Differences

This shows you the differences between two versions of the page.

--- ubuntu:networking:dns:configure_dns [2021/01/13 11:29] – peter
+++ ubuntu:networking:dns:configure_dns [2022/03/22 10:27] (current) – peter
@@ Line 23: / Line 23: @@
 <WRAP info>
-**NOTE:**  The filename under /etc/netplan might be different.
+**NOTE:**  The filename under **/etc/netplan** might be different.
 </WRAP>
@@ Line 42: / Line 42: @@
 <WRAP info>
 **NOTE:**  This sets both DNSSEC and DNSOverTLS too.
+DNSSEC helps prevent a potential attacker from modifying your DNS responses.  systemd-resolved does not enforce this by default.
 </WRAP>
 ----
-==== Restart systemd ====
+==== To use multiple resolvers and IPv6 ====
+<file bash /etc/systemd/resolved.conf>
+[Resolve]
+# Use Quad9.net DNS, and Cloudflare DNS.
+# Both supports DNS over TLS and DNSSEC,
+# and promises not to log DNS queries.
+DNS=2620:fe::fe 9.9.9.9 \
+:4700:4700::1111 1.1.1.1
+FallbackDNS=2620:fe::9 149.112.112.112 \
+:4700:4700::1001 1.0.0.1
+# Attempt to use DNS over TLS.
+DNSOverTLS=opportunistic
+# Enforce DNSSEC validation.
+DNSSEC=true
+</file>
+----
+===== Restart the systemd-resolved service =====
 <code bash>
 sudo systemctl restart systemd-resolved.service
 </code>
+<WRAP info>
+**NOTE:**  A restart of the service is needed to allow any DNS changes to take affect.
+</WRAP>
 ----
-==== Check status ====
+==== Check the systemd-resolv service is running ====
 <code bash>
-systemd-resolve --status
+sudo systemctl status systemd-resolved.service
 </code>
@@ Line 63: / Line 88: @@
 <code bash>
-Global
+● systemd-resolved.service - Network Name Resolution
-    DNS Servers: 9.9.9.9
+     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
+     Active: active (running) since Thu 2022-03-17 19:28:19 GMT; 4 days ago
+       Docs: man:systemd-resolved.service(8)
+             https://www.freedesktop.org/wiki/Software/systemd/resolved
+             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
+             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
+   Main PID: 1160 (systemd-resolve)
+     Status: "Processing requests..."
+      Tasks: 1 (limit: 77016)
+     Memory: 7.6M
+     CGroup: /system.slice/systemd-resolved.service
+             └─1160 /lib/systemd/systemd-resolved
-Link 3 [DEVICE_NAME]
+Mar 17 19:28:19 bigmamba systemd[1]: Starting Network Name Resolution...
-      DNSSEC Setting: yes
+Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Positive Trust Anchors:
-    DNSSEC Supported: yes
+Mar 17 19:28:19 bigmamba systemd-resolved[1160]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
-         DNS Servers: 8.26.56.26
+Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in->
-.20.247.20
+Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Using system hostname 'bigmamba'.
+Mar 17 19:28:19 bigmamba systemd[1]: Started Network Name Resolution.
+Mar 17 19:30:37 bigmamba systemd-resolved[1160]: Flushed all caches.
+Mar 20 10:47:01 bigmamba systemd-resolved[1160]: Flushed all caches.
 </code>
@@ Line 76: / Line 115: @@
+==== Check status ====
+<code bash>
+systemd-resolve --status
+</code>
+returns:
+<code bash>
+Global
+...
+         DNS Servers: 9.9.9.9
+  DNSOverTLS setting: no
+      DNSSEC setting: no
+    DNSSEC supported: no
+...
+Link 4 (br0)
+      Current Scopes: DNS
+DefaultRoute setting: yes
+       LLMNR setting: yes
+MulticastDNS setting: no
+  DNSOverTLS setting: no
+      DNSSEC setting: no
+    DNSSEC supported: no
+  Current DNS Server: 1.1.1.1
+         DNS Servers: 1.1.1.1
+          DNS Domain: localdomain
+...
+</code>
+----