「Linux」- 禁止 NetworkManager 设置 /etc/resolv.conf 使用 127.0.0.53 地址

  CREATED BY JENKINSBOT

问题描述

在 Ubuntu 20.04 LTS 中,当使用 NetworkManager 正确配置并启用(nmcli connection up)网卡之后,DNS 配置没有生效,/etc/resolv.conf 坚持使用 127.0.0.53 地址的 DNS 服务。即便没有该服务(127.0.0.53:53),NetworkManager 也坚持使用该地址。并且 /etc/resolv.conf 包含 # Generated by NetworkManager 文本,就表明这是 NetworkManager 生成的。

该问题可能并不常见,只会在某些 Linux 发行版中出现,我们是在 Ubuntu 20.04 LTS 中遇到该问题。

原因分析

该问题的原因非常多,我们无法一一列举,只能描述我们的场景。

经过一番 Google 之后,各种解决方案并不适用于我们的场景,我们只能求助于官方 NetworkManager.conf(1.22) 文档对 dns 处理模式的设置:

	Set the DNS processing mode.
	If the key is unspecified, **default** is used, unless /etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf, /run/systemd/resolve/resolv.conf, /lib/systemd/resolv.conf or /usr/lib/systemd/resolv.conf. In that case, systemd-resolved is chosen automatically.
	**default**: NetworkManager will update /etc/resolv.conf to reflect the nameservers provided by currently active connections.
	**dnsmasq**: NetworkManager will run dnsmasq as a local caching nameserver, using "Conditional Forwarding" if you are connected to a VPN, and then update resolv.conf to point to the local nameserver. It is possible to pass custom options to the dnsmasq instance by adding them to files in the "/etc/NetworkManager/dnsmasq.d/" directory. Note that when multiple upstream servers are available, dnsmasq will initially contact them in parallel and then use the fastest to respond, probing again other servers after some time. This behavior can be modified passing the 'all-servers' or 'strict-order' options to dnsmasq (see the manual page for more details).
	**systemd-resolved**: NetworkManager will push the DNS configuration to systemd-resolved
	**unbound**: NetworkManager will talk to unbound and dnssec-triggerd, using "Conditional Forwarding" with DNSSEC support. /etc/resolv.conf will be managed by dnssec-trigger daemon.
	**none**: NetworkManager will not modify resolv.conf. This implies rc-manager unmanaged
	Note that the plugins dnsmasq, systemd-resolved and unbound are caching local nameservers. Hence, when NetworkManager writes /run/NetworkManager/resolv.conf and /etc/resolv.conf (according to rc-manager setting below), the name server there will be localhost only. NetworkManager also writes a file /run/NetworkManager/no-stub-resolv.conf that contains the original name servers pushed to the DNS plugin.
	When using dnsmasq and systemd-resolved per-connection added dns servers will always be queried using the device the connection has been activated on.

我们没有配置 systemd-resolved 选项(包括软链接),我们没有设置 none 选项,(希望各位读者检查一下是否存在这些配置,尤其是 systemd-resolved 软链接问题),但是依旧不生效。

解决方案

根据 NetworkManager 文档,未指定 dns= 选项,则默认为 default 参数。但是如果 /etc/resolv.conf 为软链接,则使用 systemd-resolved 进行解析。

方案一、添加 dns=default 选项

所以,我们在 /etc/NetworkManager/NetworkManager.conf 的 [main] 部分添加 dns=default 选项,并重启 NetworkManager 服务,问题得以解决。

当我们移除 dns=default 选项时,并重启 NetworkManager 服务(systemctl restart network-manger),/etc/resolv.conf 再次使用 127.0.0.53 地址。

修改 DNS 配置(systemd-resolved)

Changing DNS with systemd-resolved | Enovision Notes

# vim /etc/resolv.conf

// 或者

# systemd-resolve --interface wlp2s0 --set-dns 192.168.88.22 --set-domain yourdomain.local

查看 DNS 配置

# resolvectl status
Global
       LLMNR setting: no                  
MulticastDNS setting: no                  
  DNSOverTLS setting: no                  
      DNSSEC setting: no                  
    DNSSEC supported: no                  
          DNSSEC NTA: 10.in-addr.arpa     
                      16.172.in-addr.arpa 
                      168.192.in-addr.arpa
...

参考文献

NetworkManager.conf: NetworkManager Reference Manual
DNS set to systemd’s 127.0.0.53 – how to change permanently? – Ask Ubuntu
redhat – How do I force NetworkManager to update /etc/resolv.conf? – Server Fault
ubuntu – Using dnsmasq with NetworkManager – Super User
systemd-resolved – ArchWiki
How to troubleshoot DNS with systemd-resolved?