Ubuntu 16.04.4 LTSでは、ドメイン検証は機能しません。ホームサーバーはHuawei HG8245ルーターに接続されており、サーバーのネットワークはNetworkManagerによって検証されます。 NetworkNamer 構成には dnsmasq(dns = dnsmasq) が含まれます。ネットワーク管理者が動作します。
root@HTPC:~# systemctl status NetworkManager
● NetworkManager.service - Network Manager
Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
Active: active (running) since Пт 2018-05-04 19:39:50 MSK; 23h ago
Docs: man:NetworkManager(8)
Main PID: 870 (NetworkManager)
CGroup: /system.slice/NetworkManager.service
├─ 870 /usr/sbin/NetworkManager --no-daemon
├─1780 /sbin/dhclient -d -q -sf /usr/lib/NetworkManager/nm-dhcp-helper -pf /var/run/dhclient-enp0s25.pid -lf /var/lib/NetworkManager/dhclient-fc677298-2d2f-3fca-87fd-55304cb944a9-enp0s25.lease -cf /var/lib/NetworkManager/dhclient-enp0s25.conf enp0s25
└─1791 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
май 04 19:39:55 HTPC dnsmasq[1791]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
май 04 19:39:55 HTPC dnsmasq[1791]: DBus support enabled: connected to system bus
май 04 19:39:55 HTPC dnsmasq[1791]: warning: no upstream servers configured
май 04 19:39:55 HTPC NetworkManager[870]: <info> [1525451995.5358] device (enp0s25): Activation: successful, device activated.
май 04 19:39:55 HTPC NetworkManager[870]: <info> [1525451995.5400] dnsmasq[0x1ece500]: dnsmasq appeared as :1.58
май 04 19:39:55 HTPC dnsmasq[1791]: setting upstream servers from DBus
май 04 19:39:55 HTPC dnsmasq[1791]: using nameserver 192.168.100.1#53(via enp0s25)
май 04 19:40:00 HTPC NetworkManager[870]: <info> [1525452000.5064] manager: WiFi hardware radio set enabled
май 04 19:40:00 HTPC NetworkManager[870]: <info> [1525452000.5064] manager: WWAN hardware radio set enabled
май 04 19:40:00 HTPC NetworkManager[870]: <info> [1525452000.5064] manager: startup complete
root@HTPC:~#
/etc/resolv.conf ファイルには以下が含まれます。ネームサーバー 127.0.1.1
ポート53で127.0.1.1が受信中です(tcp / udp)。 127.0.1.1:53 ではドメイン解析が機能せず、ルータで解析が機能し、8.8.8.8 でも動作します。
root@HTPC:~# dig ya.ru @127.0.1.1
; <<>> DiG 9.10.3-P4-Ubuntu <<>> ya.ru @127.0.1.1
;; global options: +cmd
;; connection timed out; no servers could be reached
root@HTPC:~# dig ya.ru @8.8.8.8
; <<>> DiG 9.10.3-P4-Ubuntu <<>> ya.ru @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41427
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ya.ru. IN A
;; ANSWER SECTION:
ya.ru. 257 IN A 87.250.250.242
;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat May 05 20:18:28 MSK 2018
;; MSG SIZE rcvd: 50
root@HTPC:~#
tcpdumpを使って次のことを見つけました。
192.168.100.1 - ルーター (DHCP/DNS) 127.0.1.1 - /etc/resolv.conf(dnsmasq)
ルーター
root@HTPC:~# nslookup ya.ru 192.168.100.1
Server: 192.168.100.1
Address: 192.168.100.1#53
Non-authoritative answer:
Name: ya.ru
Address: 87.250.250.242
root@HTPC:~#
TCPダンプ:
IP (tos 0x0, ttl 64, id 8895, offset 0, flags [none], proto UDP (17), length 51)
192.168.100.14.38831 > 192.168.100.1.53: [bad udp cksum 0x4991 -> 0xdb5b!] 27165+ A? ya.ru. (23)
IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 67)
192.168.100.1.53 > 192.168.100.14.38831: [udp sum ok] 27165 q: A? ya.ru. 1/0/0 ya.ru. [5m51s] A 87.250.250.242 (39)
ドメイン名システム
root@HTPC:~# nslookup ya.ru 127.0.1.1
;; connection timed out; no servers could be reached
root@HTPC:~#
TCPダンプ:
IP (tos 0x0, ttl 64, id 11765, offset 0, flags [DF], proto UDP (17), length 51)
192.168.100.14.33915 > 192.168.100.1.53: [bad udp cksum 0x4991 -> 0x36a5!] 8712+ A? ya.ru. (23)
IP (tos 0x0, ttl 64, id 12556, offset 0, flags [DF], proto UDP (17), length 51)
192.168.100.14.33915 > 192.168.100.1.53: [bad udp cksum 0x4991 -> 0x36a5!] 8712+ A? ya.ru. (23)
IP (tos 0x0, ttl 64, id 13374, offset 0, flags [DF], proto UDP (17), length 51)
192.168.100.14.33915 > 192.168.100.1.53: [bad udp cksum 0x4991 -> 0x36a5!] 8712+ A? ya.ru. (23)
最初のパケットには応答がありますが、残りの3つのパケットには応答がないのはなぜですか?