安装与启动
1
2
3
| sudo apt update
sudo apt install -y systemd-resolved
sudo systemctl enable --now systemd-resolved
|
让系统使用本地 DNS stub
1
| sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
|
- stub-resolv.conf 的 nameserver 是 127.0.0.53,所有查询才会进入 systemd-resolved。
配置 DNS over TLS(DoT)
建立 drop-in 配置
1
2
| sudo mkdir -p /etc/systemd/resolved.conf.d
vim /etc/systemd/resolved.conf.d/dot.conf
|
文件内容示例(Cloudflare + Quad9 + Google 作主备):
1
2
3
4
5
| [Resolve]
DNS=1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
FallbackDNS=8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
DNSOverTLS=yes
DNSSEC=allow-downgrade
|
重启服务
1
| sudo systemctl restart systemd-resolved
|
