1 votes

il_mix avatar

resolv.conf ne correspond pas à la configuration du plan de réseau

Demandé el 22 de Juillet, 2020
Quand la question a-t-elle été
2209 affichage
Nombre de visites la question a
2 Réponses
Nombre de réponses aux questions
Résolu
Situation réelle de la question

Je suis en train de mettre en place un système Ubuntu Server 20.04 comme passerelle entre mon LAN et le WAN. Je ne parviens pas à configurer le DNS correctement.

J'ai 2 fichiers de configuration netplan pour mes 2 interfaces.

Interface eth interne (LAN)

root@gate:~# cat /etc/netplan/01-eth_int.yaml
# This is the network config written by 'subiquity'
network:
  ethernets:
        enp4s0:
            addresses: ['10.0.10.1/24']
            match:
                macaddress: 00:60:e0:76:9e:e7
            set-name: eth_int
  version: 2

Interface eth externe (WAN)

root@gate:~# cat /etc/netplan/02-eth_ext.yaml
# This is the network config written by 'subiquity'
network:
  ethernets:
        enp5s0:
            addresses: ['10.200.56.254/24']
            gateway4: 10.200.56.1
            nameservers:
                addresses: [195.78.215.228, 195.78.223.228]
                addresses: [8.8.8.8, 8.8.4.4]
            match:
                macaddress: 00:60:e0:76:9e:e8
            set-name: eth_ext
  version: 2

Au redémarrage, les interfaces sont configurées selon les fichiers de configuration de netplan. Mais le fichier /etc/resolv.conf est mal configuré.

root@gate:~# cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0

Test/contrôle effectué :

  • /etc/resolv.conf est un lien symbolique de ../run/systemd/resolve/stub-resolv.conf

  • systemd-resolve --status renvoie le DNS correct pour l'interface eth_ext, mais pas de DNS global (peut être un problème ?)

    root@gate:~# systemd-resolve --status
Global
       LLMNR setting: no
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 5 (eth_ext)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 195.78.215.228
                      195.78.223.228
                      8.8.8.8
                      8.8.4.4

Link 4 (enp0s31f6)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 3 (eth_int)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 2 (enp3s0)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

  • édité /etc/systemd/resolved.conf, en définissant et décommentant l'entrée DNS. Une entrée DNS globale apparaît en exécutant systemd-resolve --status, mais /etc/resolv.conf ne change pas.

Il est évident que cette incompatibilité empêchera le DNS de fonctionner correctement

root@gate:~# ping google.com
ping: google.com: Temporary failure in name resolution

root@gate:~#  nslookup heise.de 127.0.0.53
;; connection timed out; no servers could be reached

Comment résoudre ce problème ?

Demandé el 22 de Juillet, 2020 par il_mix

Réponses

Trop de publicités?

1voto

Gryu avatar
Gryu Points 6277

Vous avez mentionné, votre /etc/resolv.conf est un lien symbolique de /run/systemd/resolve/stub-resolv.conf

Pour résoudre ce problème :

  1. Déconnectez-le : $ sudo unlink /etc/resolv.conf
  2. $ sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
  3. sudo systemctl restart systemd-resolved.service

Les informations suivantes proviennent de man systemd-resolved :

/ETC/RESOLV.CONF
       Four modes of handling /etc/resolv.conf (see resolv.conf(5)) are supported:

       •   systemd-resolved maintains the /run/systemd/resolve/stub-resolv.conf file for compatibility with
           traditional Linux programs. This file may be symlinked from /etc/resolv.conf. This file lists the
           127.0.0.53 DNS stub (see above) as the only DNS server. It also contains a list of search domains that are
           in use by systemd-resolved. The list of search domains is always kept up-to-date. Note that
           /run/systemd/resolve/stub-resolv.conf should not be used directly by applications, but only through a
           symlink from /etc/resolv.conf. This file may be symlinked from /etc/resolv.conf in order to connect all
           local clients that bypass local DNS APIs to systemd-resolved with correct search domains settings. This
           mode of operation is recommended.

       •   A static file /usr/lib/systemd/resolv.conf is provided that lists the 127.0.0.53 DNS stub (see above) as
           only DNS server. This file may be symlinked from /etc/resolv.conf in order to connect all local clients
           that bypass local DNS APIs to systemd-resolved. This file does not contain any search domains.

       •   systemd-resolved maintains the /run/systemd/resolve/resolv.conf file for compatibility with traditional
           Linux programs. This file may be symlinked from /etc/resolv.conf and is always kept up-to-date, containing
           information about all known DNS servers. Note the file format's limitations: it does not know a concept of
           per-interface DNS servers and hence only contains system-wide DNS server definitions. Note that
           /run/systemd/resolve/resolv.conf should not be used directly by applications, but only through a symlink
           from /etc/resolv.conf. If this mode of operation is used local clients that bypass any local DNS API will
           also bypass systemd-resolved and will talk directly to the known DNS servers.

       •   Alternatively, /etc/resolv.conf may be managed by other packages, in which case systemd-resolved will read
           it for DNS configuration data. In this mode of operation systemd-resolved is consumer rather than provider
           of this configuration file.

       Note that the selected mode of operation for this file is detected fully automatically, depending on whether
       /etc/resolv.conf is a symlink to /run/systemd/resolve/resolv.conf or lists 127.0.0.53 as DNS server.
Répondu el 5 de Avril, 2021 par Gryu (6277 Points )

-1voto

bobmorane avatar
bobmorane Points 7

Je remarque que vous n'avez pas spécifié dhcp4 : false sur votre réseau local et que vous n'avez pas assigné de serveur de noms - c'est peut-être votre problème ?

J'ai récemment configuré ma machine ubuntu en tant que routeur et après de nombreuses difficultés, j'ai abandonné l'idée de nommer les interfaces et de les laisser eno1 / enp1s0 dans le fichier yaml (BTW j'ai combiné leur description dans un seul fichier que j'ai nommé 01-router-all.yaml afin de n'avoir qu'un seul fichier à éditer lorsque je fais des modifications). Je pense que j'ai été confronté à une condition de course avec le service de serveur dhcp qui a démarré avant que le service réseau n'ait nommé les interfaces comme indiqué dans mon .yaml.

Voici mon travail /etc/netplan/01-router-all.yaml si cela peut aider (je triche un peu et j'assigne un DNS public, car je dois encore configurer un serveur DNS sur ma machine) :

network:
  version: 2
  renderer: networkd

  ethernets:
    # eno1 = wan1
    eno1:
      dhcp4: false
      addresses: [192.168.1.8/24]
      nameservers:
        addresses: [9.9.9.9, 1.1.1.1]
        search: []

    # enp1s0 = lan
    enp1s0:
      dhcp4: false
      addresses: [192.168.9.1/24]
      nameservers:
        addresses: [9.9.9.9, 1.1.1.1]
        search: []
Répondu el 22 de Juillet, 2020 par bobmorane (7 Points )

Questions en vedette

Top Tags

Dans notre réseau

SistemesEz.com

SystemesEZ est une communauté de sysadmins où vous pouvez résoudre vos problèmes et vos doutes. Vous pouvez consulter les questions des autres sysadmins, poser vos propres questions ou résoudre celles des autres.

Powered by:

Yandex
X