问题描述:
Ubuntu系统Gnome桌面顶部栏的网络图标经常变成了一个问号。期间不能打开网页,在终端里面ping公网有时能通但丢包严重,或者根本就不通,错误提示Temporary failure in name resolution,表示域名解析失败。
问题原因:
- Ubuntu默认安装的DNS解析工具systemd-resolved存在问题;
- 系统频繁对网络信号进行连接检查,导致不能联网。
解决办法:
一、将DNS解析工具从systemd-resolved切换为unbound
1、安装unbound
sudo apt-get install unbound
2、安装resolvconf
sudo apt-get install resolvconf
3、禁用默认域名解析工具systemd-resolved并停止正在运行的程序
sudo systemctl disable systemd-resolved.service
sudo systemctl disable systemd-resolved
4、配置NetworkManager,使其使用unbound作为系统的域名解析工具
sudo vim /etc/NetworkManeger/NetworkManager.conf
在该配置文件中,紧跟plugins在下面一行加上dns=unbound:
[main]
plugins=ifupdown,keyfile
dns=unbound
[ifupdown]
managed=false
[device]
wifi.scan-rand-mac-address=no
5、手动启用unbound
sudo systemctl enable unbound-resolvconf
sudo systemctl enable unbound
6、修改unbound配置文件/etc/unbound/unbound.conf
查看unbound.conf的manual页面
man unbound.conf
可以看到有以下一段内容:
server:
directory: "/etc/unbound"
username: unbound
# make sure unbound can access entropy from inside the chroot.
# e.g. on linux the use these commands (on BSD, devfs(8) is used):
# mount --bind -n /dev/random /etc/unbound/dev/random
# and mount --bind -n /dev/log /etc/unbound/dev/log
chroot: "/etc/unbound"
# logfile: "/etc/unbound/unbound.log" #uncomment to use logfile.
pidfile: "/etc/unbound/unbound.pid"
# verbosity: 1 # uncomment and increase to get more logging.
# listen on all interfaces, answer queries from the local subnet.
interface: 0.0.0.0
interface: ::0
access-control: 10.0.0.0/8 allow
access-control: 2001:DB8::/64 allow
把这段配置内容追加到文件/etc/unbound/unbound.conf中:
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"
directory: "/etc/unbound"
username: unbound
# make sure unbound can access entropy from inside the chroot.
# e.g. on linux the use these commands (on BSD, devfs(8) is used):
# mount --bind -n /dev/random /etc/unbound/dev/random
# and mount --bind -n /dev/log /etc/unbound/dev/log
chroot: "/etc/unbound"
# logfile: "/etc/unbound/unbound.log" #uncomment to use logfile.
pidfile: "/etc/unbound/unbound.pid"
# verbosity: 1 # uncomment and increase to get more logging.
# listen on all interfaces, answer queries from the local subnet.
interface: 0.0.0.0
interface: ::0
access-control: 10.0.0.0/8 allow
access-control: 2001:DB8::/64 allow
7、修改resolvconf配置文件/etc/resolconf/resolv.conf.d/tail
查看unbound的manual页面,可以看到有以下一段内容:
To use a locally running Unbound for resolving put
nameserver 127.0.0.1
into resolv.conf(5).
这里意思是,要使用某一个域名服务器,就要将该服务器的键值对写入到/etc/resolv.conf中。比如要使用本地的unbound程序做域名解析,就把nameserver 127.0.0.1加入到文件/etc/resolv.conf中。
但是我们打开文件/etc/resolv.conf,发现文件头部的描述如下:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
这里说明文件/etc/resolv.conf的内容是又resolvconf软件生成的,手动修改只能临时起作用,一旦主机重启文件中的内容就会消失。因此我们必须在resolvconf软件中找到配置该文件的配置文件。
查看resolvconf软件的manual页面,我们发现了如下内容:
FILES
/etc/default/resolvconf
See the ENVIRONMENT VARIABLES section.
/etc/resolvconf/interface-order
Determines the order of precedence of nameserver addresses and
search domain names. See above and interface-order(5).
/etc/resolvconf/resolv.conf.d/base
File containing basic resolver information. The lines in this
file are included in the resolver configuration file even when
no interfaces are configured.
/etc/resolvconf/resolv.conf.d/head
File to be prepended to the dynamically generated resolver con‐
figuration file. Normally this is just a comment line.
/etc/resolvconf/resolv.conf.d/tail
File to be appended to the dynamically generated resolver con‐
figuration file. To append nothing, make this an empty file.
This file is a good place to put a resolver options line if one
is needed, e.g.,
/etc/resolvconf/resolv.conf.d/original
Copy of the /etc/resolv.conf file before the resolvconf package
was installed. This file has no effect on the functioning of
resolvconf; it is retained so that /etc/resolv.conf can be
restored to its original state if the resolvconf package is
removed.
Note also that a copy of this file is included in the database
until the first reboot after installation of the resolvconf
package; this ensures that nameservers reachable before instal‐
lation of resolvconf are still reachable after installation of
resolvconf even though at that point not all suppliers of name‐
server information may have supplied their information to
resolvconf(8).
Note also that the administrator can choose to create a symbolic
link in /etc/resolvconf/resolv.conf.d/ from tail to original so
that the contents of original are always added to the end of the
dynamically generated file.
从中找到文件 /etc/resolvconf/resolv.conf.d/tail,该文件用来生成/etc/resolv.conf的配置文件质之一。
在文件 /etc/resolvconf/resolv.conf.d/tail中加入需要的键值对之后,重启主机就能在文件/etc/resolv.conf中看到配置好的DNS:
nameserver 119.29.29.29
nameserver 233.5.5.5
nameserver 114.114.114.114
nameserver 1.1.1.1
目前可用的DNS主要有以下:
- 腾讯的公用免费DNS: 119.29.29.29(首选)、182.254.116.116(备选)
- 阿里的公用免费DNS: 233.5.5.5(首选)、233.6.6.6(备选)
- 国内移动、电信和联通通用的公用免费DNS: 114.114.114.114
- Cloudflare的公用免费DNS: 1.1.1.1(首选)、1.0.0.1(备选)
二、关闭系统的网络连接检查
网络信号的连接检查是导致WiFi图标经常变成问号的原因,不过这种状态下并不影响主机的网络连接,只是比较影响心情。
这里的方法是:进入设置-》隐私-》关闭连接检查。
三、如果不关闭网络连接检查可以配置文件/etc/ppp/options
这里的解决方法参考一篇博客Ubuntu网络频繁掉线解决方案
/etc/PPP/options其中的lcp-echo-failure默认设为4,lcp-echo-interval设为30秒,也就是说如果120秒钟之内ADSL网络服务器没有回echo-reply信号。
可能是国内ADSL网络本身的问题,服务器好像是不会回echo-reply信号(有待考证)或者很长时间才会回echo-reply信号。所以可以把上面两个参数适当地调大一些。
- 打开配置文件/etc/ppp/options
sudo vim /etc/ppp/options
- 在options文件中找到以下两行代码
lcp-echo-failure 4
lcp-echo-interval 30
- 把
lcp-echo-failure 4改为lcp-echo-failure 15 - 重启主机使配置生效