Last updated on December 17th, 2022 at 02:03 pm
Set up a permanent DNS resolver using the systemd resolver or nameserver information handler.
Systemd resolver
Check the status of the systemd-resolved service.
Advertisements
$ systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:systemd-resolved.service(8)
man:org.freedesktop.resolve1(5)
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Service configuration update.
$ sudoedit /etc/systemd/resolved.conf
# This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Entries in this file show the compile time defaults. # You can change settings by editing this file. # Defaults can be restored by simply deleting this file. # # See resolved.conf(5) for details [Resolve] # Some examples of DNS servers which may be used for DNS= and FallbackDNS=: # Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 # Google: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 # Quad9: 9.9.9.9 2620:fe::fe DNS=10.10.0.1 #FallbackDNS= Domains=example.org #DNSSEC=no #DNSOverTLS=no #MulticastDNS=yes #LLMNR=yes #Cache=yes #DNSStubListener=yes #DNSStubListenerExtra= #ReadEtcHosts=yes #ResolveUnicastSingleLabel=no
Start and enable the systemd-resolved service.
$ sudo systemctl enable --now systemd-resolved.service
Created symlink /etc/systemd/system/dbus-org.freedesktop.resolve1.service → /lib/systemd/system/systemd-resolved.service. Created symlink /etc/systemd/system/multi-user.target.wants/systemd-resolved.service → /lib/systemd/system/systemd-resolved.service.
Check the status of the service.
$ systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-09-27 22:43:43 CEST; 16s ago
Docs: man:systemd-resolved.service(8)
man:org.freedesktop.resolve1(5)
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 1093 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 1105)
Memory: 4.1M
CPU: 46ms
CGroup: /system.slice/systemd-resolved.service
└─1093 /lib/systemd/systemd-resolved
Check the generated resolv.conf file.
$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Don't edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "resolvectl status" to see details about the uplink DNS servers # currently in use. # # Third party programs should typically not access this file directly, but only # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a # different way, replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 trust-ad search example.org
Use the resolvectl utility to display global and individual DNS settings.
$ resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 10.10.0.1
DNS Servers: 10.10.0.1
DNS Domain: example.org
Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Use the resolvectl utility to query the DNS resolver.
$ resolvectl query linux.org
linux.org: 2606:4700:3033::6815:eaa -- link: eth0
2606:4700:3031::ac43:a015 -- link: eth0
104.21.14.170 -- link: eth0
172.67.160.21 -- link: eth0
-- Information acquired via protocol DNS in 24.1ms.
-- Data is authenticated: no
Name server information handler
The nameserver information handler is provided as an optional package.
$ apt info resolvconf
Package: resolvevconf Version: 1.87 Priority: optional Section: net Maintainer: resolvconf team <team+resolvconf@tracker.debian.org> Installed-Size: 204 kB Depends: lsb-base (>= 4.1+Debian3), debconf (>= 0.5) | debconf-2.0 Breaks: dhcp3-client (<< 4.1.1-P1-15+squeeze1), dnscache-run, sysv-rc (<< 2.88dsf-42) Enhances: dhcpcd, dnsmasq, ifupdown, isc-dhcp-client, libc6, network-manager, nscd, pdnsd, ppp, pump, udhcpc Homepage: Tag: admin::configuring, interface::commandline, network::configuration, protocol::dns, role::program, use::configuring Download-Size: 72.7 kB APT-Sources: http://ftp.task.gda.pl/debian bullseye/main amd64 Packages Description: name server information handler Resolvconf is a framework for keeping up to date the system's information about name servers. It sets itself up as the intermediate between programs that supply this information (such as ifup and ifdown, DHCP clients, the PPP daemon and local name servers) and programs that use this information (such as DNS caches and resolver libraries). . This package may require some manual configuration. Please read the README file for detailed instructions. </team+resolvconf@tracker.debian.org>
Install the resolvconf package.
$ sudo apt install resolvconf
Check configuration files.
$ ls -l /etc/resolvconf/resolv.conf.d/
total 8 -rw-r--r-- 1 root root 0 Sep 28 00:07 base -rw-r--r-- 1 root root 275 Sep 28 00:07 head -rw-r--r-- 1 root root 43 Sep 28 00:05 original -rw-r--r-- 1 root root 0 Sep 28 00:06 tail
The original file is only a backup, so you can restore the configuration as you see fit.
$ cat /etc/resolvconf/resolv.conf.d/original
domain lan search lan nameserver 10.10.0.1
The remaining files are used to build the resolv.conf configuration file.
It is built with head as the file header, interface configuration (static or dhcp), base and tail at the end.
You can create a link from tail to a source file to include the generated file in it.
$ cat /etc/resolvconf/resolv.conf.d/head
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "resolvectl status" to see details about the actual nameservers.
Enable resolvconf on boot and run it:
$ sudo systemctl enable --now resolvconf
Synchronizing state of resolvconf.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable resolvconf Created symlink /etc/systemd/system/sysinit.target.wants/resolvconf.service → /lib/systemd/system/resolvconf.service.
Check the status of the service:
$ systemctl status resolvconf
● resolvconf.service - Nameserver information manager
Loaded: loaded (/lib/systemd/system/resolvconf.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2021-09-28 00:36:52 CEST; 1min 23s ago
Docs: man:resolvconf(8)
Process: 641 ExecStart=/sbin/resolvconf --enable-updates (code=exited, status=0/SUCCESS)
Main PID: 641 (code=exited, status=0/SUCCESS)
CPU: 1ms
Check the configuration created for the DNS resolver.
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "resolvectl status" to see details about the actual nameservers. nameserver 10.10.0.1 search lan
Please note this will be a link.
$ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Sep 27 23:12 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
If necessary, add additional DNS configuration to the interface.
Note that this requires the resolvconf utility.
$ sdoedit /etc/network/interfaces.d/eth0
# The primary network interface allow-hotplug eth0 ## static address #iface eth0 inet static #address 10.10.1.9 #netmask 255.255.0.0 #gateway 10.10.0.1 # dns-nameserver 10.10.0.2 # dns-search example.net ## dynamic dhcp address iface eth0 inet dhcp dns-nameserver 10.10.0.2 dns-search example.net
Reboot your operating system.
Check the configuration created for the DNS resolver.
The configuration from DHCP and the interfaces file have been merged.
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "resolvectl status" to see details about the actual nameservers. nameserver 10.10.0.2 nameserver 10.10.0.1 search example.net lan
You can view the original data used to create the above configuration.
$ cat /var/run/resolvconf/interface/eth0.inet
search example.net nameserver 10.10.0.2
$ cat /var/run/resolvconf/interface/eth0.dhclient
domain lan nameserver 10.10.0.1
You can override the resolvconf DHCP client hook to disable the use of data from the DHCP agent, but this requires an operating system restart.
$ echo "make_resolv_conf() { : ; }" | sudo tee /etc/dhcp/dhclient-enter-hooks.d/resolvconf-disable
Add additional configuration.
$ cat /etc/resolvconf/resolv.conf.d/base
nameserver 8.8.8.8
Create a new configuration for the DNS resolver.
$ sudo resolvconf -u
Check the configuration created for the DNS resolver.
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "resolvectl status" to see details about the actual nameservers. nameserver 10.10.0.2 nameserver 8.8.8.8 search example.net
Additional Notes
These utilities are not mutually exclusive, you can use the nameserver information handler to add additional configurations.
