ALERT: There are multiple areas where DNS can be set.
It is recommended to only set them in one place, as if set in multiple places then all these DNS resolvers may be used which can result in additional work and confusion when viewing logs.
... [DEVICE_NAME]: ... nameservers: addresses: [1.1.1.1, 9.9.9.9]
NOTE: The filename under /etc/netplan might be different.
[Resolve] DNS=9.9.9.9 FallbackDNS=149.112.112.112 DNSSEC=true DNSOverTLS=opportunistic
NOTE: This sets both DNSSEC and DNSOverTLS too.
DNSSEC helps prevent a potential attacker from modifying your DNS responses. systemd-resolved does not enforce this by default.
[Resolve] # Use Quad9.net DNS, and Cloudflare DNS. # Both supports DNS over TLS and DNSSEC, # and promises not to log DNS queries. DNS=2620:fe::fe 9.9.9.9 \ 2606:4700:4700::1111 1.1.1.1 FallbackDNS=2620:fe::9 149.112.112.112 \ 2606:4700:4700::1001 1.0.0.1 # Attempt to use DNS over TLS. DNSOverTLS=opportunistic # Enforce DNSSEC validation. DNSSEC=true
sudo systemctl restart systemd-resolved.service
NOTE: A restart of the service is needed to allow any DNS changes to take affect.
sudo systemctl status systemd-resolved.service
returns:
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-03-17 19:28:19 GMT; 4 days ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 1160 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 77016)
Memory: 7.6M
CGroup: /system.slice/systemd-resolved.service
└─1160 /lib/systemd/systemd-resolved
Mar 17 19:28:19 bigmamba systemd[1]: Starting Network Name Resolution...
Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Positive Trust Anchors:
Mar 17 19:28:19 bigmamba systemd-resolved[1160]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in->
Mar 17 19:28:19 bigmamba systemd-resolved[1160]: Using system hostname 'bigmamba'.
Mar 17 19:28:19 bigmamba systemd[1]: Started Network Name Resolution.
Mar 17 19:30:37 bigmamba systemd-resolved[1160]: Flushed all caches.
Mar 20 10:47:01 bigmamba systemd-resolved[1160]: Flushed all caches.
systemd-resolve --status
returns:
Global
...
DNS Servers: 9.9.9.9
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
...
Link 4 (br0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 1.1.1.1
DNS Servers: 1.1.1.1
DNS Domain: localdomain
...