ubuntu 18.04修改/etc/resolv.conf
后重启网络就会失效,查看文件
root in /etc/netplan λ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
options timeout:2 attempts:3 rotate single-request-reopen
上面文件的意思是,该文件是resolvconf动态生成的,修改该文件会被覆写(链接指向了/run/resolvconf/resolv.conf
。熟悉linux的小伙伴都知道/run
存储的一些运行时动态生成的文件),127.0.0.53
是systemd-resolved的==stub resolver==。使用systemd-resolve --status
来查看真正的dns 服务器。
root in /etc/netplan λ systemd-resolve --status
Global
DNS Servers: 8.8.8.8
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
...
那怎么查看正真的配置文件呢,熟悉systemd的小伙伴都知道,systemd管理deamon后缀以d.service结尾,所以查看man systemd-resolved.service
得到以下信息
systemd-resolved的全局配置文件在/etc/systemd/resolved.conf
,同时为了保证兼容性
如果/etc/resolv.conf
是普通文件会读取配置,如果是链接文件并且指向/run/systemd/resolve/stub-resolv.conf
或/run/systemd/resolve/resolv.conf
就只读systemd-resolved的配置(这两个文件systemd-resolved通过全局配置文件动态生成)。
参考:
https://unix.stackexchange.com/questions/500536/what-are-dns-server-resolver-and-stub-resolver
stub resolver 相当于一个代理,进程通过stub resolver去访问resolver,stub resolver可以缓存信息加快访问。
#DNS服务器,使用空格分隔
DNS=8.8.8.8 8.8.4.4
#备用DNS服务器
FallbackDNS=114.114.114.114
#同resolv.conf中的search选项
Domains=news
#是否将之前查询的记录缓存在stub resolver并做为结果返回(如果结果还有效),布尔值
Cache=false
重启systemd-resolved后生效
root in /etc/systemd λ systemctl restart systemd-resolved.service
也可以将DNS信息配置进netplan
network:
version: 2
ethernets:
eth0:
dhcp4: true
match:
macaddress: 00:16:3e:0a:be:8b
set-name: eth0
nameservers:
addresses:
- 114.114.114.114
使用systemd-resolve --status <iface>
来查看
root in /etc/netplan λ systemd-resolve --status eth0
Link 2 (eth0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 114.114.114.114
8.8.8.8
100.100.2.136
100.100.2.138
使用nslookup和dig只会获取到只是通过stu resolver的解析,无法获取到真正的dns
需要使用tcpdump来校验
root in ~ λ tcpdump -i eth0 -v -n dst host 8.8.8.8
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:41:44.269143 IP (tos 0x0, ttl 64, id 8216, offset 0, flags [DF], proto UDP (17), length 66)
172.19.124.44.44616 > 8.8.8.8.53: 7479+ [1au] A? baidu.com. (38)
13:41:44.269885 IP (tos 0x0, ttl 64, id 8217, offset 0, flags [DF], proto UDP (17), length 66)
172.19.124.44.48688 > 8.8.8.8.53: 34626+ [1au] AAAA? baidu.com. (38)
13:41:44.551251 IP (tos 0xd4, ttl 64, id 34629, offset 0, flags [none], proto ICMP (1), length 126)
172.19.124.44 > 8.8.8.8: ICMP 172.19.124.44 udp port 44616 unreachable, length 106
IP (tos 0x14, ttl 105, id 46127, offset 0, flags [none], proto UDP (17), length 98)
8.8.8.8.53 > 172.19.124.44.44616: 7479 2/0/1 baidu.com. A 220.181.38.148, baidu.com. A 39.156.69.79 (70)
13:41:44.558558 IP (tos 0xd4, ttl 64, id 34631, offset 0, flags [none], proto ICMP (1), length 137)
172.19.124.44 > 8.8.8.8: ICMP 172.19.124.44 udp port 48688 unreachable, length 117
IP (tos 0x14, ttl 105, id 27045, offset 0, flags [none], proto UDP (17), length 109)
8.8.8.8.53 > 172.19.124.44.48688: 34626 0/1/1 (81)
13:41:49.354304 IP (tos 0x0, ttl 64, id 9464, offset 0, flags [DF], proto UDP (17), length 89)
172.19.124.44.37267 > 8.8.8.8.53: 41576+ [1au] A? metrichub-cn-shenzhen.aliyun.com. (61)
13:41:49.354945 IP (tos 0x0, ttl 64, id 9465, offset 0, flags [DF], proto UDP (17), length 89)
172.19.124.44.51317 > 8.8.8.8.53: 882+ [1au] AAAA? metrichub-cn-shenzhen.aliyun.com. (61)
13:41:49.649154 IP (tos 0xd4, ttl 64, id 34675, offset 0, flags [none], proto ICMP (1), length 133)
172.19.124.44 > 8.8.8.8: ICMP 172.19.124.44 udp port 37267 unreachable, length 113
IP (tos 0x14, ttl 105, id 31095, offset 0, flags [none], proto UDP (17), length 105)
8.8.8.8.53 > 172.19.124.44.37267: 41576 1/0/1 metrichub-cn-shenzhen.aliyun.com. A 100.100.21.100 (77)
13:41:49.649815 IP (tos 0xd4, ttl 64, id 34676, offset 0, flags [none], proto ICMP (1), length 190)
172.19.124.44 > 8.8.8.8: ICMP 172.19.124.44 udp port 51317 unreachable, length 170
IP (tos 0x14, ttl 104, id 44135, offset 0, flags [none], proto UDP (17), length 162)
8.8.8.8.53 > 172.19.124.44.51317: 882 0/1/1 (134)