Skip to main content

ubuntu24.04本地域服务器dns解析解决方案

# 问题根源与完整修复步骤
## 核心原因1:`Domains=~local:192.168.0.5` 语法存在兼容性缺陷
Ubuntu24.04 的 systemd-resolved 对 `~域名:DNS` 这种绑定写法识别不稳定,`.local` 仍会被 mDNS 逻辑拦截,推荐用**drop-in分片配置**强制覆盖本地域转发规则,不直接改主文件。
## 核心原因2:netplan 与 resolved 配置存在优先级冲突,cloud-init 可能覆盖网卡DNS
## 步骤1:创建 resolved 专用drop-in配置(最有效修复)
```bash
# 创建配置目录
mkdir -p /etc/systemd/resolved.conf.d/
# 写入强制转发local域配置
tee /etc/systemd/resolved.conf.d/99-fix-local-dns.conf <<EOF
[Resolve]
DNS=192.168.0.5
# 所有.local 强制走单播DNS,彻底禁用mDNS
MulticastDNS=no
LLMNR=no
# 强制将local域路由到内网DNS
Domains=local
DNSOverTLS=no
DNSSEC=no
EOF
```
## 步骤2:修正主配置 `/etc/systemd/resolved.conf`
把 `Domains=~local:192.168.0.5` 删除,只保留基础配置:
```ini
[Resolve]
DNS=192.168.0.5
MulticastDNS=no
LLMNR=no
#Domains=~local:192.168.0.5  # 注释/删除这一行
#FallbackDNS=
#DNSSEC=no
#DNSOverTLS=no
#Cache=no-negative
#DNSStubListener=yes
```
## 步骤3:重启并重载解析服务
```bash
# 重载systemd配置
systemctl daemon-reload
# 重启解析服务
systemctl restart systemd-resolved
# 清空全部缓存
resolvectl flush-caches
# 查看完整生效配置,确认drop-in加载成功
systemd-analyze cat-config systemd/resolved.conf
```
## 步骤4:验证网卡DNS域规则
```bash
resolvectl status eth0
```
输出必须看到两行关键内容:
1. `DNS Servers: 192.168.0.5`
2. `Domains: local`

## 步骤5:测试解析
```bash
nslookup shuncom.local
```
正常会直接返回 `192.168.0.4 / 0.5 / 0.8`,不再报SERVFAIL。

---

# 若依旧报错:兜底方案(彻底绕开systemd-resolved拦截)
## 方案A:修改netplan,强制为local域指定独立DNS
编辑 `/etc/netplan/50-cloud-init.yaml`,给eth0增加`domains`绑定:
```yaml
eth0:
    addresses:
    - 192.168.4.16/24
    nameservers:
        addresses:
        - 192.168.0.5
        search: [shuncom.local]
        # 强制local后缀全部转发到192.168.0.5
        domains:
            - local:192.168.0.5
    routes:
    -   to: default
        via: 192.168.4.1
```
生效配置:
```bash
netplan apply
systemctl restart systemd-resolved
resolvectl flush-caches
```

## 方案B:永久禁用systemd-resolved stub监听(完全绕过127.0.0.53)
1. 修改 `/etc/systemd/resolved.conf`
```ini
DNSStubListener=no
```
2. 重建 `/etc/resolv.conf` 软链接,直接指向内网DNS
```bash
rm -f /etc/resolv.conf
echo "nameserver 192.168.0.5" > /etc/resolv.conf
```
3. 重启服务
```bash
systemctl daemon-reload
systemctl restart systemd-resolved
```
此时 `nslookup` 不再走本地127.0.0.53,直接查询192.168.0.5,彻底解决.local拦截问题。

---

# 补充关键说明
1. `.local` 是mDNS标准保留域,只要启用systemd-resolved,默认优先组播解析,**仅关闭MulticastDNS并强制Domains转发才能覆盖**;
2. `~local:dnsip` 这种格式是高级路由语法,部分systemd版本存在bug,改用drop-in分片配置兼容性更强;
3. 长期建议:内网DNS后缀更换为 `.lan` / `.corp`,从根源规避mDNS冲突。