ubuntu22.04 DNSSEC(加密DNS服务) configuration

/etx/systemd/resolved.conf是ubuntu下DNS解析服务配置文件，systemd为ubuntu下system and service配置目录

step 1------修改resolved.conf参数

管理员权限打开 /systemd/resolved.conf

sudo nano /etc/systemd/resolved.conf

修改如下：

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.

[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
DNS=1.1.1.1 
FallbackDNS=9.9.9.9
#Domains=
DNSSEC=allow-downgrade
DNSOverTLS=opportunistic
#MulticastDNS=no
#LLMNR=no
Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=yes
#DNSStubListenerExtra=
ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

参数的具体含义见ubuntu manual

step2------重启DNS服务

systemctl restart systemd-resolved #重置DNS服务
systemctl enable systemd-resolved 	#开机自启动

resolvectl 为DNS指令，查看状态用status参数

brief1------ubuntu系统调用库resolvectl&systemctl的解析

resolvectl为解析服务调用，只有查看状态和重置参数命令，用python的库可以实现

systemctl为系统调用，

依次有元命令，元文件命令

机器命令------展示机器指令

作业命令------display作业，取消作业

check，modify环境变量

系统和服务 管理指令------对system manager的配置与执行

系统(调用)命令

step3------小时牛刀

为了更高效地工作，请务必运行以下命令 ～～

服务的操作

启动服务：systemctl start vsftpd.service

关闭服务：systemctl stop vsftpd.service

重启服务：systemctl restart vsftpd.service

显示服务的状态：systemctl status vsftpd.service

在开机时启用服务：systemctl enable vsftpd.service

在开机时禁用服务：systemctl disable vsftpd.service

查看服务是否开机启动：systemctl is-enabled vsftpd.service

查看已启动的服务列表：systemctl list-unit-files|grep enabled

查看启动失败的服务列表：systemctl --failed