Wiki

User Tools

Site Tools

Trace:
ubuntu:networking:dns:configure_dns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ubuntu:networking:dns:configure_dns [2021/01/13 11:27] peterubuntu:networking:dns:configure_dns [2022/03/22 10:27] (current) peter
Line 1: Line 1:
 ====== Ubuntu - Networking - DNS - Configure DNS ====== ====== Ubuntu - Networking - DNS - Configure DNS ======
 +
 +<WRAP alert>
 +**ALERT:**  There are multiple areas where DNS can be set.
 +
 +It is recommended to only set them in one place, as if set in multiple places then all these DNS resolvers may be used which can result in additional work and confusion when viewing logs.
 +
 +</WRAP>
 +
 +----
  
 ===== Using Netplan ===== ===== Using Netplan =====
Line 11: Line 20:
     nameservers:     nameservers:
         addresses: [1.1.1.1, 9.9.9.9]         addresses: [1.1.1.1, 9.9.9.9]
-</code>+</file>
  
-<WRAP center round info 60%+<WRAP info> 
-**NOTE:**  The filename under /etc/netplan might be different.+**NOTE:**  The filename under **/etc/netplan** might be different.
 </WRAP> </WRAP>
  
 +----
  
- +===== Using Global DNS Setting =====
-===== Global DNS Setting =====+
  
 ==== Set the DNS ==== ==== Set the DNS ====
Line 33: Line 42:
 <WRAP info> <WRAP info>
 **NOTE:**  This sets both DNSSEC and DNSOverTLS too. **NOTE:**  This sets both DNSSEC and DNSOverTLS too.
 +
 +DNSSEC helps prevent a potential attacker from modifying your DNS responses.  systemd-resolved does not enforce this by default.
 </WRAP> </WRAP>
  
 ---- ----
  
-==== Restart systemd ====+==== To use multiple resolvers and IPv6 ==== 
 + 
 +<file bash /etc/systemd/resolved.conf> 
 +[Resolve] 
 +# Use Quad9.net DNS, and Cloudflare DNS. 
 +# Both supports DNS over TLS and DNSSEC, 
 +# and promises not to log DNS queries. 
 +DNS=2620:fe::fe 9.9.9.9 \ 
 +    2606:4700:4700::1111 1.1.1.1 
 +FallbackDNS=2620:fe::9 149.112.112.112 \ 
 +            2606:4700:4700::1001 1.0.0.1 
 +# Attempt to use DNS over TLS. 
 +DNSOverTLS=opportunistic 
 +# Enforce DNSSEC validation. 
 +DNSSEC=true 
 +</file> 
 + 
 +---- 
 + 
 +===== Restart the systemd-resolved service =====
  
 <code bash> <code bash>
 sudo systemctl restart systemd-resolved.service sudo systemctl restart systemd-resolved.service
 </code> </code>
 +
 +<WRAP info>
 +**NOTE:**  A restart of the service is needed to allow any DNS changes to take affect.
 +</WRAP>
  
 ---- ----
  
-==== Check status ====+==== Check the systemd-resolv service is running ====
  
 <code bash> <code bash>
-systemd-resolve --status+sudo systemctl status systemd-resolved.service
 </code> </code>
  
Line 54: Line 88:
  
 <code bash> <code bash>
-Global +● systemd-resolved.service - Network Name Resolution 
-    DNS Servers9.9.9.9+     Loadedloaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) 
 +     Active: active (running) since Thu 2022-03-17 19:28:19 GMT; 4 days ago 
 +       Docs: man:systemd-resolved.service(8) 
 +             https://www.freedesktop.org/wiki/Software/systemd/resolved 
 +             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers 
 +             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients 
 +   Main PID: 1160 (systemd-resolve) 
 +     Status: "Processing requests..." 
 +      Tasks: 1 (limit: 77016) 
 +     Memory: 7.6M 
 +     CGroup: /system.slice/systemd-resolved.service 
 +             └─1160 /lib/systemd/systemd-resolved
  
-Link 3 [DEVICE_NAME] +Mar 17 19:28:19 bigmamba systemd[1]: Starting Network Name Resolution... 
-      DNSSEC Settingyes +Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Positive Trust Anchors
-    DNSSEC Supportedyes +Mar 17 19:28:19 bigmamba systemd-resolved[1160]: . IN DS 20326 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d 
-         DNS Servers: 8.26.56.26 +Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-> 
-                      8.20.247.20+Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Using system hostname 'bigmamba'. 
 +Mar 17 19:28:19 bigmamba systemd[1]: Started Network Name Resolution. 
 +Mar 17 19:30:37 bigmamba systemd-resolved[1160]: Flushed all caches. 
 +Mar 20 10:47:01 bigmamba systemd-resolved[1160]: Flushed all caches.
 </code> </code>
  
Line 67: Line 115:
  
  
 +==== Check status ====
 +
 +<code bash>
 +systemd-resolve --status
 +</code>
 +
 +returns:
 +
 +<code bash>
 +Global
 +...
 +         DNS Servers: 9.9.9.9
 +  DNSOverTLS setting: no
 +      DNSSEC setting: no
 +    DNSSEC supported: no
 +...
 +Link 4 (br0)
 +      Current Scopes: DNS
 +DefaultRoute setting: yes
 +       LLMNR setting: yes
 +MulticastDNS setting: no
 +  DNSOverTLS setting: no
 +      DNSSEC setting: no
 +    DNSSEC supported: no
 +  Current DNS Server: 1.1.1.1
 +         DNS Servers: 1.1.1.1
 +          DNS Domain: localdomain
 +...
 +</code>
 +
 +----
ubuntu/networking/dns/configure_dns.1610537235.txt.gz · Last modified: 2021/01/13 11:27 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki