作者：Yuan Jianpeng 邮箱：yuanjp89@163.com

发布时间：2025-12-16 站点：Inside Linux Development

最近写了个vpn，但是发现google.com.hk概率性打不开。

chrome开启secure dns后可以打开，firefox大概率打不开。

最终分析是dns污染导致的。

fedora默认使用systemd-resolved服务。它默认会使用所有interface的dns server。

将tun0的default-route设置为true，将默认网卡的default-route设置为false后，就可以了。

也可以设置domain，让google走tun0。

yuanjp@fedora:~/proj/pvpn2$ sudo resolvectl default-route tun0 true

yuanjp@fedora:~/proj/pvpn2$ sudo resolvectl default-route enp4s0 false
yuanjp@fedora:~/proj/pvpn2$ 
yuanjp@fedora:~/proj/pvpn2$ resolvectl
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (enp1s0f0)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (enp4s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 2409:8057:2000:2::8
       DNS Servers: 8.8.8.8 2409:8057:2000:6::8 2409:8057:2000:2::8

Link 4 (enp1s0f1)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 5 (wlo1)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 22 (tun0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 8.8.8.8
       DNS Servers: 8.8.8.8

参考：

https://www.geeksforgeeks.org/techtips/how-to-clear-dns-cache-in-firefox-using-about-networking/

systemd-resolved参考：

查看服务状态

systemctl status systemd-resolved.service

手册：

man systemd-resolved

man org.freedesktop.resolve1

官方文档

Writing Network Configuration Managers

https://wiki.freedesktop.org/www/Software/systemd/writing-network-configuration-managers/

systemd最新的官网

https://systemd.io/

https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS/

https://systemd.io/RESOLVED-VPNS/

配置和命令

resolved.conf, resolved.conf.d — Network Name Resolution configuration files

https://www.freedesktop.org/software/systemd/man/latest/resolved.conf.html

resolvectl, resolvconf — Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver

https://www.freedesktop.org/software/systemd/man/latest/resolvectl.html

Copyright © linuxdev.cc 2017-2024. Some Rights Reserved.