Mic*_*alD 9 vpn networking dns openvpn
我的 Ubuntu 18.04 遇到了一个奇怪的问题。我使用 openfortivpn 连接到我的公司资源,并且运行正常。我还使用 openvpn 连接到一些不同的资源,有时甚至同时连接。今天,VPN 背后的所有资源都无法访问,我发现这与我 PC 上的某些 DNS 设置有关。
没有活动的 openfortivpn 连接:
ll /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Jan 9 10:52 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
grep name /run/systemd/resolve/*.conf
/run/systemd/resolve/resolv.conf:nameserver 192.168.139.2
/run/systemd/resolve/stub-resolv.conf:nameserver 127.0.0.53
使用主动式 openfortivpn:
ll /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Jan 9 10:52 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
grep name /run/systemd/resolve/*.conf
resolv.conf:nameserver 192.168.139.2
stub-resolv.conf:nameserver 10.220.64.161
stub-resolv.conf:nameserver 10.220.64.162
sudo systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 6 (ppp0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 2 (ens33)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.139.2
DNS Domain: localdomain
所以我尝试将 DNS 手动添加到 systemd-resolve 中:
sudo systemd-resolve --set-dns=10.220.64.161 --set-domain=localdomain --set-llmnr=yes --set-mdns=no --set-dnssec=no --interface=ppp0
systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 6 (ppp0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.220.64.161
DNS Domain: localdomain
Link 2 (ens33)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.139.2
DNS Domain: localdomain
非常感谢您的任何建议。迈克尔。
using 18.10 I had a similar problem. I resolved my problem by modifying /etc/systemd/resolved.conf with the dns server and search domain information. this looks to be correct behavior, according to the man page,
The DNS servers contacted are determined from the global settings in /etc/systemd/resolved.conf, the per-link static settings in /etc/systemd/network/*.network files (in case systemd- networkd.service(8) is used), the per-link dynamic settings received over DHCP, and any DNS server information made available by other system services. See resolved.conf(5) and systemd.network(5) for details about systemd's own configuration files for DNS servers. To improve compatibility, /etc/resolv.conf is read in order to discover configured system DNS servers, but only if it is not a symlink to /run/systemd/resolve/stub-resolv.conf or /run/systemd/resolve/resolv.conf (see below).
my config looks like this, adjust to fit your environment,
192.168.1.1 is your private dns
domain syntax is important, don't forget the trailing dot "."
/etc/systemd/resolved.conf [解析] DNS=192.168.1.1 #FallbackDNS= Domains=blah.mydomain.com。blahblah.mydomain.com。#LLMNR=no #MulticastDNS=no #DNSSEC=no #DNSOverTLS=no #Cache=yes #DNSStubListener=yes
然后重启服务
sudo systemctl restart systemd-resolved.service
验证服务正在运行。语法错误可能会导致您可以在此处看到的问题。
sudo systemctl status systemd-resolved.service
尝试查找本地域
nslookup blah.mydomain.com
如果这不起作用,则验证查询没有超时。手动指定dns服务器
nslookup blah.mydomain.com 192.168.1.1
解决了一个内置的查询功能,很有帮助
% resolvectl query fedoraproject.org
fedoraproject.org: 2605:bc80:3010:600:dead:beef:cafe:fed9 -- link: enp5s0
2620:52:3:1:dead:beef:cafe:fed7 -- link: enp5s0
2610:28:3090:3001:dead:beef:cafe:fed3 -- link: enp5s0
2604:1580:fe00:0:dead:beef:cafe:fed1 -- link: enp5s0
2605:bc80:3010:600:dead:beef:cafe:feda -- link: enp5s0
2620:52:3:1:dead:beef:cafe:fed6 -- link: enp5s0
209.132.190.2 -- link: enp5s0
8.43.85.67 -- link: enp5s0
38.145.60.21 -- link: enp5s0
67.219.144.68 -- link: enp5s0
140.211.169.196 -- link: enp5s0
140.211.169.206 -- link: enp5s0
152.19.134.142 -- link: enp5s0
38.145.60.20 -- link: enp5s0
152.19.134.198 -- link: enp5s0
8.43.85.73 -- link: enp5s0
-- Information acquired via protocol DNS in 99.8ms.
-- Data is authenticated: no
| 归档时间: |
|
| 查看次数: |
24781 次 |
| 最近记录: |