我的 18.04 无法进行名称查找。
我遇到了与以下问题类似的问题:这问题,但那里的答案对我没有帮助。
nslookup --verbose google.com
;; Connection to 127.0.0.1#53(127.0.0.1) for google.com failed: connection refused
;; Connection to ::1#53(::1) for google.com failed: connection refused
nslookup google.com 8.8.8.8
<works>
nslookup google.com 127.0.0.53
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: google.com
Address: 172.217.0.46
Name: google.com
Address: 2607:f8b0:4005:807::200e
此外,nslookup 可在 Docker 容器内部工作。
systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 7 (docker0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 5 (wlp4s0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 2001:558:feed::1
2001:558:feed::2
192.168.0.1
Link 4 (eno2)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 3 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
2001:558:feed::1
2001:558:feed::2
Link 2 (enp7s0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
sudo netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 4212/sendmail: MTA:
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 7074/systemd-resolv
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5892/cupsd
tcp 0 0 127.0.0.1:43128 0.0.0.0:* LISTEN 8791/code
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4212/sendmail: MTA:
tcp 0 0 127.0.0.1:9150 0.0.0.0:*
tcp 0 0 127.0.0.1:12607 0.0.0.0:* LISTEN 6531/code
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2277/slapd
tcp6 0 0 ::1:631 :::* LISTEN 5892/cupsd
tcp6 0 0 :::389 :::* LISTEN 2277/slapd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3636/chrome
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3636/chrome
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3636/chrome
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1012/avahi-daemon:
udp 0 0 0.0.0.0:46376 0.0.0.0:* 1012/avahi-daemon:
udp 0 0 127.0.0.53:53 0.0.0.0:* 7074/systemd-resolv
udp 0 0 0.0.0.0:68 0.0.0.0:* 5195/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 5147/dhclient
udp 0 0 0.0.0.0:631 0.0.0.0:* 5893/cups-browsed
udp6 0 0 :::34949 :::* 1012/avahi-daemon:
udp6 0 0 :::5353 :::* 3636/chrome
udp6 0 0 :::5353 :::* 3636/chrome
udp6 0 0 :::5353 :::* 1012/avahi-daemon:
我注意到没有任何程序在监听 127.0.0.1:53,而 systemd-resolv 正在监听 127.0.0.53:53。那么为什么 nslookup 会尝试访问 127.0.0.1:53?如果我将 nslookup 强制为 127.0.0.53:53,它就会工作。如何配置我的系统以始终使用该地址进行名称查找?
这是我的完整 iptable:
sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8502 1958K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
7055 559K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
18180 8978K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
8938 570K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
10662 2525K INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
10662 2525K INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
10662 2525K INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
10662 2525K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
18591 29M DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
18591 29M DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
10993 29M ACCEPT all -- * br-cea5793d9738 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * br-cea5793d9738 0.0.0.0/0 0.0.0.0/0
7598 402K ACCEPT all -- br-cea5793d9738 !br-cea5793d9738 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br-cea5793d9738 br-cea5793d9738 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 13288 packets, 2752K bytes)
pkts bytes target prot opt in out source destination
43767 5406K OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !br-cea5793d9738 br-cea5793d9738 0.0.0.0/0 172.18.0.2 tcp dpt:5006
0 0 ACCEPT tcp -- !br-cea5793d9738 br-cea5793d9738 0.0.0.0/0 172.18.0.3 tcp dpt:5001
0 0 ACCEPT tcp -- !br-cea5793d9738 br-cea5793d9738 0.0.0.0/0 172.18.0.3 tcp dpt:5000
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
7598 402K DOCKER-ISOLATION-STAGE-2 all -- br-cea5793d9738 !br-cea5793d9738 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
18591 29M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * br-cea5793d9738 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
7598 402K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
18591 29M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- wlp4s0 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- eno1 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * wlp4s0 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * eno1 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (3 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (3 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
4163 994K IN_public all -- wlp4s0 * 0.0.0.0/0 0.0.0.0/0 [goto]
4310 1030K IN_public all -- eno1 * 0.0.0.0/0 0.0.0.0/0 [goto]
142 12206 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (3 references)
pkts bytes target prot opt in out source destination
10662 2525K IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
10662 2525K IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
10662 2525K IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
这是我的完整 ifconfig:
br-cea5793d9738: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fe80::42:71ff:feb0:158b prefixlen 64 scopeid 0x20<link>
ether 02:42:71:b0:15:8b txqueuelen 0 (Ethernet)
RX packets 7600 bytes 401561 (401.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11163 bytes 28814006 (28.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:4f:1b:74:41 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.112 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::72da:47f4:adff:f338 prefixlen 64 scopeid 0x20<link>
inet6 2601:647:4500:32b3:9705:b02f:2b66:35ab prefixlen 64 scopeid 0x0<global>
inet6 2601:647:4500:32b3:71e6:d21f:f3d:95c0 prefixlen 64 scopeid 0x0<global>
ether e0:d5:5e:ae:36:53 txqueuelen 1000 (Ethernet)
RX packets 38746 bytes 41301178 (41.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 19218 bytes 2729993 (2.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xd8e00000-d8efffff
eno2: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether e0:d5:5e:ae:36:55 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xd8b00000-d8bfffff
enp7s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether e0:d5:5e:ae:36:57 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 39605 bytes 5884040 (5.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 39605 bytes 5884040 (5.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth8f2b71a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::dc3a:2bff:fe1b:ccd0 prefixlen 64 scopeid 0x20<link>
ether de:3a:2b:1b:cc:d0 txqueuelen 0 (Ethernet)
RX packets 7600 bytes 507961 (507.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11129 bytes 28809099 (28.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethc4e5521: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::14da:8bff:fe5b:ff5c prefixlen 64 scopeid 0x20<link>
ether 16:da:8b:5b:ff:5c txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 143 bytes 20703 (20.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.113 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 2601:647:4500:32b3:e136:3d60:54f1:b370 prefixlen 64 scopeid 0x0<global>
inet6 fe80::d8c6:4a:4826:5711 prefixlen 64 scopeid 0x20<link>
inet6 2601:647:4500:32b3:8b6:96b5:ef7b:1ea9 prefixlen 64 scopeid 0x0<global>
ether 94:b8:6d:b2:bb:8c txqueuelen 1000 (Ethernet)
RX packets 6795 bytes 1552450 (1.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 528 bytes 93736 (93.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
答案1
我花了好几天才找到这个,但对我来说答案就在这里:
https://superuser.com/questions/1317623/nslookup-failed-but-systemd-resolved-works
sudo rm /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf