| 知乎专栏 | 多维度架构 |
nameserver 后面填写 DNS 服务器 IP 地址
When it comes to DNS setup Ubuntu doesn’t differ from other distributions. You can add hostname and IP addresses to the file /etc/hosts for static lookups. To cause your machine to consult with a particular server for name lookups you simply add their addresses to /etc/resolv.conf. For example a machine which should perform lookups from the DNS server at IP address 192.168.3.2 would have a resolv.conf file looking like this sudo vi /etc/resolv.conf enter the following details search test.com nameserver 192.168.3.2
domain domain.com search www.domain.com domain.com nameserver 202.96.128.86 nameserver 202.96.134.133
常规 DNS 服务器域名解析过程是明文的,使用UDP传输,容易遭到劫持。DNS over TLS 类似 HTTPS 技术,域名解析过程是被加密的。
![[提示]](/graphics/tip.png) | 提示 |
|---|---|
| 普通 DNS 使用 53 UDP 端口,而 DNS over TLS 使用 853 TCP 端口。 |
$ cat /etc/systemd/resolved.conf [Resolve] DNS=1.1.1.1 9.9.9.9 DNSOverTLS=yes FallbackDNS=8.8.8.8 4.4.4.4
DNSSEC 技术与 DNS over TLS 类似
$ cat /etc/systemd/resolved.conf [Resolve] DNS=1.1.1.1 9.9.9.9 DNSSEC=yes FallbackDNS=8.8.8.8 4.4.4.4
$ cat /etc/systemd/resolved.conf [Resolve] DNS=1.1.1.1 9.9.9.9 DNSOverTLS=yes DNSSEC=yes FallbackDNS=8.8.8.8 4.4.4.4
在 /etc/NetworkManager/conf.d 中创建名为 10-dns-systemd-resolved.conf 文件。
$ cat /etc/NetworkManager/conf.d/10-dns-systemd-resolved.conf [main] dns=systemd-resolved
重启 NetworkManager 服务
$ sudo systemctl start systemd-resolved $ sudo systemctl enable systemd-resolved $ sudo systemctl restart NetworkManager
检查 DNS over TLS 是否一切正常
$ resolvectl status MulticastDNS setting: yes DNSOverTLS setting: yes DNSSEC setting: yes DNSSEC supported: yes Current DNS Server: 1.1.1.1 DNS Servers: 1.1.1.1 9.9.9.9 Fallback DNS Servers: 8.8.8.8 1.0.0.1 8.8.4.4
测试解析
$ resolvectl query www.netkiller.cn