抱歉,这篇文章很长,TL;DR 是指域名解析(可能还有其他东西)只能间歇性地工作,因此互联网只能间歇性地工作。我想修复它:Kubuntu 17.04。
有几个症状:20170605 年,我打开电脑,连接远程设备以使用 plex,但从同一子网上的远程设备通过 ath9k_htc TP-LINK usb 加密狗使用 wifi 连接到本地电脑时断时续。我运行了最近更新(pastebin)但它们似乎与 DNS 解析无关。
执行 ping 操作,使用间隔 2 秒的 mtr,Google 的 DNS 为 8.8.8.8,我得到以下结果:
1. 192.168.1.1 ...............................????????????????...............????????????????...........................................................................??????????.....................???????.........
2. 81.1.112.44 ...............................????????????????...............????????????????.........>.................................................................?????????......................???????.........
题目显示连接失败时,间隔分别是32s,32s,22s,14s,即不规律。
最初我以为是 systemd-resolved 造成的,它sudo systemctl status wpa_supplicant.service NetworkManager.service systemd-resolved返回以下内容:
thisuser@host-k1210:~$ sudo systemctl status wpa_supplicant.service NetworkManager.service systemd-resolved.service
● wpa_supplicant.service - WPA supplicant
Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2017-06-06 09:26:04 BST; 3h 52min ago
Main PID: 1252 (wpa_supplicant)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/wpa_supplicant.service
└─1252 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
Jun 06 11:35:52 host-k1210 wpa_supplicant[1252]: wlan15: WPA: Group rekeying completed with 00:1c:df:9b:8d:ff [GTK=TKIP]
Jun 06 11:57:25 host-k1210 wpa_supplicant[1252]: wlan15: CTRL-EVENT-DISCONNECTED bssid=00:1c:df:9b:8d:ff reason=3 locally_generated=1
Jun 06 11:57:25 host-k1210 wpa_supplicant[1252]: wlan15: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: SME: Trying to authenticate with 00:1c:df:9b:8d:ff (SSID='TALKTALK-17A908' fr
Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: Trying to associate with 00:1c:df:9b:8d:ff (SSID='TALKTALK-17A908' freq=2412
Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: Associated with 00:1c:df:9b:8d:ff
Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=US
Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: WPA: Key negotiation completed with 00:1c:df:9b:8d:ff [PTK=CCMP GTK=TKIP]
Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: CTRL-EVENT-CONNECTED - Connection to 00:1c:df:9b:8d:ff completed [id=0 id_str
Jun 06 12:36:45 host-k1210 wpa_supplicant[1252]: wlan15: WPA: Group rekeying completed with 00:1c:df:9b:8d:ff [GTK=TKIP]
● NetworkManager.service - Network Manager
Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2017-06-06 11:05:45 BST; 2h 13min ago
Docs: man:NetworkManager(8)
Main PID: 3815 (NetworkManager)
Tasks: 3 (limit: 4915)
CGroup: /system.slice/NetworkManager.service
└─3815 /usr/sbin/NetworkManager --no-daemon
Jun 06 11:05:45 host-k1210 systemd[1]: Starting Network Manager...
Jun 06 11:05:45 host-k1210 systemd[1]: Started Network Manager.
Jun 06 11:05:45 host-k1210 NetworkManager[3815]: <warn> [1496743545.4801] keyfile: 'hostname' option is deprecated and has no effect
Jun 06 11:05:45 host-k1210 NetworkManager[3815]: ((devices/nm-device.c:970)): assertion '<dropped>' failed
Jun 06 11:57:25 host-k1210 NetworkManager[3815]: <warn> [1496746645.8678] sup-iface[0x556a4c929950,wlan15]: connection disconnected (
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/systemd-resolved.service.d
└─resolvconf.conf
Active: active (running) since Tue 2017-06-06 09:26:00 BST; 3h 52min ago
Docs: man:systemd-resolved.service(8)
http://www.freedesktop.org/wiki/Software/systemd/resolved
http://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
http://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 1192 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 4915)
CGroup: /system.slice/systemd-resolved.service
└─1192 /lib/systemd/systemd-resolved
Jun 06 13:14:01 host-k1210 systemd-resolved[1192]: Switching to DNS server 8.8.8.8 for interface wlan15.
Jun 06 13:14:01 host-k1210 systemd-resolved[1192]: Using degraded feature set (UDP+EDNS0+DO) for DNS server 8.8.8.8.
Jun 06 13:14:05 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15.
Jun 06 13:14:05 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.220.220 for interface wlan15.
Jun 06 13:14:06 host-k1210 systemd-resolved[1192]: Switching to DNS server 8.8.8.8 for interface wlan15.
Jun 06 13:17:44 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15.
Jun 06 13:17:49 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.220.220 for interface wlan15.
Jun 06 13:17:55 host-k1210 systemd-resolved[1192]: Switching to DNS server 8.8.8.8 for interface wlan15.
Jun 06 13:18:00 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15.
Jun 06 13:18:05 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.220.220 for interface wlan15.
换句话说至少 3 个系统处于错误状态:
1)这显示错误这篇关于 wpa_supplicant/NetworkManager 的文章;解决方案消除 MAC 地址随机化通过修改 NetworkManager.conf 对我来说是无效的。
2a)错误这篇关于在 wpa_supplicant 中重新密钥的帖子;再次,该修复对我没有帮助,因为我没有可以“设置 WPA/WPA2 组密钥更新周期”的路由器。
2b)报告相同的错误这里根据指令改变 PMF(受保护的管理框架),我的 wifi 路由器仍然无法提供对此的访问权限。
tail3)第三个错误也可以通过-ing看到/var/log/syslog:
Jun 6 13:18:00 bridgeflap-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15.
Jun 6 13:18:05 bridgeflap-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.220.220 for interface wlan15.
Jun 6 13:24:07 bridgeflap-k1210 systemd-resolved[1192]: Switching to DNS server 8.8.8.8 for interface wlan15.
Jun 6 13:24:12 bridgeflap-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15.
Jun 6 13:24:12 bridgeflap-k1210 systemd-resolved[1192]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 208.67.222.222.
这些错误会重复出现很多次。当系统连接到网络时,它们会停止,然后当mtr 8.8.8.8显示 ping 失败时,上述错误会再次出现,就像那样 - 几乎像竞争条件。
3a)中的错误systemd-resolved看起来很像这个问题但关闭 DNSSEC 的修复对我不起作用,实际上这是默认设置,尽管我继续在 中将其指定为关闭systemd-resolved.conf。
3b)它看起来很像这样预发布 Valet Linux 问题wherednsmasq似乎干扰了 systemd 的解析器。我已经以前有 dnsmasq,但现在没有。
3c)来自 16.10 的论坛帖子建议删除 dnsmasq 作为解决方案,总之我没有安装它(但有 dnsmasq-base 作为残留,删除它是无效的)。
值得一提的是,我使用静态 IP 通过 wifi 连接到 ADSL 路由器调制解调器,并通过 KDE NetworkManager 界面设置 OpenDNS(以 Google 作为后备)。
几乎重新启动任何网络项目,例如sudo systemctl restart networking.service似乎可以非常短暂地解决问题,但错误的短暂性使得很难判断——连接实际上一直在断开,最短的断开时间约为 2 秒,最长的断开时间约为 60 秒。
我这样做journalctl -x --utc --system | grep -C3 -i error会得到如下的结果:
-- Unit NetworkManager-wait-online.service has begun starting up.
Jun 06 09:57:29 bridgeflap-k1210 NetworkManager[3236]: <warn> [1496743049.2492] keyfile: 'hostname' option is deprecated and has no effect
Jun 06 09:57:29 bridgeflap-k1210 NetworkManager[3236]: <warn> [1496743049.2950] keyfile: error loading connection from file /etc/NetworkManager/system-connections/TALKTALK-E8D140-50a6bcfd-4d2e-4ec2-9a43-38d3d1cd21b2: invalid connection: connection.type: property is missing
通过 KDE 的 NetworkManager 小程序删除连接似乎已经修复了这个“缺少属性”错误,并且我暂时恢复了网络连接,但重新启动时我又回到了相同的 [显然] DNS 解析器问题,并且该错误不再出现在日志中。
似乎我只能尝试sudo systemctl disable systemd-resolved回到dnsmasq或使用unbound(这个解决方案建议使用 resolvconf),或者也许设置静态名称服务器?
那么,下一步该尝试什么?
为了预期建议,我的 /etc/resolv.conf 已经是 /run/systemd/ 的符号链接……实际上挂起了……不,它没有……
sudo apt remove resolvconf
sudo mv /etc/resolv.conf{,.20170606a}
sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf
sudo dpkg-reconfigure systemd
sudo systemctl disable resolvconf.service
sudo systemctl restart systemd-resolved.service networking.service
看起来它起作用了,现在我得到了更长的延伸~200秒,其中mtrping成功,但仍然掉线并且仍然有错误,就像syslog:
Jun 6 14:50:41 bridgeflap-k1210 systemd-resolved[25306]: Switching to DNS server 208.67.222.222 for interface wlan15.
Jun 6 14:50:43 bridgeflap-k1210 systemd-resolved[25306]: Switching to DNS server 208.67.220.220 for interface wlan15.
Jun 6 14:50:43 bridgeflap-k1210 systemd-resolved[25306]: Using degraded feature set (UDP+EDNS0) for DNS server 208.67.220.220.
Jun 6 14:50:44 bridgeflap-k1210 systemd-resolved[25306]: Switching to DNS server 8.8.8.8 for interface wlan15.
帮助!?
答案1
我使用 Wireshark 监控连接并过滤“DNS”——我可以看到我没有查看的域的查找。谢天谢地,我认出了一个域,它是我 FireTV 加密狗(2017 版)上某个应用程序的域。整个问题是 FireTV 通过我路由器上的 DHCP“窃取”了有问题的桌面的租约;大概是它收到了一半的数据包,或者路由器对同一本地子网上有 2 个具有相同 IP 地址的设备感到困惑。
解决方法是“忘记”FireTV 上的网络连接。设置连接时选择“手动”,在“确定”和“取消”按钮之间有一个小的“高级按钮”(我第一次没有注意到)。我选择了不同的 IP,现在一切正常。
值得注意的是,路由器有一个部分可以通过 IP 和 MAC 查看所有连接的设备,当两个设备使用同一个 IP 连接时,路由器不会显示任何设备(但继续显示网络上的其他设备)。
[不确定是否要保留此处还是删除并发布到其他地方?]