域分辨率(systemd-resolved)搞砸了,怎么修复?
对不起,这是一个很长的TL,DR; DR是域解析(也许是其他东西)只是间歇性地工作,因此互联网只能间歇性地工作。 我想解决它:Kubuntu 17.04。
有几个症状:在20170605我打开计算机连接远程设备以使用plex但是通过ath9k_htc TP-LINK usb加密狗使用wifi从同一子网上的远程设备连接到本地计算机是间歇性的。 我已经运行了最近的更新(pastebin),但它们似乎与DNS解析无关。
Ping,使用间歇2秒的mtr,谷歌的DNS为8.8.8.8我得到:
1. 192.168.1.1 ...............................????????????????...............????????????????...........................................................................??????????.....................???????......... 2. 81.1.112.44 ...............................????????????????...............????????????????.........>.................................................................?????????......................???????......... 问题显示连接失败时,间隔为32s,32s,22s,14s,即不规则。
最初我认为systemd-resolved是责备, sudo systemctl status wpa_supplicant.service NetworkManager.service systemd-resolved返回以下内容:
thisuser@host-k1210:~$ sudo systemctl status wpa_supplicant.service NetworkManager.service systemd-resolved.service ● wpa_supplicant.service - WPA supplicant Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; disabled; vendor preset: enabled) Active: active (running) since Tue 2017-06-06 09:26:04 BST; 3h 52min ago Main PID: 1252 (wpa_supplicant) Tasks: 1 (limit: 4915) CGroup: /system.slice/wpa_supplicant.service └─1252 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant Jun 06 11:35:52 host-k1210 wpa_supplicant[1252]: wlan15: WPA: Group rekeying completed with 00:1c:df:9b:8d:ff [GTK=TKIP] Jun 06 11:57:25 host-k1210 wpa_supplicant[1252]: wlan15: CTRL-EVENT-DISCONNECTED bssid=00:1c:df:9b:8d:ff reason=3 locally_generated=1 Jun 06 11:57:25 host-k1210 wpa_supplicant[1252]: wlan15: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: SME: Trying to authenticate with 00:1c:df:9b:8d:ff (SSID='TALKTALK-17A908' fr Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: Trying to associate with 00:1c:df:9b:8d:ff (SSID='TALKTALK-17A908' freq=2412 Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: Associated with 00:1c:df:9b:8d:ff Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=US Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: WPA: Key negotiation completed with 00:1c:df:9b:8d:ff [PTK=CCMP GTK=TKIP] Jun 06 11:57:28 host-k1210 wpa_supplicant[1252]: wlan15: CTRL-EVENT-CONNECTED - Connection to 00:1c:df:9b:8d:ff completed [id=0 id_str Jun 06 12:36:45 host-k1210 wpa_supplicant[1252]: wlan15: WPA: Group rekeying completed with 00:1c:df:9b:8d:ff [GTK=TKIP] ● NetworkManager.service - Network Manager Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2017-06-06 11:05:45 BST; 2h 13min ago Docs: man:NetworkManager(8) Main PID: 3815 (NetworkManager) Tasks: 3 (limit: 4915) CGroup: /system.slice/NetworkManager.service └─3815 /usr/sbin/NetworkManager --no-daemon Jun 06 11:05:45 host-k1210 systemd[1]: Starting Network Manager... Jun 06 11:05:45 host-k1210 systemd[1]: Started Network Manager. Jun 06 11:05:45 host-k1210 NetworkManager[3815]: [1496743545.4801] keyfile: 'hostname' option is deprecated and has no effect Jun 06 11:05:45 host-k1210 NetworkManager[3815]: ((devices/nm-device.c:970)): assertion '' failed Jun 06 11:57:25 host-k1210 NetworkManager[3815]: [1496746645.8678] sup-iface[0x556a4c929950,wlan15]: connection disconnected ( ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Drop-In: /lib/systemd/system/systemd-resolved.service.d └─resolvconf.conf Active: active (running) since Tue 2017-06-06 09:26:00 BST; 3h 52min ago Docs: man:systemd-resolved.service(8) http://www.freedesktop.org/wiki/Software/systemd/resolved http://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers http://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients Main PID: 1192 (systemd-resolve) Status: "Processing requests..." Tasks: 1 (limit: 4915) CGroup: /system.slice/systemd-resolved.service └─1192 /lib/systemd/systemd-resolved Jun 06 13:14:01 host-k1210 systemd-resolved[1192]: Switching to DNS server 8.8.8.8 for interface wlan15. Jun 06 13:14:01 host-k1210 systemd-resolved[1192]: Using degraded feature set (UDP+EDNS0+DO) for DNS server 8.8.8.8. Jun 06 13:14:05 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15. Jun 06 13:14:05 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.220.220 for interface wlan15. Jun 06 13:14:06 host-k1210 systemd-resolved[1192]: Switching to DNS server 8.8.8.8 for interface wlan15. Jun 06 13:17:44 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15. Jun 06 13:17:49 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.220.220 for interface wlan15. Jun 06 13:17:55 host-k1210 systemd-resolved[1192]: Switching to DNS server 8.8.8.8 for interface wlan15. Jun 06 13:18:00 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15. Jun 06 13:18:05 host-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.220.220 for interface wlan15.
换句话说,至少有3个系统处于错误状态:
1)这显示了这篇文章中有关wpa_supplicant / NetworkManager的错误; 通过修改NetworkManager.conf来删除MAC地址随机化的解决方案对我来说是无效的。
2a) 这篇文章中关于在wpa_supplicant中重新加密的错误; 再次修复对我没有帮助,因为我没有可以“设置WPA / WPA2组密钥更新周期”的路由器。
2b)同样的错误是在这里报告改变PMF(受保护的管理帧)的指令,再次我的wifi路由器不提供对此的访问。
3) tail -ing /var/log/syslog也可以看到第三个错误:
Jun 6 13:18:00 bridgeflap-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15. Jun 6 13:18:05 bridgeflap-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.220.220 for interface wlan15. Jun 6 13:24:07 bridgeflap-k1210 systemd-resolved[1192]: Switching to DNS server 8.8.8.8 for interface wlan15. Jun 6 13:24:12 bridgeflap-k1210 systemd-resolved[1192]: Switching to DNS server 208.67.222.222 for interface wlan15. Jun 6 13:24:12 bridgeflap-k1210 systemd-resolved[1192]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 208.67.222.222.
这些错误会重复很多次。 当系统连接到网络时它们停止,然后当mtr 8.8.8.8显示ping失败时,上述错误再次启动,非常类似 – 几乎就像竞争条件。
3a) systemd-resolved的错误看起来很像这个问题,但是关闭DNSSEC的修复对我来说不起作用 ,实际上这是默认的,尽管我继续并在systemd-resolved.conf中将其指定为off。
3b)它看起来很像这个预发布的Valet Linux问题 ,其中dnsmasq似乎干扰了systemd的解析器。 我过去有过dnsmasq,但目前还没有 。
3c) 来自16.10的论坛post建议删除dnsmasq作为解决方案,概括我没有安装它(但是dnsmasq-base作为残留,删除它是无效的)。
FWIW我使用静态IP通过wifi连接到ADSL路由器 – 调制解调器与OpenDNS(谷歌作为后备)通过KDE NetworkManager接口设置。
几乎重新启动任何网络项目,例如sudo systemctl restart networking.service似乎非常简单地修复了一些事情,但是错误的短暂性让人很难说 – 连接一直在上升和下降,最短的下降是~2s,最长的时间是〜60秒。
做journalctl -x --utc --system | grep -C3 -i error journalctl -x --utc --system | grep -C3 -i error我得到如下行:
-- Unit NetworkManager-wait-online.service has begun starting up. Jun 06 09:57:29 bridgeflap-k1210 NetworkManager[3236]: [1496743049.2492] keyfile: 'hostname' option is deprecated and has no effect Jun 06 09:57:29 bridgeflap-k1210 NetworkManager[3236]: [1496743049.2950] keyfile: error loading connection from file /etc/NetworkManager/system-connections/TALKTALK-E8D140-50a6bcfd-4d2e-4ec2-9a43-38d3d1cd21b2: invalid connection: connection.type: property is missing
通过KDE的NetworkManager小程序删除连接似乎已修复此“属性丢失”错误,暂时我恢复了网络连接,但在重新启动时我又回到了相同的[显然] DNS解析器问题,并且该错误不再出现在期刊上。
似乎我要离开尝试sudo systemctl disable systemd-resolved并返回dnsmasq或者我收集,使用unbound (此解决方案建议使用resolvconf ),或者可能设置静态名称服务器?
那么,下一步该尝试什么?
为了预测这个建议,我的/etc/resolv.conf已经是/ run / systemd /的一个符号链接…实际挂起……不,它没有……
sudo apt remove resolvconf sudo mv /etc/resolv.conf{,.20170606a} sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf sudo dpkg-reconfigure systemd sudo systemctl disable resolvconf.service sudo systemctl restart systemd-resolved.service networking.service
看起来它有效,我现在得到更长的延伸〜200s mtr ping成功,但仍然下降仍然有错误是syslog喜欢:
Jun 6 14:50:41 bridgeflap-k1210 systemd-resolved[25306]: Switching to DNS server 208.67.222.222 for interface wlan15. Jun 6 14:50:43 bridgeflap-k1210 systemd-resolved[25306]: Switching to DNS server 208.67.220.220 for interface wlan15. Jun 6 14:50:43 bridgeflap-k1210 systemd-resolved[25306]: Using degraded feature set (UDP+EDNS0) for DNS server 208.67.220.220. Jun 6 14:50:44 bridgeflap-k1210 systemd-resolved[25306]: Switching to DNS server 8.8.8.8 for interface wlan15.
救命!?
我使用Wireshark监视连接并在“DNS”上过滤 – 我可以看到我没有查看的域的查找。 值得庆幸的是,我在FireTV加密狗(2017版)上认可了一个应用程序的域名。 整个问题是FireTV通过我的路由器上的DHCP“窃取”了租约,因为桌面出现问题; 可能是它收到了一半的数据包,或者路由器因同一个本地子网上有2个设备使用相同的IP地址而感到困惑。
解决方法是“忘记”FireTV上的网络连接。 设置连接时选择“手动”,在“确定”和“取消”按钮之间有一个小的“高级按钮”(我第一次错过了)。 我选择了不同的IP,现在一切正常。
值得注意的是,路由器有一个部分通过IP和MAC查看所有连接的设备,当两个设备连接相同的IP时,路由器没有显示任何设备(但继续显示网络上的其他设备)。
[不确定是将此保留在此处还是删除并在其他地方发布?]