当我没有配置它时，为什么 systemd-resolved 回退到在 IPv6 上使用 Google Public DNS？

Question

我在 Ubuntu 18.10 上遇到 SystemD 解析服务的问题 - 在我的无线网络上，我们有一个 IPv6 子网，它通过一些奇怪的网络设置（工作内容）隧道传输，不能用于 DNS 解析。

出于某种原因，即使我已将静态 DNS 配置设置/etc/systemd/resolved.conf.d/dns.conf为仅包含 IPv4 DNS 记录，并且 DHCP 从不通告 IPv6 DNS 服务器，但已解析总是在我的无线连接上向特定于连接的 DNS 配置添加一些时髦的 IPv6 地址，并且然后“回退”到它们并停止解析地址。

这是我的dns.conf（主要resolved.conf是默认的 - 那里什么都没有）：

[Resolve]
DNS=172.18.1.254 8.8.8.8 8.8.4.4 1.1.1.1
DNSSEC=no

（第一个DNS地址是本地路由器）

解析的全局配置（可以从 获得resolvectl status）：

Global
       LLMNR setting: no
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 172.18.1.254
         DNS Servers: 172.18.1.254
                      8.8.8.8
                      8.8.4.4
                      1.1.1.1
...

Link 2 (wlp2s0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 2001:4860:4860::4444
         DNS Servers: 172.18.1.254
                      8.8.8.8
                      8.8.4.4
                      2001:470:1f09:114c::1
                      2001:4860:4860::4444
                      2001:4860:4860::8888
          DNS Domain: ~.

该wlp2s0状态开始与当前的DNS服务器设置为172.18.1.254，然后在很短的时间（我们在这里谈论分钟）后，就后退通过所有的IPv4服务器和土地上的IPv6服务器之一-之后所有的DNS查询失败，我基本上与任何有意义的网络操作断开连接。Asystemctl restart systemd-resolved解决了几分钟的问题，之后又回到“没有 DNS，当你有非 IPv6 网络时回来”。

我不知道这些 IPv6 地址来自哪里。我已启用调试日志记录，并查看调试日志，第一次提到 IPv6 地址是这样的：

Feb 12 10:36:04 vesho systemd-resolved[22371]: Processing incoming packet on transaction 51369 (rcode=SERVFAIL).
Feb 12 10:36:04 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Switching to DNS server 2001:470:1f09:114c::1 for interface wlp2s0.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:04 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Using feature level UDP+EDNS0 for transaction 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Using DNS server 2001:470:1f09:114c::1 for transaction 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Sending query packet with id 51369.

看起来如果我的系统上的某些内容查询了无法解析的地址，并且上游 DNS 服务器返回SERVFAIL（这不仅仅是我本地路由器的 DNS 解析器损坏 - 8.8.8.8 返回相同的响应），然后已解析回退所有服务器，直到它找到一个根本不响应的服务器- 在途中导致任何查询，而不仅仅是损坏的查询，使用损坏的服务器。

我可以在调试日志中跟踪这种升级的路径（some.domain是另一个无法解析的地址的占位符）：

Feb 12 10:36:01 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:01 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:01 vesho systemd-resolved[22371]: Using feature level UDP for transaction 51369.
Feb 12 10:36:01 vesho systemd-resolved[22371]: Using DNS server 172.18.1.254 for transaction 51369.
Feb 12 10:36:01 vesho systemd-resolved[22371]: Sending query packet with id 51369.
Feb 12 10:36:01 vesho systemd-resolved[22371]: Cache miss for some.domain IN AAAA
Feb 12 10:36:01 vesho systemd-resolved[22371]: Transaction 44627 for <some.domain IN AAAA> scope dns on wlp2s0/*.
...
Feb 12 10:36:03 vesho systemd-resolved[22371]: Processing incoming packet on transaction 51369 (rcode=SERVFAIL).
Feb 12 10:36:03 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Switching to DNS server 8.8.8.8 for interface wlp2s0.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:03 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Using feature level UDP+EDNS0 for transaction 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Using DNS server 8.8.8.8 for transaction 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Sending query packet with id 51369.
...
Feb 12 10:36:03 vesho systemd-resolved[22371]: Processing incoming packet on transaction 51369 (rcode=SERVFAIL).
Feb 12 10:36:03 vesho systemd-resolved[22371]: Server returned error SERVFAIL, retrying transaction with reduced feature level UDP.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:03 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Using feature level UDP for transaction 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Sending query packet with id 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Processing incoming packet on transaction 51369 (rcode=SERVFAIL).
Feb 12 10:36:03 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Switching to DNS server 8.8.4.4 for interface wlp2s0.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:03 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Using feature level UDP+EDNS0 for transaction 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Using DNS server 8.8.4.4 for transaction 51369.
Feb 12 10:36:03 vesho systemd-resolved[22371]: Sending query packet with id 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Processing incoming packet on transaction 51369 (rcode=SERVFAIL).
Feb 12 10:36:04 vesho systemd-resolved[22371]: Server returned error SERVFAIL, retrying transaction with reduced feature level UDP.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:04 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Using feature level UDP for transaction 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Sending query packet with id 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Processing incoming packet on transaction 51369 (rcode=SERVFAIL).
Feb 12 10:36:04 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Switching to DNS server 2001:470:1f09:114c::1 for interface wlp2s0.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:04 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Using feature level UDP+EDNS0 for transaction 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Using DNS server 2001:470:1f09:114c::1 for transaction 51369.
Feb 12 10:36:04 vesho systemd-resolved[22371]: Sending query packet with id 51369.
...
Feb 12 10:36:08 vesho systemd-resolved[22371]: Processing incoming packet on transaction 51369 (rcode=SERVFAIL).
Feb 12 10:36:08 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:08 vesho systemd-resolved[22371]: Switching to DNS server 2001:4860:4860::8888 for interface wlp2s0.
Feb 12 10:36:08 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:08 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:08 vesho systemd-resolved[22371]: Using feature level UDP+EDNS0 for transaction 51369.
Feb 12 10:36:08 vesho systemd-resolved[22371]: Using DNS server 2001:4860:4860::8888 for transaction 51369.
Feb 12 10:36:08 vesho systemd-resolved[22371]: Sending query packet with id 51369.
...
Feb 12 10:36:13 vesho systemd-resolved[22371]: Timeout reached on transaction 51369.
Feb 12 10:36:13 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:13 vesho systemd-resolved[22371]: Switching to DNS server 2001:4860:4860::8888 for interface wlp2s0.
Feb 12 10:36:13 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:13 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:13 vesho systemd-resolved[22371]: Using feature level UDP+EDNS0 for transaction 51369.
Feb 12 10:36:13 vesho systemd-resolved[22371]: Sending query packet with id 51369.
...
Feb 12 10:36:18 vesho systemd-resolved[22371]: Timeout reached on transaction 51369.
Feb 12 10:36:18 vesho systemd-resolved[22371]: Retrying transaction 51369.
Feb 12 10:36:18 vesho systemd-resolved[22371]: Switching to DNS server 2001:4860:4860::8888 for interface wlp2s0.
Feb 12 10:36:18 vesho systemd-resolved[22371]: Cache miss for some.domain IN A
Feb 12 10:36:18 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> scope dns on wlp2s0/*.
Feb 12 10:36:18 vesho systemd-resolved[22371]: Using feature level UDP+EDNS0 for transaction 51369.
Feb 12 10:36:18 vesho systemd-resolved[22371]: Sending query packet with id 51369.
... 
goes like that for a while
...
Feb 12 10:36:28 vesho systemd-resolved[22371]: Processing incoming packet on transaction 51369 (rcode=SERVFAIL).
Feb 12 10:36:28 vesho systemd-resolved[22371]: Server returned error: SERVFAIL
Feb 12 10:36:28 vesho systemd-resolved[22371]: Added SERVFAIL cache entry for some.domain IN A 30s
Feb 12 10:36:28 vesho systemd-resolved[22371]: Transaction 51369 for <some.domain IN A> on scope dns on wlp2s0/* now complete with <rcode-failure> from network (unsigned)
Feb 12 10:36:28 vesho systemd-resolved[22371]: Freeing transaction 51369.

总而言之，我的问题是： resovled 在哪里可以找到这些 IPv6 服务器地址，我该如何阻止它使用它们（设置硬编码DNS或FallbackDNS在配置文件中似乎并没有阻止它）？

如果有人对此问题的其他解决方案有任何建议，我很乐意听到。除非它的“禁用已解决” - 我现在实际上正在这样做，所以我可以完成一些工作，但我想深入了解这个已解决的问题并修复它。