Set up a permanent DNS resolver using the systemd resolver or nameserver information handler.

How to set up a permanent DNS resolver

Systemd resolver

Check the status of the systemd-resolved service.

$ systemctl status systemd-resolved.service 
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled)
     Active: inactive (dead)
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients

Service configuration update.

$ sudoedit /etc/systemd/resolved.conf 
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
# Google: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
# Quad9: 9.9.9.9 2620:fe::fe
DNS=10.10.0.1
#FallbackDNS=
Domains=example.org
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

Start and enable the systemd-resolved service.

$ sudo systemctl enable --now systemd-resolved.service
Created symlink /etc/systemd/system/dbus-org.freedesktop.resolve1.service → /lib/systemd/system/systemd-resolved.service.
Created symlink /etc/systemd/system/multi-user.target.wants/systemd-resolved.service → /lib/systemd/system/systemd-resolved.service.

Check the status of the service.

$ systemctl status systemd-resolved.service 
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2021-09-27 22:43:43 CEST; 16s ago
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
   Main PID: 1093 (systemd-resolve)
     Status: "Processing requests..."
      Tasks: 1 (limit: 1105)
     Memory: 4.1M
        CPU: 46ms
     CGroup: /system.slice/systemd-resolved.service
             └─1093 /lib/systemd/systemd-resolved

Check the generated resolv.conf file.

$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Don't edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search example.org

Use the resolvectl utility to display global and individual DNS settings.

$ resolvectl status
Global
         Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 10.10.0.1
       DNS Servers: 10.10.0.1
        DNS Domain: example.org

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Use the resolvectl utility to query the DNS resolver.

$ resolvectl query linux.org
linux.org: 2606:4700:3033::6815:eaa -- link: eth0
           2606:4700:3031::ac43:a015 -- link: eth0
           104.21.14.170 -- link: eth0
           172.67.160.21 -- link: eth0

-- Information acquired via protocol DNS in 24.1ms.
-- Data is authenticated: no

Name server information handler

The nameserver information handler is provided as an optional package.

$ apt info resolvconf
Package: resolvevconf
Version: 1.87
Priority: optional
Section: net
Maintainer: resolvconf team <team+resolvconf@tracker.debian.org>
Installed-Size: 204 kB
Depends: lsb-base (>= 4.1+Debian3), debconf (>= 0.5) | debconf-2.0
Breaks: dhcp3-client (<< 4.1.1-P1-15+squeeze1), dnscache-run, sysv-rc (<< 2.88dsf-42)
Enhances: dhcpcd, dnsmasq, ifupdown, isc-dhcp-client, libc6, network-manager, nscd, pdnsd, ppp, pump, udhcpc
Homepage: http://alioth.debian.org/projects/resolvconf/
Tag: admin::configuring, interface::commandline, network::configuration,
 protocol::dns, role::program, use::configuring
Download-Size: 72.7 kB
APT-Sources: http://ftp.task.gda.pl/debian bullseye/main amd64 Packages
Description: name server information handler
 Resolvconf is a framework for keeping up to date the system's
 information about name servers. It sets itself up as the intermediate
 between programs that supply this information (such as ifup and
 ifdown, DHCP clients, the PPP daemon and local name servers) and
 programs that use this information (such as DNS caches and resolver
 libraries).
 .
 This package may require some manual configuration. Please
 read the README file for detailed instructions.
</team+resolvconf@tracker.debian.org>

Install the resolvconf package.

$ sudo apt install resolvconf

Check configuration files.

$ ls -l /etc/resolvconf/resolv.conf.d/
total 8
-rw-r--r-- 1 root root 0 Sep 28 00:07 base
-rw-r--r-- 1 root root 275 Sep 28 00:07 head
-rw-r--r-- 1 root root 43 Sep 28 00:05 original
-rw-r--r-- 1 root root 0 Sep 28 00:06 tail

The original file is only a backup, so you can restore the configuration as you see fit.

$ cat /etc/resolvconf/resolv.conf.d/original 
domain lan
search lan
nameserver 10.10.0.1

The remaining files are used to build the resolv.conf configuration file.

It is built with head as the file header, interface configuration (static or dhcp), base and tail at the end.

You can create a link from tail to a source file to include the generated file in it.

$ cat /etc/resolvconf/resolv.conf.d/head 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

Enable resolvconf on boot and run it:

$ sudo systemctl enable --now resolvconf
Synchronizing state of resolvconf.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable resolvconf
Created symlink /etc/systemd/system/sysinit.target.wants/resolvconf.service → /lib/systemd/system/resolvconf.service.

Check the status of the service:

$ systemctl status resolvconf
● resolvconf.service - Nameserver information manager
     Loaded: loaded (/lib/systemd/system/resolvconf.service; enabled; vendor preset: enabled)
     Active: active (exited) since Tue 2021-09-28 00:36:52 CEST; 1min 23s ago
       Docs: man:resolvconf(8)
    Process: 641 ExecStart=/sbin/resolvconf --enable-updates (code=exited, status=0/SUCCESS)
   Main PID: 641 (code=exited, status=0/SUCCESS)
        CPU: 1ms

Check the configuration created for the DNS resolver.

$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 10.10.0.1
search lan

Please note this will be a link.

$ ls -l /etc/resolv.conf 
lrwxrwxrwx 1 root root 29 Sep 27 23:12 /etc/resolv.conf -> ../run/resolvconf/resolv.conf

If necessary, add additional DNS configuration to the interface.

Note that this requires the resolvconf utility.

$ sdoedit /etc/network/interfaces.d/eth0
# The primary network interface
allow-hotplug eth0

## static address
#iface eth0 inet static
#address 10.10.1.9
#netmask 255.255.0.0
#gateway 10.10.0.1
# dns-nameserver 10.10.0.2 
# dns-search example.net

## dynamic dhcp address
iface eth0 inet dhcp
dns-nameserver 10.10.0.2 
dns-search example.net

Reboot your operating system.

Check the configuration created for the DNS resolver.

The configuration from DHCP and the interfaces file have been merged.

$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 10.10.0.2
nameserver 10.10.0.1
search example.net lan

You can view the original data used to create the above configuration.

$ cat /var/run/resolvconf/interface/eth0.inet 
search example.net
nameserver 10.10.0.2
$ cat /var/run/resolvconf/interface/eth0.dhclient 
domain lan
nameserver 10.10.0.1

You can override the resolvconf DHCP client hook to disable the use of data from the DHCP agent, but this requires an operating system restart.

$ echo "make_resolv_conf() { : ; }" | sudo tee /etc/dhcp/dhclient-enter-hooks.d/resolvconf-disable

Add additional configuration.

$ cat /etc/resolvconf/resolv.conf.d/base 
nameserver 8.8.8.8

Create a new configuration for the DNS resolver.

$ sudo resolvconf -u

Check the configuration created for the DNS resolver.

$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 10.10.0.2
nameserver 8.8.8.8
search example.net

Additional Notes

These utilities are not mutually exclusive, you can use the nameserver information handler to add additional configurations.

Related: How to set Docker memory limit for containers

Similar Posts

Leave a Reply