Ale*_*ley 8 dns vpn openvpn amazon-web-services aws-vpn
我已设置客户端 VPN,但似乎无法访问私有子网中的 RDS 实例。我可以使用 IP 访问 EC2 实例,但不能通过 DNS 访问。我的设置看起来有点像这样:
专有网络:
客户端 VPN:
RDS实例:
我认为 DNS 解析存在问题,并且由于某种原因,RDS 实例的 DNS 未得到解析。我可以从我的 EC2 实例连接到 RDS,这表明 DNS 解析正在 VPC 内运行。
我正在运行 Ubunutu 20.04,并且正在使用 AWS VPN 客户端(我相信它在下面使用了 openvpn)。我正在使用从 AWS 控制面板中的 VPN 设置下载的 openvpn 配置。
有人可以帮忙解释一下为什么 DNS 没有被解析吗?调试信息如下。
连接VPN时调试
$ ping ip-10-0-0-177.eu-west-1.compute.internal
ping: ip-10-0-0-177.eu-west-1.compute.internal: Name or service not known
$ ping 10.0.0.177
PING 10.0.0.177 (10.0.0.177) 56(84) bytes of data.
64 bytes from 10.0.0.177: icmp_seq=1 ttl=254 time=22.8 ms
64 bytes from 10.0.0.177: icmp_seq=2 ttl=254 time=22.5 ms
64 bytes from 10.0.0.177: icmp_seq=3 ttl=254 time=24.1 ms
--- 10.0.0.177 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 22.472/23.841/25.161/1.046 ms
$ systemd-resolve --status
Global
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 22 (tun0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 10.0.0.2
DNS Servers: 10.0.0.2
Link 3 (wlp0s20f3)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.1.254
DNS Servers: 192.168.1.254
DNS Domain: ~.
home
$ traceroute google.com
traceroute to google.com (216.58.212.238), 30 hops max, 60 byte packets
1 eehub.home (192.168.1.254) 2.327 ms 2.225 ms 3.201 ms
2 * * *
3 * * *
4 213.121.98.128 (213.121.98.128) 14.432 ms 14.407 ms 14.380 ms
5 87.237.20.130 (87.237.20.130) 20.563 ms 20.538 ms 20.992 ms
6 74.125.52.216 (74.125.52.216) 16.718 ms 12.813 ms 12.728 ms
7 * * *
8 142.251.52.148 (142.251.52.148) 13.044 ms 209.85.248.240 (209.85.248.240) 11.870 ms 142.251.54.26 (142.251.54.26) 13.344 ms
9 ams16s22-in-f14.1e100.net (216.58.212.238) 13.257 ms 216.239.63.219 (216.239.63.219) 14.388 ms 14.360 ms
$ traceroute ip-10-0-0-177.eu-west-1.compute.internal
ip-10-0-0-177.eu-west-1.compute.internal: Name or service not known
Cannot handle "host" cmdline arg `ip-10-0-0-177.eu-west-1.compute.internal' on position 1 (argc 1)
编辑 1:我刚刚学习了如何dig使用特定名称服务器运行命令,并确认当系统使用正确的服务器时 DNS 解析确实有效:
$ dig @10.0.0.2 ip-10-0-0-177.eu-west-1.compute.internal
; <<>> DiG 9.16.1-Ubuntu <<>> @10.0.0.2 ip-10-0-0-177.eu-west-1.compute.internal
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2950
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ip-10-0-0-177.eu-west-1.compute.internal. IN A
;; ANSWER SECTION:
ip-10-0-0-177.eu-west-1.compute.internal. 60 IN A 10.0.0.177
;; Query time: 24 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Sat Mar 05 22:38:15 GMT 2022
;; MSG SIZE rcvd: 85
编辑 2:阅读了一些故障排除提示后,我成功获得了 EC2 DNS 解析,但没有获得 RDS。仍然希望有人可以帮助破译这个:)
$ dig ip-10-0-0-177.eu-west-1.compute.internal
; <<>> DiG 9.16.1-Ubuntu <<>> ip-10-0-0-177.eu-west-1.compute.internal
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3681
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ip-10-0-0-177.eu-west-1.compute.internal. IN A
;; ANSWER SECTION:
ip-10-0-0-177.eu-west-1.compute.internal. 54 IN A 10.0.0.177
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Mar 05 22:46:10 GMT 2022
;; MSG SIZE rcvd: 85
dig ***.***.eu-west-1.rds.amazonaws.com
; <<>> DiG 9.16.1-Ubuntu <<>> ***.***.eu-west-1.rds.amazonaws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44468
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;***.***.eu-west-1.rds.amazonaws.com. IN A
;; Query time: 20 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Mar 05 22:48:26 GMT 2022
;; MSG SIZE rcvd: 82
当我直接对正确的名称服务器执行此操作时,它再次解析。
dig @10.0.0.2 ***.***.eu-west-1.rds.amazonaws.com
; <<>> DiG 9.16.1-Ubuntu <<>> @10.0.0.2 ***.***.eu-west-1.rds.amazonaws.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5532
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;***.***.eu-west-1.rds.amazonaws.com. IN A
;; ANSWER SECTION:
***.***.eu-west-1.rds.amazonaws.com. 5 IN A 10.0.1.233
;; Query time: 24 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Sat Mar 05 22:49:23 GMT 2022
;; MSG SIZE rcvd: 98
发帖人在他的 reddit 帖子中给出了答案,这对我也有用,所以我将其留在这里,以防其他人偶然发现这个问题
我必须在工作室卡上将 DNS 设置为有用的 DNS(8.8.8.8、4.4.4.4),然后重新启动。就是这样。我不知道为什么,但我的其他 DNS 无法解析。
我在康卡斯特互联网上,我遇到了与OP完全相同的问题。当我按照他的建议切换到 Google DNS 后,一切都正常了!
谢谢奥普。