我刚刚在一台新的物理服务器上从头安装了 ubuntu 22.04。自从 14.04 以来,Ubuntu 一直让我头疼的一件事就是试图理解它给 DNS 配置带来的复杂性。今天也不例外。与此相关的问题和困难不胜枚举(所以这里还有另一个问题 - 我很抱歉!),这应该说明某人这里有一个问题。在 netplan/NetworkManager 和类似工具出现之前,事情要简单得多,也可靠得多。dnsmasq 是我最喜欢的工具;我可以轻松地在一个配置中设置我的整个家庭网络 - 但唉!我无法恢复过去。
无论如何,我所拥有的是
- 我的 ISP 提供的路由器不够灵活,不允许我指定 DNS 设置,也不允许我为连接的设备指定固定地址
- 一个由大约 60 台设备组成的网络,其中大多数设备可以相互通信(因此内部 DNS 在这里至关重要)
- 单个网络 (eth) 接口
/etc/netplan/01_wired.yaml 中的配置文件为:
network:
renderer: networkd
ethernets:
eth_lan0:
dhcp4: no
addresses: [192.168.1.12/24]
gateway4: 192.168.1.254
#routes:
# - to: default
# via: 192.168.1.254
nameservers:
addresses: [192.168.1.2]
search: [domainname.com]
optional: true
match:
macaddress: 90:2b:34:36:ae:bc
set-name: eth0
我实际上有一个在网络上的服务器上运行的 dnsmasq 系统(在 rPi raspbian 上,因为 ubuntu 使这变得非常麻烦),其地址是 192.168.1.2,这是我告诉 netplan 使用的 DNS。并且所有服务器名称都是主机名。domainname.com
(或相同的子域)(domainname.com
代表由我管理的网络名称。)
尽管我未在系统中指明使用 DHCP,但似乎已使用了 DHCP,如 /etc/resolv.conf 中所述:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
search lovelady.com attlocal.net
(注意:那里的‘ attlocal.net
’告诉我它正在引用 DHCP 服务器。)此外,resolvectl status 返回以下内容:
root@r2d2:~# resolvectl status
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
DNS Domain: attlocal.net lovelady.com
Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 2600:1700:5950:3240::1
DNS Servers: 191.168.1.2 2600:1700:5950:3240::1
DNS Domain: attlocal.net lovelady.com
Link 3 (eno1)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
root@r2d2:~# resolvectl status
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
DNS Domain: attlocal.net lovelady.com
Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 2600:1700:5950:3240::1
DNS Servers: 191.168.1.2 2600:1700:5950:3240::1
DNS Domain: attlocal.net lovelady.com
Link 3 (eno1)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
(请注意,resolvectl 将 attlocal.net 放在 lovelady.com 之前(!!!!)而我甚至不想在配置中加入 attlocal.net。一点也不!
无论如何,resolvectl 并没有给出准确的说法,因为它暗示查询将被发送到 192.168.1.2(这确实很好用),但在这个系统上,正确的 IP 地址并没有被返回。这对查询显示了这个问题:
username@r2d2:~# dig velmicro
; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> velmicro
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59512
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;velmicro. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Dec 06 00:45:20 UTC 2023
;; MSG SIZE rcvd: 37
username@r2d2:~# dig @192.168.1.2 velmicro
; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.1.2 velmicro
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53926
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;velmicro. IN A
;; ANSWER SECTION:
velmicro. 0 IN A 192.168.1.6
;; Query time: 3 msec
;; SERVER: 192.168.1.2#53(192.168.1.2) (UDP)
;; WHEN: Wed Dec 06 00:45:46 UTC 2023
;; MSG SIZE rcvd: 53
如果我不告诉 dig 使用哪个服务器,它会使用默认服务器,这不会返回 velmicro 的地址。但如果我告诉 dig 使用 192.168.1.2,它会返回正确的地址。
我花了一整个下午的时间阅读了一篇又一篇关于此问题的解决方案的文章。我发现的绝大多数解决方案都说只需进行我所做的配置,然后就到此为止了。其余大部分都与网络管理器有关,它不参与(或似乎不参与 - 谁知道?)此配置。还有一些人说只需修改 /etc/resolv.conf ... 然后我们进入 resolveconf 和其他配置工具,每个工具都增加了复杂性。我想要的只是让系统使用我手动设置的配置。在我看来这似乎并不不合理。
因此,我在这里再次呼吁大家在黑暗中寻找最新的 UBUNTU 上的 DNS 解决方案。您能帮忙吗?
更新应@upboden 的要求:
root@r2d2:~# ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Dec 5 23:17 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
root@r2d2:~# more /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
search lovelady.com attlocal.net
更新2
我已删除了 resolvconf 软件包(我添加该软件包是为了解决这个问题)。删除该软件包后,链接恢复了,但问题并未得到解决。
root@r2d2:~# sudo apt remove resolveconf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package resolveconf
root@r2d2:~# sudo apt remove resolvconf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
resolvconf
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 203 kB disk space will be freed.
Do you want to continue? [Y/n]
(Reading database ... 87264 files and directories currently installed.)
Removing resolvconf (1.84ubuntu1) ...
resolvconf.postrm: Reboot recommended
Processing triggers for man-db (2.10.2-1) ...
root@r2d2:~# ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Dec 6 01:51 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
root@r2d2:~# cat /etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0 trust-ad
search lovelady.com attlocal.net
编辑3
我在 /etc/netplan/01_wired.yaml 文件中添加了 dhcp6: no 行,问题得到解决。新内容为:
network:
renderer: networkd
ethernets:
eth_lan0:
dhcp4: no
dhcp6: no
addresses: [192.168.1.12/24]
gateway4: 192.168.1.254
#routes:
# - to: default
# via: 192.168.1.254
gateway4: 192.168.1.254
nameservers:
addresses: [192.168.1.2]
search: [lovelady.com]
optional: true
match:
macaddress: 90:2b:34:36:ae:bc
set-name: eth0
resolvectl 状态(请注意输出中没有 IP6 规范):
> resolvectl status
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.2
DNS Servers: 192.168.1.2 2600:1700:5950:3240::1
DNS Domain: attlocal.net lovelady.com
Link 3 (eno1)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
令人恼火的是,挖掘输出仍然看起来是错误的(默认情况下没有显示答案):
> dig velmicro
; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> velmicro
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;velmicro. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Dec 06 14:47:54 UTC 2023
;; MSG SIZE rcvd: 37
dennis@r2d2:/home/dennis 12/06 14:47:54
> dig @192.168.1.2 velmicro
; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.1.2 velmicro
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1145
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;velmicro. IN A
;; ANSWER SECTION:
velmicro. 0 IN A 192.168.1.6
;; Query time: 0 msec
;; SERVER: 192.168.1.2#53(192.168.1.2) (UDP)
;; WHEN: Wed Dec 06 14:48:07 UTC 2023
;; MSG SIZE rcvd: 53
但实际/重要的是,添加 dhcp6:no 似乎有效。
为了完整性,对 slangasek 关于其他 netplan 文件的问题的回答是:仅00-installer-config.yaml
存在,其内容为:
# This is the network config written by 'subiquity'
network:
ethernets:
eno1:
optional: true
dhcp4: true
enp6s0:
optional: true
dhcp4: true
version: 2
请注意,搜索 attlocal.net 仍保留在配置中(我不知道从哪里来的)。它位于 /etc/resolv.conf 文件中:
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0 trust-ad
search lovelady.com attlocal.net
但当然,我没有把它放在那里。
因此目前的状态是 DNS 似乎正在运行(目前),但仍然存在一些谜团,而 IT 领域的谜团很少是好事。
我在原始消息中表达了我的沮丧。我仍然强烈地感觉到 UBUNTU 在本该简单的事情上走错了方向,并希望有一天那些参与其中的人会意识到简单的价值。但我不应该让这种感觉困扰我;总的来说,UBUNTU 是最适合我需求的。
答案1
我和 Dennis 一样感到沮丧,我同意你的看法。下面是针对您的问题的简单解决方案。注意:这个答案是基于 Dennis 对“过去”时代的理解。这不是当前推荐的解决方案。
尽管 systemd、NetworkManager 等对 DNS 所做的一切都令人沮丧,但它们都遵循设计规则,或者不直接修改 resolv.conf,而是在安装时将 /etc/resolv.conf 链接到其服务独有的位置,然后修改该文件。
因此,要解决您的问题,请删除 /etc/resolv.conf 中的符号链接。按您想要的方式创建文件。例如:
nameserver 192.168.1.2
search local.domain
<any other options>
现在你应该可以开始了,文件 /etc/resolv.conf 是唯一对 dns 重要的文件,现在你可以控制它了。根据我的经验,systemd 和网络管理器不会更改该文件,现在符号链接已被删除。但是,如果你想确保情况确实如此,请将所有权更改为你的用户,并只向其他所有人授予读取权限。这样就安全了。如果你对设置进行了更改,只需编辑 /etc/resolv.conf 即可。
根据 Dennis 的反馈和进一步的研究:
要禁止网络管理器修改 resolv.conf,请编辑 /etc/NetworkManager/NetworkManager.conf,添加以下内容[main]
:
dns=none
rc-manager=unmanaged
或者,如果你想完全禁用 NetworkManager,请参阅Ubuntu 网站他们将其引用到如何永久禁用网络管理器?
Stop network manager
sudo systemctl stop NetworkManager.service
sudo systemctl stop NetworkManager-wait-online.service
sudo systemctl stop NetworkManager-dispatcher.service
sudo systemctl stop network-manager.service
Disable network manager (permanently) to avoid it restarting after a reboot
sudo systemctl disable NetworkManager.service
sudo systemctl disable NetworkManager-wait-online.service
sudo systemctl disable NetworkManager-dispatcher.service
sudo systemctl disable network-manager.service