systemd-resolved实战：配置优化全解析

systemd-resolved.service 实验实战：配置与优化

systemd-resolved 是 systemd 生态中用于管理 DNS 解析的核心服务，支持缓存、DNSSEC 验证和多链路 DNS 路由。以下通过实验演示其核心功能与实战配置。

启用与基础配置

检查服务状态并激活：

systemctl status systemd-resolved
systemctl enable --now systemd-resolved

配置主 DNS 服务器（以 Cloudflare 为例）：

resolvectl dns eth0 1.1.1.1 2606:4700:4700::1111
resolvectl domain eth0 ~example.com

DNSSEC 验证测试

启用严格 DNSSEC 验证：

resolvectl dnsssec eth0 yes

验证效果：

dig +dnssec example.com | grep -E 'flags:|RRSIG'

多链路 DNS 策略

为不同接口分配独立 DNS：

resolvectl dns eth0 192.168.1.1
resolvectl dns wlan0 8.8.8.8

设置路由域实现分流：

resolvectl domain eth0 ~internal.company
resolvectl domain wlan0 ~.

缓存性能分析

查看缓存统计：

resolvectl statistics

清空缓存并测试响应时间：

resolvectl flush-caches
time dig archlinux.org

日志调试技巧

启用调试日志：

mkdir -p /etc/systemd/system/systemd-resolved.service.d/
echo -e "[Service]\nEnvironment=SYSTEMD_LOG_LEVEL=debug" > /etc/systemd/system/systemd-resolved.service.d/debug.conf
systemctl daemon-reload

跟踪查询过程：

journalctl -u systemd-resolved -f

故障排除场景

处理 NXDOMAIN 错误：

resolvectl query --cache=no example.org

检测 DNSSEC 失效：

resolvectl validate google.com

高级配置示例

配置 DNS-over-TLS：

# /etc/systemd/resolved.conf.d/dot.conf
[Resolve]
DNS=9.9.9.9#dns.quad9.net
DNSOverTLS=yes

设置 LLMNR 禁用：

resolvectl llmnr eth0 off

性能优化参数

调整缓存大小与 TTL：

# /etc/systemd/resolved.conf.d/cache.conf
[Resolve]
Cache=yes
CacheFromLocalhost=no
DNSStubListenerExtra=127.0.0.53:5353

网络命名空间支持

在隔离环境中使用：

ip netns add testns
resolvectl --netns=testns query example.com

通过以上实验可全面掌握 systemd-resolved 的核心功能，包括安全加固、性能调优和复杂网络环境适配。实际部署时应根据网络拓扑和安全策略调整参数组合。

BbS.okacop081.info/PoSt/1120_359953.HtM
BbS.okacop082.info/PoSt/1120_038872.HtM
BbS.okacop083.info/PoSt/1120_543195.HtM
BbS.okacop084.info/PoSt/1120_997720.HtM
BbS.okacop085.info/PoSt/1120_322379.HtM
BbS.okacop086.info/PoSt/1120_452767.HtM
BbS.okacop087.info/PoSt/1120_779129.HtM
BbS.okacop088.info/PoSt/1120_348864.HtM
BbS.okacop090.info/PoSt/1120_022798.HtM
BbS.okacop091.info/PoSt/1120_852654.HtM
BbS.okacop081.info/PoSt/1120_216179.HtM
BbS.okacop082.info/PoSt/1120_518737.HtM
BbS.okacop083.info/PoSt/1120_066947.HtM
BbS.okacop084.info/PoSt/1120_148358.HtM
BbS.okacop085.info/PoSt/1120_902783.HtM
BbS.okacop086.info/PoSt/1120_721268.HtM
BbS.okacop087.info/PoSt/1120_663436.HtM
BbS.okacop088.info/PoSt/1120_552133.HtM
BbS.okacop090.info/PoSt/1120_588651.HtM
BbS.okacop091.info/PoSt/1120_234608.HtM
BbS.okacop081.info/PoSt/1120_976397.HtM
BbS.okacop082.info/PoSt/1120_237808.HtM
BbS.okacop083.info/PoSt/1120_976829.HtM
BbS.okacop084.info/PoSt/1120_385690.HtM
BbS.okacop085.info/PoSt/1120_533740.HtM
BbS.okacop086.info/PoSt/1120_339118.HtM
BbS.okacop087.info/PoSt/1120_134838.HtM
BbS.okacop088.info/PoSt/1120_537538.HtM
BbS.okacop090.info/PoSt/1120_334756.HtM
BbS.okacop091.info/PoSt/1120_579044.HtM
BbS.okacop092.info/PoSt/1120_762697.HtM
BbS.okacop093.info/PoSt/1120_139650.HtM
BbS.okacop094.info/PoSt/1120_647569.HtM
BbS.okacop095.info/PoSt/1120_618862.HtM
BbS.okacop096.info/PoSt/1120_377023.HtM
BbS.okacop097.info/PoSt/1120_589933.HtM
BbS.okacop098.info/PoSt/1120_428677.HtM
BbS.okacop099.info/PoSt/1120_693006.HtM
BbS.okacop114.info/PoSt/1120_986393.HtM
BbS.okacop829.info/PoSt/1120_491811.HtM
BbS.okacop092.info/PoSt/1120_000466.HtM
BbS.okacop093.info/PoSt/1120_322423.HtM
BbS.okacop094.info/PoSt/1120_358307.HtM
BbS.okacop095.info/PoSt/1120_553454.HtM
BbS.okacop096.info/PoSt/1120_429464.HtM
BbS.okacop097.info/PoSt/1120_281454.HtM
BbS.okacop098.info/PoSt/1120_287152.HtM
BbS.okacop099.info/PoSt/1120_088722.HtM
BbS.okacop114.info/PoSt/1120_327554.HtM
BbS.okacop829.info/PoSt/1120_562827.HtM
BbS.okacop092.info/PoSt/1120_193348.HtM
BbS.okacop093.info/PoSt/1120_819812.HtM
BbS.okacop094.info/PoSt/1120_445716.HtM
BbS.okacop095.info/PoSt/1120_829324.HtM
BbS.okacop096.info/PoSt/1120_354739.HtM
BbS.okacop097.info/PoSt/1120_245060.HtM
BbS.okacop098.info/PoSt/1120_311152.HtM
BbS.okacop099.info/PoSt/1120_295408.HtM
BbS.okacop114.info/PoSt/1120_634463.HtM
BbS.okacop829.info/PoSt/1120_219673.HtM
BbS.okacop092.info/PoSt/1120_743188.HtM
BbS.okacop093.info/PoSt/1120_442977.HtM
BbS.okacop094.info/PoSt/1120_661781.HtM
BbS.okacop095.info/PoSt/1120_439914.HtM
BbS.okacop096.info/PoSt/1120_100268.HtM
BbS.okacop097.info/PoSt/1120_614938.HtM
BbS.okacop098.info/PoSt/1120_249340.HtM
BbS.okacop099.info/PoSt/1120_713348.HtM
BbS.okacop114.info/PoSt/1120_417067.HtM
BbS.okacop829.info/PoSt/1120_616359.HtM
BbS.okacop092.info/PoSt/1120_801331.HtM
BbS.okacop093.info/PoSt/1120_101523.HtM
BbS.okacop094.info/PoSt/1120_105791.HtM
BbS.okacop095.info/PoSt/1120_429554.HtM
BbS.okacop096.info/PoSt/1120_227410.HtM
BbS.okacop097.info/PoSt/1120_087358.HtM
BbS.okacop098.info/PoSt/1120_536316.HtM
BbS.okacop099.info/PoSt/1120_443327.HtM
BbS.okacop114.info/PoSt/1120_794541.HtM
BbS.okacop829.info/PoSt/1120_979411.HtM

#牛客AI配图神器#