Introduction to systemd-resolved
I’ve been using Linux for years, and I’ve had my fair share of struggles with DNS resolution. Recently, I decided to take a closer look at systemd-resolved, the DNS resolver component of systemd. I was looking for a reliable way to resolve DNS at home, and I’m happy to share what I’ve learned.
What is systemd-resolved?
systemd-resolved is a system service that provides DNS resolution for Linux systems. It’s designed to replace traditional DNS resolvers like bind and dnsmasq. One of the key benefits of systemd-resolved is its integration with the rest of the systemd ecosystem, making it easy to manage and configure. Don’t bother with bind and dnsmasq unless you have a specific reason to - systemd-resolved is a solid choice for most users.
To get started with systemd-resolved, you’ll need to ensure that it’s installed and enabled on your system. On most modern Linux distributions, including Ubuntu and Fedora, systemd-resolved is installed by default. You can check the status of the service using the following command:
systemctl status systemd-resolved
If the service is not running, you can enable and start it using:
systemctl enable --now systemd-resolved
I’ve seen this go wrong when the service is disabled or not installed - so make sure to check the status before proceeding.
Configuring systemd-resolved
By default, systemd-resolved uses the DNS servers provided by your network configuration. However, you can override these settings by creating a configuration file in /etc/systemd/resolved.conf. For example, to use Google’s public DNS servers, you can add the following lines to the configuration file:
[Resolve]
DNS=8.8.8.8 8.8.4.4
You can also specify multiple DNS servers, as well as configure other settings like DNS over TLS (DoT) and DNS over HTTPS (DoH). The real trick is to find the right balance between security and performance - experiment with different settings to find what works best for you.
DNS over TLS (DoT) and DNS over HTTPS (DoH)
One of the key security features of systemd-resolved is its support for DoT and DoH. These protocols encrypt DNS traffic, making it more difficult for attackers to intercept and manipulate your DNS requests. To enable DoT or DoH, you can add the following lines to your resolved.conf file:
[Resolve]
DNS=8.8.8.8 8.8.4.4
DNSOverTLS=yes
or
[Resolve]
DNS=8.8.8.8 8.8.4.4
DNSOverHTTPS=yes
This is where people usually get burned - make sure to test your settings thoroughly to avoid any issues.
Troubleshooting
Troubleshooting systemd-resolved can be challenging, but there are some tools that can help. One of the most common issues is DNS resolution failures, which can be caused by a variety of factors, including misconfigured DNS servers, network connectivity issues, and firewall rules. To troubleshoot DNS resolution issues, you can use the resolvectl command, which provides a range of options for querying and debugging DNS resolution. I usually start with:
resolvectl status
This will display information about the current DNS servers, including their IP addresses and the protocols used to communicate with them. In practice, this command can save you a lot of time and effort when debugging DNS issues.
Further Reading
For more information on systemd-resolved and its configuration options, I recommend checking out the systemd documentation and the Arch Linux wiki. These resources have been invaluable in my own journey with systemd-resolved, and I’m sure you’ll find them helpful as well.
See also
- Taming rsync: My Backup Scripts and the Quest for Consistent Snapshot Rotation
- Taming Background Chaos: My Favorite Ways to Manage and Prioritize Linux Jobs with nice, ionice, and nohup
- Taming Resource-Intensive Background Jobs with nice and ionice
- Troubleshooting DNS Resolution Issues in My Homelab with Unbound and systemd-resolved
- Using SSH-Agent and Key Forwarding to Simplify Jump Host Hops