TL; DR
我遇到一种奇怪的情况,我可以在某些主机上进行DNS查找,但不能在其他主机上进行。这似乎与resolv.conf有关,它有一个指向我的名称服务器的名称服务器条目,另一个可能与docker有关,但我不确定如何解决它。
问题
我一直在阅读StéphaneGraber对LXD的出色介绍,并想尝试一下。因此,我做了:
$ sudo usermod -a -G lxd <myusername>
$ newgrp lxd
$ sudo lxd init
我使用所有默认设置对其进行了配置。然后输入:
$ lxc image list images:
error: Get https://images.linuxcontainers.org/streams/v1/index.json: lookup images.linuxcontainers.org: no such host
一些测试
我尝试从另一台PC上的Web浏览器访问该地址,但效果很好。因此,我认为DNS设置一定有问题,但是:
$ host images.linuxcontainers.org
images.linuxcontainers.org is an alias for canonical.images.linuxcontainers.org.
canonical.images.linuxcontainers.org has address 91.189.91.21
canonical.images.linuxcontainers.org has address 91.189.88.37
canonical.images.linuxcontainers.org has IPv6 address 2001:67c:1560:8001::21
canonical.images.linuxcontainers.org has IPv6 address 2001:67c:1562::41
所以我尝试了wget:
$ wget https://images.linuxcontainers.org/streams/v1/index.json
--2016-11-10 15:56:22-- https://images.linuxcontainers.org/streams/v1/index.json
Resolving images.linuxcontainers.org (images.linuxcontainers.org)... failed: Name or service not known.
wget: unable to resolve host address "images.linuxcontainers.org"
这使我认为我的互联网连接有问题,但是如果使用us.images.linuxcontainers.org(我在网上看到有人提到过):
$ wget https://us.images.linuxcontainers.org/streams/v1/index.json
--2016-11-10 15:57:26-- https://us.images.linuxcontainers.org/streams/v1/index.json
Resolving us.images.linuxcontainers.org (us.images.linuxcontainers.org)... 91.189.91.21, 2001:67c:1562::41
Connecting to us.images.linuxcontainers.org (us.images.linuxcontainers.org)|91.189.91.21|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3086 (3.0K) [application/json]
Saving to: "index.json"
index.json 100%[==================================================================================>] 3.01K --.-KB/s in 0s
2016-11-10 15:57:26 (8.36 MB/s) - "index.json" saved [3086/3086]
我也试过canonical.images.linuxcontainers.org,其中(根据host以上)是什么images.linuxcontainers.org是一个别名和工作过,所以看起来host可以查找images.linuxcontainers.org,而wget与lxc不能,但 wget 可以访问canonical.images.linuxcontainers.org和我尝试过的大多数其他站点。
$ wget https://canonical.images.linuxcontainers.org/streams/v1/index.json
--2016-11-10 16:02:28-- https://canonical.images.linuxcontainers.org/streams/v1/index.json
Resolving canonical.images.linuxcontainers.org (canonical.images.linuxcontainers.org)... 91.189.91.21, 91.189.88.37
Connecting to canonical.images.linuxcontainers.org (canonical.images.linuxcontainers.org)|91.189.91.21|:443... connected.
ERROR: no certificate subject alternative name matches
requested host name "canonical.images.linuxcontainers.org".
To connect to canonical.images.linuxcontainers.org insecurely, use `--no-check-certificate'.
$ wget --no-check-certificate https://canonical.images.linuxcontainers.org/streams/v1/index.json
--2016-11-10 16:02:37-- https://canonical.images.linuxcontainers.org/streams/v1/index.json
Resolving canonical.images.linuxcontainers.org (canonical.images.linuxcontainers.org)... 91.189.88.37, 91.189.91.21
Connecting to canonical.images.linuxcontainers.org (canonical.images.linuxcontainers.org)|91.189.88.37|:443... connected.
WARNING: no certificate subject alternative name matches
requested host name "canonical.images.linuxcontainers.org".
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://uk.images.linuxcontainers.org/streams/v1/index.json [following]
--2016-11-10 16:02:37-- https://uk.images.linuxcontainers.org/streams/v1/index.json
Resolving uk.images.linuxcontainers.org (uk.images.linuxcontainers.org)... 91.189.88.37, 2001:67c:1560:8001::21
Connecting to uk.images.linuxcontainers.org (uk.images.linuxcontainers.org)|91.189.88.37|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3086 (3.0K) [application/json]
Saving to: "index.json.1"
index.json.1 100%[==================================================================================>] 3.01K --.-KB/s in 0s
2016-11-10 16:02:38 (96.5 MB/s) - "index.json.1" saved [3086/3086]
我也试着wget -4和wget -6排除IPv6的问题,但结果都是一样的两种方式。最终,我尝试了其他一些类似的程序,w3m但两者之间没有任何区别。
我显然缺少了一些东西;谁能为我为什么无法lxc下载图像列表提供任何建议?
个人电脑
PC是运行Ubuntu Server 16.10的相对较新的安装,主要主机中安装的软件包很少。Docker已安装并正在运行,但没有容器启动。有趣的是,我最近重新启动到内核4.8.6中,以测试我遇到的另一个问题,使用该内核,我可以访问images.linuxcontainers.org,但是docker无法启动,所以我想知道这是否与docker有关。
组态
/etc/resolv.conf看起来像这样(但由于某种原因,我不知道,实际上是的符号链接/run/resolvconf/resolv.conf):
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.254
nameserver 127.0.0.53
search lan
如果我确实查询列出的第一个名称服务器,则会得到与不附加名称服务器地址相同的结果:
$ host images.linuxcontainers.org 192.168.1.254
images.linuxcontainers.org is an alias for canonical.images.linuxcontainers.org.
canonical.images.linuxcontainers.org has address 91.189.91.21
canonical.images.linuxcontainers.org has address 91.189.88.37
canonical.images.linuxcontainers.org has IPv6 address 2001:67c:1560:8001::21
canonical.images.linuxcontainers.org has IPv6 address 2001:67c:1562::41
如果我确实查询第二个,它将超时而无法到达服务器:
$ host images.linuxcontainers.org 127.0.0.53
;; connection timed out; no servers could be reached
如果我查询第二个但使用规范名称,它将起作用,然后超时???
$ host canonical.images.linuxcontainers.org 127.0.0.53
Using domain server:
Name: 127.0.0.53
Address: 127.0.0.53#53
Aliases:
canonical.images.linuxcontainers.org has address 91.189.88.37
canonical.images.linuxcontainers.org has address 91.189.91.21
;; connection timed out; no servers could be reached
;; connection timed out; no servers could be reached
编辑1:
/etc/nsswitch.conf 看起来像这样:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files resolve [!UNAVAIL=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
编辑2
修改后的nsswitch.conf现在看起来像这样:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files resolve dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
编辑3
/etc/systemd/resolved.conf的内容:
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details
[Resolve]
#DNS=
#FallbackDNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
#Domains=
#LLMNR=yes
#DNSSEC=no
#Cache=yes
@muru我已经在上面添加了它(这个不是符号链接)
—
DrAl 16'Nov
@ThatGuy谢谢你。这并不适用于所有服务器(这取决于服务器是否在寻找域名)-在这种情况下,无论如何我都可以使用canonical.images.linuxcontainers.org,因为这似乎可行。但是,我也需要说服
—
DrAl
lxc image list并lxc launch使用它而不是内置地址。
@DrAl,这是第一次看到
—
user.dz
resolvehosts关键字,似乎错了。您应该有类似的东西,hosts: files dns [!UNAVAIL=return]或者如果您已安装mDNS files dns mdns4_minimal [NOTFOUND=return] mdns4。您可以删除[NOTFOUND=return]或 [!UNAVAIL=return],这是默认操作(如果没有要查询的内容)。
@ user.dz,我尝试删除此文件(尽管这是我的安装设置的默认设置,因为我以前从未接触过此文件)。这似乎使wget可以工作(尽管在延迟几秒钟之后“正在解决images.linuxcontainers.org”)。谢谢!任何想法为什么可能将其添加到我的/etc/nsswitch.conf中?上面的“ PC”部分中的链接中列出了安装到服务器上的服务器
—
DrAl 2016年
/etc/resolv.conf通常是Ubuntu上的符号链接,这很正常。是什么/etc/nsswitch.conf内容?