this search logic doesn't apply to any names with at
       least one dot. Also see the discussion about compatibility
       with the traditional glibc resolver below.

   •   If a query does not match any configured routing domain
       (either per-link or global), it is sent to all DNS servers
       that are configured on links with the DefaultRoute= option
       set, as well as the globally configured DNS server.

   •   If there is no link configured as DefaultRoute= and no global
       DNS server configured, one of the compiled-in fallback DNS
       servers is used.

   •   Otherwise the unicast DNS query fails, as no suitable DNS
       servers can be determined.

如何使用 systemd 识别详细的 DNS 行为？

答案1

相关内容