Wiki

User Tools

Site Tools

Trace: mac_address
ubuntu:networking:dns:configure_dns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ubuntu:networking:dns:configure_dns [2021/01/13 11:21] – created peterubuntu:networking:dns:configure_dns [2022/03/22 10:27] (current) peter
Line 1: Line 1:
 ====== Ubuntu - Networking - DNS - Configure DNS ====== ====== Ubuntu - Networking - DNS - Configure DNS ======
  
-===== Global DNS Setting =====+<WRAP alert> 
 +**ALERT:**  There are multiple areas where DNS can be set. 
 + 
 +It is recommended to only set them in one place, as if set in multiple places then all these DNS resolvers may be used which can result in additional work and confusion when viewing logs. 
 + 
 +</WRAP> 
 + 
 +---- 
 + 
 +===== Using Netplan ===== 
 + 
 +==== Set the DNS ==== 
 + 
 +<file bash /etc/netplan/01-network-manager-all.yaml> 
 +... 
 +[DEVICE_NAME]: 
 +... 
 +    nameservers: 
 +        addresses: [1.1.1.1, 9.9.9.9] 
 +</file> 
 + 
 +<WRAP info> 
 +**NOTE:**  The filename under **/etc/netplan** might be different. 
 +</WRAP> 
 + 
 +---- 
 + 
 +===== Using Global DNS Setting ===== 
 + 
 +==== Set the DNS ====
  
 <file bash /etc/systemd/resolved.conf> <file bash /etc/systemd/resolved.conf>
Line 9: Line 38:
 DNSSEC=true DNSSEC=true
 DNSOverTLS=opportunistic DNSOverTLS=opportunistic
 +</file>
 +
 +<WRAP info>
 +**NOTE:**  This sets both DNSSEC and DNSOverTLS too.
 +
 +DNSSEC helps prevent a potential attacker from modifying your DNS responses.  systemd-resolved does not enforce this by default.
 +</WRAP>
 +
 +----
 +
 +==== To use multiple resolvers and IPv6 ====
 +
 +<file bash /etc/systemd/resolved.conf>
 +[Resolve]
 +# Use Quad9.net DNS, and Cloudflare DNS.
 +# Both supports DNS over TLS and DNSSEC,
 +# and promises not to log DNS queries.
 +DNS=2620:fe::fe 9.9.9.9 \
 +    2606:4700:4700::1111 1.1.1.1
 +FallbackDNS=2620:fe::9 149.112.112.112 \
 +            2606:4700:4700::1001 1.0.0.1
 +# Attempt to use DNS over TLS.
 +DNSOverTLS=opportunistic
 +# Enforce DNSSEC validation.
 +DNSSEC=true
 </file> </file>
  
 ---- ----
  
-==== Restart systemd ====+===== Restart the systemd-resolved service =====
  
 <code bash> <code bash>
 sudo systemctl restart systemd-resolved.service sudo systemctl restart systemd-resolved.service
 </code> </code>
 +
 +<WRAP info>
 +**NOTE:**  A restart of the service is needed to allow any DNS changes to take affect.
 +</WRAP>
  
 ---- ----
 +
 +==== Check the systemd-resolv service is running ====
 +
 +<code bash>
 +sudo systemctl status systemd-resolved.service
 +</code>
 +
 +returns:
 +
 +<code bash>
 +● systemd-resolved.service - Network Name Resolution
 +     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
 +     Active: active (running) since Thu 2022-03-17 19:28:19 GMT; 4 days ago
 +       Docs: man:systemd-resolved.service(8)
 +             https://www.freedesktop.org/wiki/Software/systemd/resolved
 +             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
 +             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
 +   Main PID: 1160 (systemd-resolve)
 +     Status: "Processing requests..."
 +      Tasks: 1 (limit: 77016)
 +     Memory: 7.6M
 +     CGroup: /system.slice/systemd-resolved.service
 +             └─1160 /lib/systemd/systemd-resolved
 +
 +Mar 17 19:28:19 bigmamba systemd[1]: Starting Network Name Resolution...
 +Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Positive Trust Anchors:
 +Mar 17 19:28:19 bigmamba systemd-resolved[1160]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
 +Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in->
 +Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Using system hostname 'bigmamba'.
 +Mar 17 19:28:19 bigmamba systemd[1]: Started Network Name Resolution.
 +Mar 17 19:30:37 bigmamba systemd-resolved[1160]: Flushed all caches.
 +Mar 20 10:47:01 bigmamba systemd-resolved[1160]: Flushed all caches.
 +</code>
 +
 +----
 +
  
 ==== Check status ==== ==== Check status ====
Line 31: Line 125:
 <code bash> <code bash>
 Global Global
-    DNS Servers: 9.9.9.9 +... 
- +         DNS Servers: 9.9.9.9 
-Link 3 [DEVICE_NAME] +  DNSOverTLS setting: no 
-      DNSSEC Setting: yes +      DNSSEC setting: no 
-    DNSSEC Supportedyes +    DNSSEC supported: no 
-         DNS Servers: 8.26.56.26 +... 
-                      8.20.247.20+Link 4 (br0) 
 +      Current Scopes: DNS 
 +DefaultRoute setting: yes 
 +       LLMNR setting: yes 
 +MulticastDNS setting: no 
 +  DNSOverTLS setting: no 
 +      DNSSEC setting: no 
 +    DNSSEC supportedno 
 +  Current DNS Server: 1.1.1.1 
 +         DNS Servers: 1.1.1.
 +          DNS Domain: localdomain 
 +...
 </code> </code>
  
 +----
ubuntu/networking/dns/configure_dns.1610536899.txt.gz · Last modified: 2021/01/13 11:21 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki