如何正确禁用端口 53 上的 systemd-resolved 以避免与 Ubuntu 20.04 中的 dnsmasq 发生冲突......？

Question

我尝试在 Ubuntu 20.04 上使用 dnsmasq，但在端口 53 上与 systemd-resolved 发生端口冲突。因此，我找到了一些有关解决方案的建议，但它们似乎已过时或不适用于我的情况。

\n

如果我禁用 systemd-resolved，一切都会变得缓慢，因为我似乎在等待超时：

\n

sudo: unable to resolve host ubuntu: Temporary failure in name resolution\n

\n

所以基本上我输入的任何命令都需要 20 秒左右。

\n

我想我需要像https://askubuntu.com/a/907249中的建议一样放入dns=default\n中的建议。但是，该文件不存在，并且不再是包的一部分：/etc/NetworkManager/NetworkManager.conf

\n

$ dpkg -S /etc/NetworkManager/NetworkManager.conf\ndpkg-query: no path found matching pattern /etc/NetworkManager/NetworkManager.conf\n

\n

因此，我将其作为 20.04 标题的问题发布，而不是在那里添加 20 多个评论\xe2\x80\xa6

\n

如果我禁用 systemd-resolve，我可以启动 dnsmasq，但一切仍然会出现“名称解析暂时失败”错误，如果我查看 dnsmasq 状态，它似乎也有问题：

\n

ubuntu@ubuntu:~$ sudo systemctl status dnsmasq.service\nsudo: unable to resolve host ubuntu: Temporary failure in name resolution\n\xe2\x97\x8f dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server\n     Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)\n     Active: active (running) since Thu 2020-10-22 11:20:35 UTC; 1min 8s ago\n    Process: 36231 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)\n    Process: 36232 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)\n    Process: 36241 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/S>\n   Main PID: 36240 (dnsmasq)\n      Tasks: 1 (limit: 9024)\n     CGroup: /system.slice/dnsmasq.service\n             \xe2\x94\x94\xe2\x94\x8036240 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg->\n\nOct 22 11:20:35 ubuntu dnsmasq[36240]: using nameserver 127.0.0.53#53\nOct 22 11:20:35 ubuntu dnsmasq[36240]: read /etc/hosts - 7 addresses\nOct 22 11:20:35 ubuntu systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.\nOct 22 11:20:37 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)\nOct 22 11:20:48 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)\nOct 22 11:20:57 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)\nOct 22 11:21:07 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)\nOct 22 11:21:17 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)\nOct 22 11:21:27 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)\nOct 22 11:21:37 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)\n

\n

根据上面的日志，dnsmasq 现在委托给非运行的 127.0.0.53:53 吗？

\n

通过 systemd-resolved 运行我有：

\n

$ sudo ss -lp "sport = :domain"\nNetid     State      Recv-Q      Send-Q           Local Address:Port             Peer Address:Port     Process\nudp       UNCONN     0           0                127.0.0.53%lo:domain                0.0.0.0:*         users:(("systemd-resolve",pid=36111,fd=12))\ntcp       LISTEN     0           4096             127.0.0.53%lo:domain                0.0.0.0:*         users:(("systemd-resolve",pid=36111,fd=13))\n

\n

禁用 systemd-resolved 但运行 dnsmasq 后，我有：

\n

sudo ss -lp "sport = :domain"\nsudo: unable to resolve host ubuntu: Temporary failure in name resolution\nNetid State  Recv-Q Send-Q Local Address:Port    Peer Address:Port Process\nudp   UNCONN 18432  0            0.0.0.0:domain       0.0.0.0:*     users:(("dnsmasq",pid=36240,fd=4))\nudp   UNCONN 0      0               [::]:domain          [::]:*     users:(("dnsmasq",pid=36240,fd=6))\ntcp   LISTEN 0      32           0.0.0.0:domain       0.0.0.0:*     users:(("dnsmasq",pid=36240,fd=5))\ntcp   LISTEN 0      32              [::]:domain          [::]:*     users:(("dnsmasq",pid=36240,fd=7))\n

\n

我有：

\n

$ cat /etc/resolv.conf | grep nameserver\nnameserver 127.0.0.53\n

\n

Answer 1

默认情况下，systemd-resolved在“IP 地址 127.0.0.53”、端口 53 上提供“验证 DNS/DNSSEC 存根解析器”。您可以验证这一点：

$ sudo netstat -tulpn | grep LISTEN

tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      787/systemd-resolve 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      787/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      923/sshd: /usr/sbin 
tcp6       0      0 :::5355                 :::*                    LISTEN      787/systemd-resolve 
tcp6       0      0 :::22                   :::*                    LISTEN      923/sshd: /usr/sbin 

由于端口 53 是 DNS 流量的默认端口，正如您所指出的，这就是您存在冲突的地方。

systemd-resolved可以配置为以几种不同的方式工作，甚至可以完全禁用存根解析器。

/etc/systemd/resolved.conf.d是那些方便的目录之一，它允许您将配置分解为多个文件。在某些发行版上，此目录可能尚不存在，因此：

[ -d /etc/systemd/resolved.conf.d ] || mkdir -p /etc/systemd/resolved.conf.d

接下来我们创建一个文件/etc/systemd/resolved.conf.d/10-make-dns-work.conf，我们将在其中覆盖默认配置/etc/systemd/resolved.conf：

printf "%s\n%s\n" '[Resolve]' 'DNSStubListener=no' | sudo tee /etc/systemd/resolved.conf.d/10-make-dns-work.conf

现在我们有：

$ cat /etc/systemd/resolved.conf.d/10-make-dns-work.conf

[Resolve]
DNSStubListener=no

更改配置后，我们需要重新启动systemd-resolved：

$ sudo systemctl restart systemd-resolved

现在看看在哪里systemd-resolved听：

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2494/sshd           
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      8033/systemd-resolv 
tcp6       0      0 :::22                   :::*                    LISTEN      2494/sshd           
tcp6       0      0 :::5355                 :::*                    LISTEN      8033/systemd-resolv 

dnsmasq现在应该能够侦听端口 53。

如果您想恢复这些更改，只需删除您添加的配置文件即可：

sudo rm /etc/systemd/resolved.conf.d/10-make-dns-work.conf
sudo systemctl restart systemd-resolved