Switch to systemd-resolved

Issues & Assistance Networking Support
1

I was wondering if it could be considered to having the option to switch to systemd-resolved for DNS with Network-Manager.

One of the primary reasons for me to ask this is to allow for Split-DNS to work when using a VPN through Network-Manager.

By default, /etc/resolv.conf is used, but there's a limit to using 3 nameservers, anything else is ignored.
When using a corporate VPN, usually multiple nameservers are already filled in.
This breaks the ability to match certain domain names to be queried by specific nameservers, thus, failing the resolution.

There could be some other advantages to having exclusive control over the /etc/resolv.conf file by pointing towards a local resolver. such as, more granular control of adblocking. Something which is already an option in Garuda.

System:
  Kernel: 6.3.5-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 13.1.1
    parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
    root=UUID=181202e0-9f01-4d97-a2e9-f0b9777da816 rw rootflags=subvol=@
    quiet rd.luks.uuid=ac90f915-9c3c-44f0-97ea-4bd11c8e5b18 quiet splash
    rd.udev.log_priority=3 vt.global_cursor_default=0 loglevel=3 ibt=off
  Desktop: GNOME v: 44.1 tk: GTK v: 3.24.38 wm: gnome-shell dm: GDM v: 44.1
    Distro: Garuda Linux base: Arch Linux
Machine:
  Type: Laptop System: Dell product: Latitude 5530 v: N/A
    serial: <superuser required> Chassis: type: 10 serial: <superuser required>
  Mobo: Dell model: 0C6CYC v: A00 serial: <superuser required> UEFI: Dell
    v: 1.12.0 date: 03/17/2023
Battery:
  ID-1: BAT0 charge: 55.1 Wh (100.0%) condition: 55.1/58.0 Wh (95.1%)
    volts: 17.1 min: 15.2 model: SMP DELL Y86WG23 type: Li-poly serial: <filter>
    status: full
CPU:
  Info: model: 12th Gen Intel Core i7-1255U bits: 64 type: MST AMCP
    arch: Alder Lake level: v3 note: check built: 2021+
    process: Intel 7 (10nm ESF) family: 6 model-id: 0x9A (154) stepping: 4
    microcode: 0x42A
  Topology: cpus: 1x cores: 10 mt: 2 tpc: 2 st: 8 threads: 12 smt: enabled
    cache: L1: 928 KiB desc: d-8x32 KiB, 2x48 KiB; i-2x32 KiB, 8x64 KiB
    L2: 6.5 MiB desc: 2x1.2 MiB, 2x2 MiB L3: 12 MiB desc: 1x12 MiB
  Speed (MHz): avg: 1965 high: 2600 min/max: 400/4700:3500 scaling:
    driver: intel_pstate governor: powersave cores: 1: 2600 2: 458 3: 2600
    4: 2600 5: 2600 6: 2145 7: 2276 8: 1859 9: 400 10: 2600 11: 847 12: 2600
    bogomips: 62668
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  Vulnerabilities: <filter>
Graphics:
  Device-1: Intel Alder Lake-UP3 GT2 [Iris Xe Graphics] vendor: Dell
    driver: i915 v: kernel arch: Gen-12.2 process: Intel 10nm built: 2021-22+
    ports: active: eDP-1 empty: DP-1,DP-2,HDMI-A-1 bus-ID: 0000:00:02.0
    chip-ID: 8086:46a8 class-ID: 0300
  Device-2: Sunplus Innovation Integrated_Webcam_FHD driver: uvcvideo
    type: USB rev: 2.0 speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 3-6:2
    chip-ID: 1bcf:2ba5 class-ID: fe01 serial: <filter>
  Display: wayland server: X.org v: 1.21.1.8 with: Xwayland v: 23.1.1
    compositor: gnome-shell driver: gpu: i915 display-ID: 0
  Monitor-1: eDP-1 model: LG Display 0x0709 built: 2021 res: 1920x1080
    dpi: 142 gamma: 1.2 size: 344x194mm (13.54x7.64") diag: 395mm (15.5")
    ratio: 16:9 modes: 1920x1080
  API: EGL/GBM Message: No known Wayland EGL/GBM data sources.
Audio:
  Device-1: Intel Alder Lake PCH-P High Definition Audio vendor: Dell
    driver: snd_hda_intel v: kernel alternate: snd_sof_pci_intel_tgl
    bus-ID: 0000:00:1f.3 chip-ID: 8086:51c8 class-ID: 0403
  API: ALSA v: k6.3.5-zen1-1-zen status: kernel-api tools: N/A
  Server-1: PipeWire v: 0.3.71 status: active with: 1: pipewire-pulse
    status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
    4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Intel Alder Lake-P PCH CNVi WiFi driver: iwlwifi v: kernel
    bus-ID: 0000:00:14.3 chip-ID: 8086:51f0 class-ID: 0280
  IF: wlp0s20f3 state: up mac: <filter>
  Device-2: Intel Ethernet I219-LM vendor: Dell driver: e1000e v: kernel
    port: N/A bus-ID: 0000:00:1f.6 chip-ID: 8086:1a1e class-ID: 0200
  IF: enp0s31f6 state: down mac: <filter>
  IF-ID-1: tailscale0 state: unknown speed: -1 duplex: full mac: N/A
  IF-ID-2: vpn0 state: up speed: 10000 Mbps duplex: full mac: N/A
Bluetooth:
  Device-1: Intel driver: btusb v: 0.8 type: USB rev: 2.0 speed: 12 Mb/s
    lanes: 1 mode: 1.1 bus-ID: 3-10:4 chip-ID: 8087:0033 class-ID: e001
  Report: bt-adapter ID: hci0 rfk-id: 0 state: up address: <filter>
RAID:
  Hardware-1: Intel Volume Management Device NVMe RAID Controller driver: vmd
    v: 0.6 port: N/A bus-ID: 0000:00:0e.0 chip-ID: 8086:467f rev: class-ID: 0104
Drives:
  Local Storage: total: 476.94 GiB used: 61.8 GiB (13.0%)
  SMART Message: Required tool smartctl not installed. Check --recommends
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Micron model: 3400 NVMe 512GB
    size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 63.2 Gb/s
    lanes: 4 tech: SSD serial: <filter> fw-rev: 34000060 temp: 52.9 C
    scheme: GPT
Partition:
  ID-1: / raw-size: 476.64 GiB size: 476.64 GiB (100.00%)
    used: 61.8 GiB (13.0%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-ac90f915-9c3c-44f0-97ea-4bd11c8e5b18
  ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
    used: 760 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
  ID-3: /home raw-size: 476.64 GiB size: 476.64 GiB (100.00%)
    used: 61.8 GiB (13.0%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-ac90f915-9c3c-44f0-97ea-4bd11c8e5b18
  ID-4: /var/log raw-size: 476.64 GiB size: 476.64 GiB (100.00%)
    used: 61.8 GiB (13.0%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-ac90f915-9c3c-44f0-97ea-4bd11c8e5b18
  ID-5: /var/tmp raw-size: 476.64 GiB size: 476.64 GiB (100.00%)
    used: 61.8 GiB (13.0%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-ac90f915-9c3c-44f0-97ea-4bd11c8e5b18
Swap:
  Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
  ID-1: swap-1 type: zram size: 31.04 GiB used: 1.8 MiB (0.0%) priority: 100
    dev: /dev/zram0
Sensors:
  System Temperatures: cpu: 50.0 C mobo: N/A
  Fan Speeds (RPM): N/A
Info:
  Processes: 383 Uptime: 35m wakeups: 29955 Memory: available: 31.04 GiB
  used: 9.58 GiB (30.9%) Init: systemd v: 253 default: graphical
  tool: systemctl Compilers: gcc: 13.1.1 Packages: pm: pacman pkgs: 1358
  libs: 363 tools: pamac,paru Shell: fish v: 3.6.1 default: Bash v: 5.1.16
  running-in: gnome-terminal inxi: 3.3.27
Garuda (2.6.16-1):
  System install date:     2023-05-20
  Last full system update: 2023-05-31 ↻
  Is partially upgraded:   No
  Relevant software:       snapper NetworkManager dracut
  Windows dual boot:       No/Undetected
  Failed units:
2

No problem to start using systemd-resolved for DNS; it is already installed by default since systemd provides it. It’s a small matter setting up a config file and enabling the service.

Read through the man page for resolved.conf to decide what options you want to set, then edit /etc/systemd/resolved.conf (or set up some drop-in configs in /etc/systemd/resolved.conf.d/…or both!).

Enable the service:

sudo systemctl enable --now systemd-resolved.service

Unless you want to use something other than the stub mode, set up a symlink to /etc/resolv.conf, which is the file that a lot of software that calls for DNS resolution (web browsers, for example) will use. See this note from the ArchWiki article:

DNS

Software that relies on glibc’s getaddrinfo(3) (or similar) will work out of the box, since, by default, /etc/nsswitch.conf is configured to use nss-resolve(8) if it is available.

To provide domain name resolution for software that reads /etc/resolv.conf directly, such as web browsers and GnuPG, systemd-resolved has four different modes for handling the file—stub, static, uplink and foreign. They are described in systemd-resolved(8) § /ETC/RESOLV.CONF. We will focus here only on the recommended mode, i.e. the stub mode which uses /run/systemd/resolve/stub-resolv.conf.

/run/systemd/resolve/stub-resolv.conf contains the local stub 127.0.0.53 as the only DNS server and a list of search domains. This is the recommended mode of operation that propagates the systemd-resolved managed configuration to all clients. To use it, replace /etc/resolv.conf with a symbolic link to it:

# ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Note:

  • Failure to properly configure /etc/resolv.conf will result in broken DNS resolution.
  • Creating the /etc/resolv.conf symlink will not be possible while inside arch-chroot, since the file is bind-mounted from the outside system. Instead, create the symlink from outside the chroot. E.g.
# ln -sf /run/systemd/resolve/stub-resolv.conf */mnt*/etc/resolv.conf

A symlink to /etc/resolv.conf is the only configuration I have seen used on systems that use systemd-resolved. My understanding is it’s a method that simplifies the configuration in a significant way.

That’s pretty much it to get up and going. Read through the rest of the ArchWiki article if you want to dive a little deeper on setting up DNS servers (sounds like you might want to :wink:), or if you need to disable mDNS (it is enabled by default on systemd-resolved) or anything else like that.

I hope that helps, welcome to the community @carroarmato0. :slightly_smiling_face:

4 Likes
3

@BluishHumility works exactly as I wanted :slight_smile: Thank you very much.
Long time (19 years) Ubuntu "power user". Switched because I wanted to go back to using BTRFS as main filesystem on an encrypted drive, and the new Ubuntu installer, while, never having supported btrfs to begin with, made it even more difficult. Have been running Arch in the past, but I wanted Arch the lazy way, with good defaults which matches my need. Fell in love with Garuda immediately :slight_smile:

3 Likes
4

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.