有些文章说用关闭(删除)systemd-resolved
,而使用 resolvconf 、openresolv、Unbound 替换,测试发现在ubuntu 20.04.2 LTS NetworkManager
已经被 systemd-networkd
取代,复杂度(依赖关系)较高。所以研究依然保持使用systemd-resolved
而不使用127.0.0.53
的配置思路。
后来发现systemd-resolved
会产出两个运行配置,如下
/run/systemd/resolve/resolv.conf
/run/systemd/resolve/stub-resolv.conf
默认/etc/resolv.conf
软链接到/run/systemd/resolve/stub-resolv.conf
,那么只需将/etc/resolv.conf
软链接到/run/systemd/resolve/resolv.conf
而/run/systemd/resolve/* 生成的配置文件是由/etc/systemd/resolved.conf
决定,于是就写了下边的配置脚本,放到服务器上一执行,确实已经不是指向127.0.0.53了。
mkdir -p /etc/systemd/resolved.conf.d/
cat >/etc/systemd/resolved.conf.d/99-dns.conf << EOF
[Resolve]
DNS=114.114.114.114 8.8.8.8
EOF
ln -s -f /run/systemd/resolve/resolv.conf /etc/resolv.conf
systemctl daemon-reload && systemctl restart systemd-resolved.service && systemctl status -l systemd-resolved.service --no-pager
cat /etc/resolv.conf
主要参考了这篇
下文是讲解了为啥systemd-resolved要搞127.0.0.53:53
既然不用127.0.0.53了,那么我们能直接关闭127.0.0.53:53吗?
mkdir -p /etc/systemd/resolved.conf.d/
cat >/etc/systemd/resolved.conf.d/98-disable-127-53.conf << EOF
[Resolve]
DNSStubListener=no
EOF
systemctl daemon-reload && systemctl restart systemd-resolved.service && systemctl status -l systemd-resolved.service --no-pager
执行后再ss -tunlp
查看53端口,127.0.0.53:53监听已经没了。
k8s相关
另发现kubeadm(v1.21.3)安装的kubelet 默认会使用 /run/systemd/resolve/resolv.conf
,也可以手工更改,配置( /var/lib/kubelet/config.yaml)的说明在https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
查看resolvConf字段的文档发现Default: “/etc/resolv.conf”,那为什么kubeadm安装完后会变成/run/systemd/resolve/resolv.conf
呢?此处暂留有疑问(20210923)
cat /var/lib/kubelet/config.yaml | grep resolv
resolvConf: /run/systemd/resolve/resolv.conf
查了下kubeadm init 的日志,发现kubeadm-init阶段的各个操作
其中kubelet-start是负责Write a file with KubeletConfiguration and an environment file with node specific kubelet settings, and then (re)start kubelet.
经过查询代码,代码,kubeadm是对环境作了默认的检测,从而得到了一份可用的配置。而二进制的安装就需要在/var/lib/kubelet/config.yaml
自己指定下,决不能使用127.0.0.53:53的resolv.conf
cat /var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1
resolvConf: /run/systemd/resolve/resolv.conf
争夺/etc/resolv.conf控制权
推荐阅读—> 米开杨重新夺回对 /etc/resolv.conf 的控制权
- https://man7.org/linux/man-pages/man5/resolv.conf.5.html
ref
- https://www.codenong.com/jsba6d4c63c1ef
- https://www.jianshu.com/p/1378e6abd94d
- http://www.jinbuguo.com/systemd/resolved.conf.html
- https://askubuntu.com/questions/1012641/dns-set-to-systemds-127-0-0-53-how-to-change-permanently
附件1 ubuntu默认的/etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0 trust-ad