在 Ubuntu 18.04 上反向查找本地 DNS 服务器失败

tag-icon tag-icon dns dhcp nslookup systemd-resolved
在 Ubuntu 18.04 上反向查找本地 DNS 服务器失败

在 Ubuntu 16.04 上,对本地网络上的本地 DNS/DHCP Bind9 服务器的反向查找成功,而另一方面,在 Ubuntu 18.04(及更高版本)上,反向查找失败。所有系统都使用 systemd-resolved,如下所示。

关于如何在 18.04+ 上运行反向查找有什么想法吗?

ubuntu@u1604dv1:~$ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 27 May  3 19:22 /etc/resolv.conf -> /run/resolvconf/resolv.conf

ubuntu@u1604dv1:~$ cat /etc/resolv.conf
nameserver 127.0.1.1
search attlocal.net urdomain1.com urdomain2.com gns1.urdomain1.com

ubuntu@u1604dv1:~$ cat /etc/systemd/resolved.conf
[Resolve]
DNS=10.209.53.2 172.29.108.2
#FallbackDNS=
Domains=urdomain1.com urdomain2.com gns1.urdomain1.com
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=no
#Cache=yes
#DNSStubListener=udp

ubuntu@u1604dv1:~$ 

ubuntu@u1604dv1:~$ nslookup ora73c10
Server:     127.0.1.1
Address:    127.0.1.1#53

Name:   ora73c10.urdomain1.com
Address: 10.209.53.10

ubuntu@u1604dv1:~$ nslookup 10.209.53.10
Server:     127.0.1.1
Address:    127.0.1.1#53

10.53.209.10.in-addr.arpa   name = ora73c10.urdomain1.com.

ubuntu@u1604dv1:~$ sudo service systemd-resolved status
[sudo] password for ubuntu: 
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/systemd-resolved.service.d
           └─resolvconf.conf
   Active: active (running) since Sun 2020-05-03 19:22:39 CDT; 1h 14min ago
     Docs: man:systemd-resolved.service(8)
 Main PID: 1873 (systemd-resolve)
   Status: "Processing requests..."
    Tasks: 1
   Memory: 616.0K
      CPU: 20ms
   CGroup: /system.slice/systemd-resolved.service
           └─1873 /lib/systemd/systemd-resolved

May 03 19:22:39 u1604dv1 systemd[1]: Stopped Network Name Resolution.
May 03 19:22:39 u1604dv1 systemd[1]: Starting Network Name Resolution...
May 03 19:22:39 u1604dv1 systemd-resolved[1873]: Positive Trust Anchors:
May 03 19:22:39 u1604dv1 systemd-resolved[1873]: . IN DS    19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
May 03 19:22:39 u1604dv1 systemd-resolved[1873]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in
May 03 19:22:39 u1604dv1 systemd-resolved[1873]: Using system hostname 'u1604dv1'.
May 03 19:22:39 u1604dv1 systemd[1]: Started Network Name Resolution.
ubuntu@u1604dv1:~$ dig ora73c10.urdomain1.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> ora73c10.urdomain1.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14001
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ora73c10.urdomain1.com.        IN  A

;; ANSWER SECTION:
ora73c10.urdomain1.com. 3600    IN  A   10.209.53.10

;; AUTHORITY SECTION:
urdomain1.com.      86400   IN  NS  afns1.urdomain1.com.

;; ADDITIONAL SECTION:
afns1.urdomain1.com.    86400   IN  A   10.209.53.2

;; Query time: 7 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun May 03 20:37:39 CDT 2020
;; MSG SIZE  rcvd: 103

ubuntu@u1604dv1:~$ 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

On Ubuntu 18.04 using systemd-resolved I get this:

ubuntu@u1804dv1:~$ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 37 May  3 20:28 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf

ubuntu@u1804dv1:~$ cat /etc/resolv.conf
nameserver 127.0.0.53
options edns0
search urdomain1.com urdomain2.com gns1.urdomain1.com attlocal.net

ubuntu@u1804dv1:~$ cat /etc/systemd/resolved.conf
[Resolve]
DNS=10.209.53.2 172.29.108.2
#FallbackDNS=
Domains=urdomain1.com urdomain2.com gns1.urdomain1.com
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=no
#Cache=yes
#DNSStubListener=udp

ubuntu@u1804dv1:~$ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 37 May  3 20:28 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf

ubuntu@u1804dv1:~$ nslookup 10.209.53.10
** server can't find 10.53.209.10.in-addr.arpa: NXDOMAIN

ubuntu@u1804dv1:~$ sudo service systemd-resolved status
[sudo] password for ubuntu: 
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-05-03 20:28:33 CDT; 8min ago
     Docs: man:systemd-resolved.service(8)
           https://www.freedesktop.org/wiki/Software/systemd/resolved
           https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
           https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
 Main PID: 2735 (systemd-resolve)
   Status: "Processing requests..."
    Tasks: 1 (limit: 4664)
   CGroup: /system.slice/systemd-resolved.service
           └─2735 /lib/systemd/systemd-resolved

May 03 20:28:33 u1804dv1 systemd[1]: Stopped Network Name Resolution.
May 03 20:28:33 u1804dv1 systemd[1]: Starting Network Name Resolution...
May 03 20:28:33 u1804dv1 systemd-resolved[2735]: Positive Trust Anchors:
May 03 20:28:33 u1804dv1 systemd-resolved[2735]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
May 03 20:28:33 u1804dv1 systemd-resolved[2735]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
May 03 20:28:33 u1804dv1 systemd-resolved[2735]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in
May 03 20:28:33 u1804dv1 systemd-resolved[2735]: Using system hostname 'u1804dv1'.
May 03 20:28:33 u1804dv1 systemd[1]: Started Network Name Resolution.
May 03 20:28:54 u1804dv1 systemd-resolved[2735]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
May 03 20:36:04 u1804dv1 systemd-resolved[2735]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ubuntu@u1804dv1:~$ dig ora73c10.urdomain1.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> ora73c10.urdomain1.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19276
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ora73c10.urdomain1.com.        IN  A

;; ANSWER SECTION:
ora73c10.urdomain1.com. 3054    IN  A   10.209.53.10

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun May 03 20:37:49 CDT 2020
;; MSG SIZE  rcvd: 67

ubuntu@u1804dv1:~$ 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

答案1

systemd-resolved.service 的手册说:

地址查找(反向查找)的路由方式与多标签名称类似,但链路本地地址范围中的地址永远不会路由到单播 DNS,而仅使用 LLMNR 和多播 DNS(启用时)进行解析。

因此,只有当 LLMNR 和 MulticastDNS 都被禁用时,对本地(单播)DNS 的反向查找才会起作用:

$ cat /etc/systemd/resolved.conf.d/enable-local-reverse-lookup.conf
[Resolve]
MulticastDNS=no
LLMNR=no

相关内容