ubuntu:networking:dns:configure_dns
This is an old revision of the document!
Table of Contents
Ubuntu - Networking - DNS - Configure DNS
ALERT: There are multiple areas where DNS can be set.
It is recommended to only set them in one place, as if set in multiple places then all these DNS resolvers may be used which can result in additional work and confusion when viewing logs.
Using Netplan
Set the DNS
- /etc/netplan/01-network-manager-all.yaml
... [DEVICE_NAME]: ... nameservers: addresses: [1.1.1.1, 9.9.9.9]
NOTE: The filename under /etc/netplan might be different.
Using Global DNS Setting
Set the DNS
- /etc/systemd/resolved.conf
[Resolve] DNS=9.9.9.9 FallbackDNS=149.112.112.112 DNSSEC=true DNSOverTLS=opportunistic
NOTE: This sets both DNSSEC and DNSOverTLS too.
DNSSEC helps prevent a potential attacker from modifying your DNS responses. systemd-resolved does not enforce this by default.
To use multiple resolvers and IPv6
- /etc/systemd/resolved.conf
[Resolve] # Use Quad9.net DNS, and Cloudflare DNS. # Both supports DNS over TLS and DNSSEC, # and promises not to log DNS queries. DNS=2620:fe::fe 9.9.9.9 \ 2606:4700:4700::1111 1.1.1.1 FallbackDNS=2620:fe::9 149.112.112.112 \ 2606:4700:4700::1001 1.0.0.1 # Attempt to use DNS over TLS. DNSOverTLS=opportunistic # Enforce DNSSEC validation. DNSSEC=true
Restart the systemd-resolved service
sudo systemctl restart systemd-resolved.service
NOTE: A restart of the service is needed to allow any DNS changes to take affect.
Check status
systemd-resolve --status
returns:
Global
...
DNS Servers: 9.9.9.9
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
...
Link 4 (br0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 1.1.1.1
DNS Servers: 1.1.1.1
DNS Domain: localdomain
...
ubuntu/networking/dns/configure_dns.1647944646.txt.gz · Last modified: 2022/03/22 10:24 by peter