Skip to content

Latest commit

 

History

History
139 lines (112 loc) · 5.72 KB

Ubuntu 18.04修改dns.md

File metadata and controls

139 lines (112 loc) · 5.72 KB
Raw

Ubuntu 18.04修改dns

ubuntu 18.04修改/etc/resolv.conf后重启网络就会失效,查看文件

root in /etc/netplan λ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.53
options timeout:2 attempts:3 rotate single-request-reopen

上面文件的意思是,该文件是resolvconf动态生成的,修改该文件会被覆写(链接指向了/run/resolvconf/resolv.conf。熟悉linux的小伙伴都知道/run存储的一些运行时动态生成的文件),127.0.0.53是systemd-resolved的==stub resolver==。使用systemd-resolve --status来查看真正的dns 服务器。

root in /etc/netplan λ systemd-resolve --status
Global
         DNS Servers: 8.8.8.8
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
...

那怎么查看正真的配置文件呢,熟悉systemd的小伙伴都知道,systemd管理deamon后缀以d.service结尾,所以查看man systemd-resolved.service得到以下信息

systemd-resolved的全局配置文件在/etc/systemd/resolved.conf,同时为了保证兼容性

如果/etc/resolv.conf是普通文件会读取配置,如果是链接文件并且指向/run/systemd/resolve/stub-resolv.conf/run/systemd/resolve/resolv.conf就只读systemd-resolved的配置(这两个文件systemd-resolved通过全局配置文件动态生成)。

stub resolver

参考:

https://unix.stackexchange.com/questions/500536/what-are-dns-server-resolver-and-stub-resolver

stub resolver 相当于一个代理,进程通过stub resolver去访问resolver,stub resolver可以缓存信息加快访问。

resolved.conf

#DNS服务器,使用空格分隔
DNS=8.8.8.8 8.8.4.4 
#备用DNS服务器
FallbackDNS=114.114.114.114
#同resolv.conf中的search选项
Domains=news
#是否将之前查询的记录缓存在stub resolver并做为结果返回(如果结果还有效),布尔值
Cache=false

重启systemd-resolved后生效

root in /etc/systemd λ systemctl restart systemd-resolved.service

netplan

也可以将DNS信息配置进netplan

network:
    version: 2
    ethernets:
        eth0:
            dhcp4: true
            match:
                macaddress: 00:16:3e:0a:be:8b
            set-name: eth0
            nameservers:
                addresses:
                        - 114.114.114.114

使用systemd-resolve --status <iface>来查看

root in /etc/netplan λ systemd-resolve --status eth0
Link 2 (eth0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 114.114.114.114
                      8.8.8.8
                      100.100.2.136
                      100.100.2.138

校验

使用nslookup和dig只会获取到只是通过stu resolver的解析,无法获取到真正的dns

需要使用tcpdump来校验

root in ~ λ tcpdump -i eth0 -v -n dst host 8.8.8.8
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:41:44.269143 IP (tos 0x0, ttl 64, id 8216, offset 0, flags [DF], proto UDP (17), length 66)
    172.19.124.44.44616 > 8.8.8.8.53: 7479+ [1au] A? baidu.com. (38)
13:41:44.269885 IP (tos 0x0, ttl 64, id 8217, offset 0, flags [DF], proto UDP (17), length 66)
    172.19.124.44.48688 > 8.8.8.8.53: 34626+ [1au] AAAA? baidu.com. (38)
13:41:44.551251 IP (tos 0xd4, ttl 64, id 34629, offset 0, flags [none], proto ICMP (1), length 126)
    172.19.124.44 > 8.8.8.8: ICMP 172.19.124.44 udp port 44616 unreachable, length 106
        IP (tos 0x14, ttl 105, id 46127, offset 0, flags [none], proto UDP (17), length 98)
    8.8.8.8.53 > 172.19.124.44.44616: 7479 2/0/1 baidu.com. A 220.181.38.148, baidu.com. A 39.156.69.79 (70)
13:41:44.558558 IP (tos 0xd4, ttl 64, id 34631, offset 0, flags [none], proto ICMP (1), length 137)
    172.19.124.44 > 8.8.8.8: ICMP 172.19.124.44 udp port 48688 unreachable, length 117
        IP (tos 0x14, ttl 105, id 27045, offset 0, flags [none], proto UDP (17), length 109)
    8.8.8.8.53 > 172.19.124.44.48688: 34626 0/1/1 (81)
13:41:49.354304 IP (tos 0x0, ttl 64, id 9464, offset 0, flags [DF], proto UDP (17), length 89)
    172.19.124.44.37267 > 8.8.8.8.53: 41576+ [1au] A? metrichub-cn-shenzhen.aliyun.com. (61)
13:41:49.354945 IP (tos 0x0, ttl 64, id 9465, offset 0, flags [DF], proto UDP (17), length 89)
    172.19.124.44.51317 > 8.8.8.8.53: 882+ [1au] AAAA? metrichub-cn-shenzhen.aliyun.com. (61)
13:41:49.649154 IP (tos 0xd4, ttl 64, id 34675, offset 0, flags [none], proto ICMP (1), length 133)
    172.19.124.44 > 8.8.8.8: ICMP 172.19.124.44 udp port 37267 unreachable, length 113
        IP (tos 0x14, ttl 105, id 31095, offset 0, flags [none], proto UDP (17), length 105)
    8.8.8.8.53 > 172.19.124.44.37267: 41576 1/0/1 metrichub-cn-shenzhen.aliyun.com. A 100.100.21.100 (77)
13:41:49.649815 IP (tos 0xd4, ttl 64, id 34676, offset 0, flags [none], proto ICMP (1), length 190)
    172.19.124.44 > 8.8.8.8: ICMP 172.19.124.44 udp port 51317 unreachable, length 170
        IP (tos 0x14, ttl 104, id 44135, offset 0, flags [none], proto UDP (17), length 162)
    8.8.8.8.53 > 172.19.124.44.51317: 882 0/1/1 (134)