我有一台运行 Fedora 38 的服务器,我将其用作 Wireguard VPN 服务器。Wireguard VPN 运行良好 - 客户端可以连接并浏览互联网。但是,只要 Wireguard VPN 服务启动,服务器上就没有 DNS。
我的 Wireguard VPN 服务器设置:
[Interface]
PrivateKey = CKLF/SOMEPRIVATEKEY
Address = 10.0.2.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
DNS = 8.8.8.8
SaveConfig = false
# Client1
[Peer]
PublicKey = SOMEPUBLICKEY
PresharedKey = SOMEPRESHAREDKEY
AllowedIPs = 10.0.2.2/32
# Client2
[Peer]
PublicKey = SOMEPUBLICKEY
PresharedKey = SOMEPRESHAREDKEY
AllowedIPs = 10.0.2.3/32
当我打开 Wireguard 界面时:
# systemctl start wg-quick@homeserver
# ping serverfault.com
ping: serverfault.com: Temporary failure in name resolution
# nslookup serverfault.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; no servers could be reached
当我把它取下来时:
# systemctl stop [email protected]
# ping serverfault.com
PING serverfault.com (151.101.1.69) 56(84) bytes of data.
64 bytes from 151.101.1.69 (151.101.1.69): icmp_seq=1 ttl=58 time=2.03 ms
# nslookup serverfault.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: serverfault.com
Address: 151.101.65.69
Name: serverfault.com
Address: 151.101.129.69
Name: serverfault.com
Address: 151.101.1.69
Name: serverfault.com
Address: 151.101.193.69
homeserver当我的Wireguard 服务器启动时,我需要做什么才能使 DNS 在服务器上正常工作?
答案1
从服务器 .conf 文件中彻底删除DNS =条目。这样,您将使用服务器的 DNS 设置。
如果要使用DNS =entry,则应禁用 systemd-resolved 的存根 DNS 解析器。这应该可以解决问题:
mkdir /etc/systemd/resolved.conf.d
cat << EOF > /etc/systemd/resolved.conf.d/SOMECONFFILE.conf
[Resolve]
DNSStubListener=no
EOF
systemctl restart systemd-resolved
并且您正在使用8.8.8.8或在 WG 的 .conf 文件中配置的任何 DNS 服务器。