Ubuntu 更换网络后,DNS查询本地的域名失败

After changing networks, DNS lookup fails to domains that were local


问题

我最近从16.04升级到17.10,有些域名现在无法在 systemd-resolved 中解析,尽管我的家庭DNS服务器对域名的解析很好。

我的工作场所的域名是 *.cs.bham.ac.uk (一所大学的计算机科学),当我在工作时,这些域名的解析很好。但是当我回家的时候,这些域名就不再解析了。我现在所在的地方与任何东西都没有关系 .bham.ac.uk

bgeron@tinker ~> systemd-resolve git.cs.bham.ac.uk
git.cs.bham.ac.uk: resolve call failed: No appropriate name servers or networks for name found
bgeron@tinker ~> host git.cs.bham.ac.uk
Host git.cs.bham.ac.uk not found: 2(SERVFAIL)
bgeron@tinker ~> host git.cs.bham.ac.uk 192.168.1.254
Using domain server:
Name: 192.168.1.254
Address: 192.168.1.254#53
Aliases: 

git.cs.bham.ac.uk has address 147.188.203.99
bgeron@tinker ~> systemd-resolve --status
Global
          DNS Domain: lan
                      adf.bham.ac.uk
                      bham.ac.uk
                      cs.bham.ac.uk
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 4 (docker0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 3 (wlp4s0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.254
          DNS Domain: lan

Link 2 (enp0s31f6)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

我不知道为什么那些DNS域名会列在那里。它看起来像是某种陈旧的缓存。以root身份执行 systemd-resolve --flush-caches ,似乎没有任何影响。

/etc/resolv.conf 的内容:

# Dynamic resolv.conf *.cs.bham.ac.uk  file for glibc resolver 
Nov 05 22:39:59 tinker systemd[1]: Starting Network Name Resolution...
-- Subject: Unit systemd-resolved.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit systemd-resolved.service has begun starting up.
Nov 05 22:39:59 tinker systemd-resolved[11818]: Positive Trust Anchors:
Nov 05 22:39:59 tinker systemd-resolved[11818]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Nov 05 22:39:59 tinker systemd-resolved[11818]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Nov 05 22:39:59 tinker systemd-resolved[11818]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Nov 05 22:39:59 tinker systemd-resolved[11818]: Using system hostname 'tinker'.
Nov 05 22:39:59 tinker systemd[1]: Started Network Name Resolution.
-- Subject: Unit systemd-resolved.service has finished start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit systemd-resolved.service has finished starting up.
-- 
-- The start-up result is done.
Nov 05 22:50:52 tinker systemd-resolved[11818]: Flushed all caches.
generated by resolvconf /etc/resolv.conf # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.53 search lan adf.bham.ac.uk bham.ac.uk cs.bham.ac.uk

当我删除 search 行时,查询又开始工作了。 但显然这不是一个永久的解决方案。

我相信我几乎就是在使用vanilla NetworkManager。我设置了一个蓝牙PAN设备,但没有激活。

过去,在大学里,有一个本地主机名不能解决的问题。我相信 *.cs.bham.ac.uk 可以解决(由host

# Dynamic resolv.conf *.cs.bham.ac.uk  file for glibc resolver 
Nov 05 22:39:59 tinker systemd[1]: Starting Network Name Resolution...
-- Subject: Unit systemd-resolved.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit systemd-resolved.service has begun starting up.
Nov 05 22:39:59 tinker systemd-resolved[11818]: Positive Trust Anchors:
Nov 05 22:39:59 tinker systemd-resolved[11818]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Nov 05 22:39:59 tinker systemd-resolved[11818]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Nov 05 22:39:59 tinker systemd-resolved[11818]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Nov 05 22:39:59 tinker systemd-resolved[11818]: Using system hostname 'tinker'.
Nov 05 22:39:59 tinker systemd[1]: Started Network Name Resolution.
-- Subject: Unit systemd-resolved.service has finished start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit systemd-resolved.service has finished starting up.
-- 
-- The start-up result is done.
Nov 05 22:50:52 tinker systemd-resolved[11818]: Flushed all caches.
generated by resolvconf /etc/resolv.conf # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.53 search lan adf.bham.ac.uk bham.ac.uk cs.bham.ac.uk
决定),但 *.bham.ac.uk 不行。我不记得 systemd-resolve 对这些情况会怎么说。为了解决这个问题,我取消了 /etc/nsswitch.conf ,并加入了我在网上找到的以下内容。
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          dns [!UNAVAIL=return] files
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

我的日志中的一些日志条目,可能与此有关,也可能无关:

  • wpa_supplicant。无法读取接口p2p-dev-wlp4s0的标志。没有这样的设备
  • 我的GPU驱动发出了一些警告。

更多。

Nov 05 22:39:59 tinker systemd[1]: Starting Network Name Resolution...
-- Subject: Unit systemd-resolved.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit systemd-resolved.service has begun starting up.
Nov 05 22:39:59 tinker systemd-resolved[11818]: Positive Trust Anchors:
Nov 05 22:39:59 tinker systemd-resolved[11818]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Nov 05 22:39:59 tinker systemd-resolved[11818]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Nov 05 22:39:59 tinker systemd-resolved[11818]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Nov 05 22:39:59 tinker systemd-resolved[11818]: Using system hostname 'tinker'.
Nov 05 22:39:59 tinker systemd[1]: Started Network Name Resolution.
-- Subject: Unit systemd-resolved.service has finished start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit systemd-resolved.service has finished starting up.
-- 
-- The start-up result is done.
Nov 05 22:50:52 tinker systemd-resolved[11818]: Flushed all caches.

非常欢迎任何想法!

编辑 澄清。试图解析这些主机名中的任何一个都不会产生任何网络流量,它立即给出了一个否定的结果。

我发现的一个问题是,git.cs.bham.ac.uk在cs.bham.ac.uk的SOA(即dns0.cs.bham.ac.uk)上是没有权威的。这可能是在你的工作中,它以某种方式是权威的。我也试了一下其他的NS,没有一个是权威的。这可能发生在它以某种方式在内部解决的情况下,这将解释为什么它在你的工作场所可以工作,但在家里不行。
谢谢你对这个问题的研究! 当我使用 dig 时,确实AUTHORITY标志似乎没有设置在答案上。(在工作中也一样。)但对于www.google.com,似乎也是如此。你认为这可能是一个问题吗?
不,这只是告诉你,DNS服务器对你提出的请求没有权威性。试试这个: dig www.google.com A dns-admin.google.com 权威标志被设置,因为那是SOA服务器。至少有一个SOA服务器应该是权威的。在你的SOA中,没有一个是权威的。一些DNS转发器除非能得到权威性的响应,否则就不会工作。
奇怪,我之前检查过,dns0.cs.bham.ac.uk不会给我git.cs.bham.ac.uk的权威性结果。对不起,我误入歧途了
@bgeron 我有完全相同的问题(但在不同的CS部门 -- 卡迪夫!)。我想这是由以下原因造成的。 bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1713457 。我刚刚卸载了resolvconf(该评论线程中建议的修复方法),下次我切换网络时将在这里报告...
答案1

根据Joseph Redfern的建议,似乎 resolvconfsystemd-resolved 不兼容。移除 resolvconf 包对我来说解决了这个问题。