启动 Wireguard 服务器后服务器上没有 DNS

启动 Wireguard 服务器后服务器上没有 DNS

我有一台运行 Fedora 38 的服务器,我将其用作 Wireguard VPN 服务器。Wireguard VPN 运行良好 - 客户端可以连接并浏览互联网。但是,只要 Wireguard VPN 服务启动,服务器上就没有 DNS。

我的 Wireguard VPN 服务器设置:

[Interface]
PrivateKey = CKLF/SOMEPRIVATEKEY
Address = 10.0.2.1/24
ListenPort = 51820

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE

DNS = 8.8.8.8
SaveConfig = false

# Client1
[Peer]
PublicKey = SOMEPUBLICKEY
PresharedKey = SOMEPRESHAREDKEY
AllowedIPs = 10.0.2.2/32

# Client2
[Peer]
PublicKey = SOMEPUBLICKEY
PresharedKey = SOMEPRESHAREDKEY
AllowedIPs = 10.0.2.3/32

当我打开 Wireguard 界面时:

# systemctl start wg-quick@homeserver
# ping serverfault.com
ping: serverfault.com: Temporary failure in name resolution

# nslookup serverfault.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; no servers could be reached

当我把它取下来时:

# systemctl stop [email protected] 
# ping serverfault.com
PING serverfault.com (151.101.1.69) 56(84) bytes of data.
64 bytes from 151.101.1.69 (151.101.1.69): icmp_seq=1 ttl=58 time=2.03 ms

# nslookup serverfault.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   serverfault.com
Address: 151.101.65.69
Name:   serverfault.com
Address: 151.101.129.69
Name:   serverfault.com
Address: 151.101.1.69
Name:   serverfault.com
Address: 151.101.193.69

homeserver当我的Wireguard 服务器启动时,我需要做什么才能使 DNS 在服务器上正常工作?

答案1

从服务器 .conf 文件中彻底删除DNS =条目。这样,您将使用服务器的 DNS 设置。

如果要使用DNS =entry,则应禁用 systemd-resolved 的存根 DNS 解析器。这应该可以解决问题:

mkdir /etc/systemd/resolved.conf.d

cat << EOF > /etc/systemd/resolved.conf.d/SOMECONFFILE.conf
[Resolve]
DNSStubListener=no
EOF

systemctl restart systemd-resolved

并且您正在使用8.8.8.8或在 WG 的 .conf 文件中配置的任何 DNS 服务器。

相关内容