如何在端口53上正确禁用系统以避免在Ubuntu20.04…中与dnsmasq发生冲突?
我试图在Ubuntu20.04上使用dnsmasq,并在端口53上得到与systemd解决的端口冲突。因此,我找到了一些解决方案的建议,但它们似乎是过时的,或不适用于我的情况。
如果我禁用了系统解析,那么所有东西都会爬行,因为我似乎在等待超时:
sudo: unable to resolve host ubuntu: Temporary failure in name resolution基本上,我输入的任何命令都需要20秒左右。
我想我需要类似于将dns=default放在/etc/NetworkManager/NetworkManager.conf中的建议,就像https://askubuntu.com/a/907249中的建议一样。但是,这个文件不存在,不再是包的一部分:
$ dpkg -S /etc/NetworkManager/NetworkManager.conf
dpkg-query: no path found matching pattern /etc/NetworkManager/NetworkManager.conf因此,我将其作为一个20.04标题的问题发布,而不是添加到20+注释中,…
如果我禁用了系统解决方案,我可以启动dnsmasq,但是所有事情都会出现“名称解析的临时失败”错误,如果我查看dnsmasq状态,它似乎也有问题:
ubuntu@ubuntu:~$ sudo systemctl status dnsmasq.service
sudo: unable to resolve host ubuntu: Temporary failure in name resolution
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-10-22 11:20:35 UTC; 1min 8s ago
Process: 36231 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Process: 36232 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 36241 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/S>
Main PID: 36240 (dnsmasq)
Tasks: 1 (limit: 9024)
CGroup: /system.slice/dnsmasq.service
└─36240 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg->
Oct 22 11:20:35 ubuntu dnsmasq[36240]: using nameserver 127.0.0.53#53
Oct 22 11:20:35 ubuntu dnsmasq[36240]: read /etc/hosts - 7 addresses
Oct 22 11:20:35 ubuntu systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Oct 22 11:20:37 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)
Oct 22 11:20:48 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)
Oct 22 11:20:57 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)
Oct 22 11:21:07 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)
Oct 22 11:21:17 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)
Oct 22 11:21:27 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)
Oct 22 11:21:37 ubuntu dnsmasq[36240]: Maximum number of concurrent DNS queries reached (max: 150)是不是按照上面的日志,dnsmasq现在委托给不运行的127.0.0.53:53?
在系统解析运行的情况下,我有:
$ sudo ss -lp "sport = :domain"
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:* users:(("systemd-resolve",pid=36111,fd=12))
tcp LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:* users:(("systemd-resolve",pid=36111,fd=13))在系统解决的禁用但dnsmasq运行的情况下,我有:
sudo ss -lp "sport = :domain"
sudo: unable to resolve host ubuntu: Temporary failure in name resolution
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 18432 0 0.0.0.0:domain 0.0.0.0:* users:(("dnsmasq",pid=36240,fd=4))
udp UNCONN 0 0 [::]:domain [::]:* users:(("dnsmasq",pid=36240,fd=6))
tcp LISTEN 0 32 0.0.0.0:domain 0.0.0.0:* users:(("dnsmasq",pid=36240,fd=5))
tcp LISTEN 0 32 [::]:domain [::]:* users:(("dnsmasq",pid=36240,fd=7))我有:
$ cat /etc/resolv.conf | grep nameserver
nameserver 127.0.0.53回答 2
Unix & Linux用户
发布于 2021-03-04 08:46:27
默认情况下,systemd-resolved在端口53的"IP地址127.0.0.53“上提供了一个”验证DNS/DNSSEC存根解析器“。您可以验证这一点:
$ sudo netstat -tulpn | grep LISTEN
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 787/systemd-resolve
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 787/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 923/sshd: /usr/sbin
tcp6 0 0 :::5355 :::* LISTEN 787/systemd-resolve
tcp6 0 0 :::22 :::* LISTEN 923/sshd: /usr/sbin 因为端口53是DNS流量的缺省值,正如您已经指出的那样,这就是存在冲突的地方。
可以将systemd-resolved配置为以几种不同的方式工作,存根解析器甚至可以完全禁用。
/etc/systemd/resolved.conf.d是一种方便的目录,允许您将配置分解为多个文件。在某些发行版上,这个目录可能还不存在,因此:
[ -d /etc/systemd/resolved.conf.d ] || mkdir -p /etc/systemd/resolved.conf.d接下来,我们创建文件/etc/systemd/resolved.conf.d/10-make-dns-work.conf,在该文件中我们将覆盖/etc/systemd/resolved.conf中的默认配置:
printf "%s\n%s\n" '[Resolve]' 'DNSStubListener=no' | sudo tee /etc/systemd/resolved.conf.d/10-make-dns-work.conf现在我们有:
$ cat /etc/systemd/resolved.conf.d/10-make-dns-work.conf
[Resolve]
DNSStubListener=no更改配置后,我们需要重新启动systemd-resolved:
$ sudo systemctl restart systemd-resolved现在看一看systemd-resolved在听什么:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2494/sshd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 8033/systemd-resolv
tcp6 0 0 :::22 :::* LISTEN 2494/sshd
tcp6 0 0 :::5355 :::* LISTEN 8033/systemd-resolv dnsmasq现在应该能够监听端口53了。
如果要还原这些更改,只需删除添加的配置文件:
sudo rm /etc/systemd/resolved.conf.d/10-make-dns-work.conf
sudo systemctl restart systemd-resolvedUnix & Linux用户
发布于 2021-04-17 08:55:28
你真的不需要去处理系统解决方案。在dnsmasq.conf中添加“绑定-动态”或“绑定-接口”。这样,您就可以让系统自行解决,并沿系统侧运行。dnsmasq手册页显示了任何支持它的Linux系统的绑定-动态特性,Ubuntu就是这样做的。在使用中,我看不出它们都有什么区别。...just注意任何在重启时停止dnsmasq的“侦听-地址=”指令。在我的示例中,在运行Ubuntu20.04的pi4上,当dnsmasq试图启动时,pi和openVpn服务器地址(不同的子网相同的计算机)的本地IP地址不存在。我通过编辑dnsmasq服务文件来解决这个问题,该文件将在openVpn服务之后启动,以确保启动时IP地址可由dnsmasq绑定。
https://unix.stackexchange.com/questions/615819
复制相似问题
腾讯云开发者
