DNS on HiDahttps://www.0niu.cn/tags/dns/Recent content in DNS on HiDaHugo -- gohugo.iozhThu, 08 May 2025 10:16:00 +0800使用 resolvectl 临时指定 DNS 服务器https://www.0niu.cn/posts/resolvectl-temporary-dns/Thu, 08 May 2025 10:16:00 +0800https://www.0niu.cn/posts/resolvectl-temporary-dns/<p>在日常运维中,我们经常需要临时切换 DNS 服务器来排查域名解析问题。传统做法是修改 <code>/etc/resolv.conf</code>,但在使用 systemd-resolved 的现代 Linux 发行版中,<code>resolvectl</code> 提供了更优雅的解决方案。</p><p>在日常运维中,我们经常需要临时切换 DNS 服务器来排查域名解析问题。传统做法是修改 <code>/etc/resolv.conf</code>,但在使用 systemd-resolved 的现代 Linux 发行版中,<code>resolvectl</code> 提供了更优雅的解决方案。</p> <h2 id="为什么用-resolvectl">为什么用 resolvectl</h2> <p>传统的修改 <code>/etc/resolv.conf</code> 方式有几个痛点:</p> <ul> <li><strong>systemd-resolved 管理下会被覆盖</strong>:直接编辑 <code>/etc/resolv.conf</code> 可能无效,因为该文件是一个指向 <code>/run/systemd/resolve/stub-resolv.conf</code> 的符号链接</li> <li><strong>需要 root 权限</strong>:编辑系统文件必须 sudo</li> <li><strong>容易忘记还原</strong>:排查完问题后忘记改回来,可能影响业务</li> </ul> <p>而 <code>resolvectl</code> 的优势:</p> <table> <thead> <tr> <th>特性</th> <th>传统方式</th> <th>resolvectl</th> </tr> </thead> <tbody> <tr> <td>修改配置文件</td> <td>✅</td> <td>❌</td> </tr> <tr> <td>需要 root</td> <td>✅</td> <td>❌(per-link)</td> </tr> <tr> <td>重启后恢复</td> <td>需手动还原</td> <td>✅ 自动恢复</td> </tr> <tr> <td>影响范围</td> <td>全局</td> <td>可按网卡控制</td> </tr> </tbody> </table> <h2 id="查看当前-dns-状态">查看当前 DNS 状态</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 查看全局 DNS 配置</span> </span></span><span style="display:flex;"><span>resolvectl status </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 查看指定网卡</span> </span></span><span style="display:flex;"><span>resolvectl status eth0 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 查看当前生效的 DNS 服务器</span> </span></span><span style="display:flex;"><span>resolvectl dns </span></span></code></pre></div><p>输出示例:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>Global </span></span><span style="display:flex;"><span> Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported </span></span><span style="display:flex;"><span>Resolving DNS Servers: 192.168.1.1 </span></span><span style="display:flex;"><span>Fallback DNS Servers: 8.8.8.8 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Link 2 (eth0) </span></span><span style="display:flex;"><span> Current Scopes: DNS </span></span><span style="display:flex;"><span> Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported </span></span><span style="display:flex;"><span>Resolving DNS Servers: 192.168.1.1 </span></span><span style="display:flex;"><span> DNS Domain: lan </span></span></code></pre></div><h2 id="临时指定-dnsper-link">临时指定 DNS(per-link)</h2> <h3 id="指定单网卡-dns">指定单网卡 DNS</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 将 eth0 的 DNS 指定为 Google DNS</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns eth0 8.8.8.8 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 指定多个 DNS(主备)</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns eth0 8.8.8.8 1.1.1.1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 指定国内 DNS</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns eth0 223.5.5.5 119.29.29.29 </span></span></code></pre></div><h3 id="验证生效">验证生效</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 查看当前 DNS</span> </span></span><span style="display:flex;"><span>resolvectl dns eth0 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 测试解析</span> </span></span><span style="display:flex;"><span>resolvectl query example.com </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 使用指定 DNS 解析</span> </span></span><span style="display:flex;"><span>resolvectl query example.com --interface<span style="color:#f92672">=</span>eth0 </span></span></code></pre></div><h3 id="恢复默认-dns">恢复默认 DNS</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 恢复为空(回退到全局配置)</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns eth0 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 恢复为 DHCP 下发的 DNS</span> </span></span><span style="display:flex;"><span>sudo resolvectl revert eth0 </span></span></code></pre></div><h2 id="全局临时指定-dns">全局临时指定 DNS</h2> <p>如果需要全局修改(影响所有网卡):</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 设置全局 DNS</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns 8.8.8.8 1.1.1.1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 恢复全局 DNS</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns </span></span></code></pre></div><blockquote> <p>⚠️ 全局修改同样会在重启后恢复,但会影响所有网卡的 DNS 解析。</p> </blockquote> <h2 id="常用国内公共-dns">常用国内公共 DNS</h2> <table> <thead> <tr> <th>DNS 服务商</th> <th>地址</th> <th>说明</th> </tr> </thead> <tbody> <tr> <td>阿里</td> <td>223.5.5.5 / 223.6.6.6</td> <td>稳定快速</td> </tr> <tr> <td>腾讯</td> <td>119.29.29.29</td> <td>DNSPod</td> </tr> <tr> <td>百度</td> <td>180.76.76.76</td> <td>-</td> </tr> <tr> <td>114 DNS</td> <td>114.114.114.114</td> <td>老牌公共 DNS</td> </tr> <tr> <td>Google</td> <td>8.8.8.8 / 8.8.4.4</td> <td>海外推荐</td> </tr> <tr> <td>Cloudflare</td> <td>1.1.1.1 / 1.0.0.1</td> <td>海外</td> </tr> </tbody> </table> <h2 id="实战场景">实战场景</h2> <h3 id="场景一排查域名解析故障">场景一:排查域名解析故障</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 1. 查看当前 DNS</span> </span></span><span style="display:flex;"><span>resolvectl dns </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 2. 临时切换到公共 DNS 验证</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns eth0 223.5.5.5 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 3. 测试解析</span> </span></span><span style="display:flex;"><span>resolvectl query api.example.com </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 4. 如果公共 DNS 正常,说明内网 DNS 有问题</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 5. 恢复原配置</span> </span></span><span style="display:flex;"><span>sudo resolvectl revert eth0 </span></span></code></pre></div><h3 id="场景二测试-dohdot">场景二:测试 DoH/DoT</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 查看是否支持 DNS over TLS</span> </span></span><span style="display:flex;"><span>resolvectl status | grep -i tls </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 开启 DNS over TLS(需要 DNS 服务器支持)</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns-over-tls eth0 yes </span></span><span style="display:flex;"><span>sudo resolvectl dns eth0 tls://dns.google </span></span></code></pre></div><h3 id="场景三多网卡环境指定-dns">场景三:多网卡环境指定 DNS</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># eth0 走内网 DNS</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns eth0 192.168.1.1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># eth1 走公共 DNS</span> </span></span><span style="display:flex;"><span>sudo resolvectl dns eth1 223.5.5.5 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 查询时指定网卡</span> </span></span><span style="display:flex;"><span>resolvectl query internal.example.com --interface<span style="color:#f92672">=</span>eth0 </span></span><span style="display:flex;"><span>resolvectl query www.0niu.cn --interface<span style="color:#f92672">=</span>eth1 </span></span></code></pre></div><h2 id="注意事项">注意事项</h2> <ol> <li><strong>临时性</strong>:<code>resolvectl</code> 的修改在系统重启后会自动恢复为配置文件中的默认值</li> <li><strong>与 NetworkManager 冲突</strong>:如果使用 NetworkManager 管理 DNS,可能会被 NM 覆盖,可以设置 <code>NM_CONTROLLED=no</code> 或在 NM 配置中指定 DNS</li> <li><strong>systemd-resolved 必须运行</strong>:确认服务状态 <code>systemctl status systemd-resolved</code></li> <li><strong>域名搜索后缀</strong>:可以使用 <code>resolvectl domain eth0 example.com</code> 临时添加搜索域</li> </ol> <h2 id="总结">总结</h2> <p><code>resolvectl</code> 是 systemd-resolved 提供的 DNS 管理工具,用于临时切换 DNS 非常方便:</p> <ul> <li>✅ 无需修改配置文件</li> <li>✅ 重启自动恢复</li> <li>✅ 可按网卡粒度控制</li> <li>✅ 支持 DNS over TLS</li> </ul> <p>下次排查 DNS 问题时,不妨试试 <code>resolvectl</code>。</p>