我有一个 ovpn 文件,用于连接到工作中的 VPN。但是,当我连接时,远程 LAN 上的 DNS 查找有时会失败。有趣的是,当我的互联网链接上有大量流量时,它们似乎更容易失败。
当我运行时,systemd-resolve --status我看到两个 DNS 服务器,一个是远程 LAN 上解析器的 IP 地址,另一个是 8.8.8.8。我怀疑存在某种竞争,它查询两个服务器,当它看到 8.8.8.8 出现故障时,它就放弃了,或者它以某种方式选择了其中一个,当它选择 8.8.8.8 时,远程 LAN 主机查找当然会失败。
如果我运行 nslookup,<remote-lan-host>.<remote-lan-local>.net - <remote-lan-dns-ip>查找总是会成功。但如果不指定服务器,它通常会失败。
我认为我需要从 DNS 服务器列表中删除 8.8.8.8,但我不知道该怎么做。/etc/resolv.conf 中没有任何内容(它显示 127.0.0.53 名称服务器),我的 ovpn 文件中也没有任何内容。我该如何删除 8.8.8.8 或以其他方式解决远程 LAN 主机名查找失败的问题。
根据评论中的请求,输出dpkg -l *dnsmasq* | grep ii:
ii dnsmasq-base 2.79-1 amd64 Small caching DNS proxy and DHCP/TFTP server
并且/etc/systemd/resolved.conf只有一行未注释的内容:
[Resolve]
不使用VPN的输出systemd-resolve --status:
Global
DNSSEC NTA: [several].in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (wlp112s0)
Current Scopes: DNS
LLMNR setting: yes MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: [3 local ISP IPv4 DNS servers and 2 IPv6 listed]
DNS Domain: ~.
systemd-resolve --status使用VPN的输出:
DNSSEC NTA: [several].in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 7 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: [IP address of remote LAN DNS server]
8.8.8.8
DNS Domain: ~.
remote-lan-local.net
Link 3 (wlp112s0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
/etc/network/interfaces:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
/etc/netplan/*.yaml:
# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
$ ls -al /etc/resolv.conf
lrwxrwxrwx 1 root root 39 May 5 17:13 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
$ ls -l /run/systemd/resolve/stub-resolv.conf
-rw-r--r-- 1 systemd-resolve systemd-resolve 735 Sep 15 12:57 /run/systemd/resolve/stub-resolv.conf
cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
search remote-lan-local.net
以下是删除了敏感信息的 OVPN 文件:
client
dev tun
proto tcp
remote vpn.example.com 443
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher AES-128-CBC
auth SHA256
key-direction 1
remote-cert-tls server
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
<redacted>
-----END CERTIFICATE-----
</ca>
<cert>
<redacted>
</cert>
<key>
<redacted>
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
<redacted>
-----END OpenVPN Static key V1-----
</tls-auth>