| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
nameserver 後面填寫 DNS 伺服器 IP 地址
When it comes to DNS setup Ubuntu doesn’t differ from other distributions. You can add hostname and IP addresses to the file /etc/hosts for static lookups. To cause your machine to consult with a particular server for name lookups you simply add their addresses to /etc/resolv.conf. For example a machine which should perform lookups from the DNS server at IP address 192.168.3.2 would have a resolv.conf file looking like this sudo vi /etc/resolv.conf enter the following details search test.com nameserver 192.168.3.2
domain domain.com search www.domain.com domain.com nameserver 202.96.128.86 nameserver 202.96.134.133
常規 DNS 伺服器域名解析過程是明文的,使用UDP傳輸,容易遭到劫持。DNS over TLS 類似 HTTPS 技術,域名解析過程是被加密的。
![[提示]](/graphics/tip.png) | 提示 |
|---|---|
| 普通 DNS 使用 53 UDP 連接埠,而 DNS over TLS 使用 853 TCP 連接埠。 |
$ cat /etc/systemd/resolved.conf [Resolve] DNS=1.1.1.1 9.9.9.9 DNSOverTLS=yes FallbackDNS=8.8.8.8 4.4.4.4
DNSSEC 技術與 DNS over TLS 類似
$ cat /etc/systemd/resolved.conf [Resolve] DNS=1.1.1.1 9.9.9.9 DNSSEC=yes FallbackDNS=8.8.8.8 4.4.4.4
$ cat /etc/systemd/resolved.conf [Resolve] DNS=1.1.1.1 9.9.9.9 DNSOverTLS=yes DNSSEC=yes FallbackDNS=8.8.8.8 4.4.4.4
在 /etc/NetworkManager/conf.d 中創建名為 10-dns-systemd-resolved.conf 檔案。
$ cat /etc/NetworkManager/conf.d/10-dns-systemd-resolved.conf [main] dns=systemd-resolved
重啟 NetworkManager 服務
$ sudo systemctl start systemd-resolved $ sudo systemctl enable systemd-resolved $ sudo systemctl restart NetworkManager
檢查 DNS over TLS 是否一切正常
$ resolvectl status
MulticastDNS setting: yes
DNSOverTLS setting: yes
DNSSEC setting: yes
DNSSEC supported: yes
Current DNS Server: 1.1.1.1
DNS Servers: 1.1.1.1
9.9.9.9
Fallback DNS Servers: 8.8.8.8
1.0.0.1
8.8.4.4
測試解析
$ resolvectl query www.netkiller.cn