systemd-resolved + NetworkManager를 사용하여 Debian 기반 Linux 배포판에서 전역 DNS + MAC 주소 설정 지정

systemd-resolved + NetworkManager를 사용하여 Debian 기반 Linux 배포판에서 전역 DNS + MAC 주소 설정 지정

저는 Debian 기반 Linux 배포판, 특히 Pop!_OS 22.04(Ubuntu jammy)를 실행하고 있습니다. 사용자 정의 DNS + MAC 주소 설정을 전역적으로 설정하고 싶습니다. 즉, 모든 네트워크 연결에 자동으로 새 연결과 기존 연결을 적용하고 싶습니다.

특히 다음 설정을 변경하고 싶습니다.

  • DNSSEC 활성화
  • DNS-over-TLS 활성화
  • 내 DNS 서버를 다음으로 변경하세요.AdGuard DNS
  • MAC 주소 무작위화 활성화

현재 저는 세 개의 파일을 만들었습니다.~해야 한다이러한 변경을 수행하십시오.

/etc/systemd/resolved.conf.d/dns.conf:

DNSSEC=allow-downgrade
DNSOverTLS=opportunistic

/etc/NetworkManager/dns.conf:

# specify dns servers
# ignore dhcp-provided

[ipv4]
dns=94.140.14.14;94.140.15.15;
ignore-auto-dns=true

[ipv6]
dns=2a10:50c0::ad1:ff;2a10:50c0::ad2:ff;
ignore-auto-dns=true

/etc/NetworkManager/mac.conf:

[device]
# randomize mac address when scanning for wifi networks
wifi.scan-rand-mac-address=yes

[connection]
# randomize mac address upon initial network connection
# retain generated mac address for all future reconnections
# (per-network)
ethernet.cloned-mac-address=stable
wifi.cloned-mac-address=stable

이러한 파일을 생성하고 재부팅을 실행한 후에는 네트워크 연결과 관련된 변경 사항이 적용되었다는 표시가 없습니다.

AdGuard의 테스트 페이지에는 DNS가 "실행되지 않음"으로 표시됩니다.

$ nmcli dev show wlp0s20f3(Wi-Fi 카드):

GENERAL.DEVICE:                         wlp0s20f3
GENERAL.TYPE:                           wifi
GENERAL.HWADDR:                         C6:F5:1A:8E:84:4D
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     NotYourWiFi
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveC>
IP4.ADDRESS[1]:                         192.168.0.153/24
IP4.GATEWAY:                            192.168.0.1
IP4.ROUTE[1]:                           dst = 192.168.0.0/24, nh = 0.0.0.0, mt >
IP4.ROUTE[2]:                           dst = 169.254.0.0/16, nh = 0.0.0.0, mt >
IP4.ROUTE[3]:                           dst = 0.0.0.0/0, nh = 192.168.0.1, mt =>
IP4.DNS[1]:                             192.168.0.1
IP4.DOMAIN[1]:                          mbfamily.localdomain
IP6.ADDRESS[1]:                         fe80::70e0:14db:aeb6:b6be/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024

$ resolvectl status:

Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp0s31f6)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp0s20f3)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
       DNS Servers: 192.168.0.1
        DNS Domain: mbfamily.localdomain

/etc/resolv.conf:

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search mbfamily.localdomain

/run/systemd/resolve/resolv.conf:

# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 192.168.0.1
search mbfamily.localdomain

$ systemd-analyze cat-config systemd/resolved.conf것을 보여줍니다resolved.conf.d/dns.conf ~이다그러나 읽고 있습니다 :

# /etc/systemd/resolved.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full co>
#
# See resolved.conf(5) for details.

[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4>
# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.go>
# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#d>
#DNS=
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

# /etc/systemd/resolved.conf.d/dns.conf
DNSSEC=allow-downgrade
DNSOverTLS=opportunistic

답변1

이것은 DNSSEC에 대한 내 systemd-resolved 구성이며 작동합니다.

/etc/systemd/resolved.conf

DNS=9.9.9.9#dns9.quad9.net 2620:fe::fe#dns9.quad9.net 2620:fe::9#dns9.quad9.net
FallbackDNS=149.112.112.112#rpz-public-resolver1.rrdns.pch.net
Domains=home.arpa
DNSSEC=yes
DNSOverTLS=yes
MulticastDNS=no
LLMNR=no
Cache=yes
DNSStubListener=yes
ReadEtcHosts=yes
ResolveUnicastSingleLabel=no

다음과 같은 옵션을 비활성화하는 것이 특히 중요합니다.

MulticastDNS=no
LLMNR=no

이것이 작동하려면 systemd-resolved 또는 systemd-socket의 stub-resolver를 사용해야 합니다.

cd /etc/ && ln -sf /run/systemd/resolve/stub-resolv.conf resolv.conf

관련 정보