How can I disable LLMNR in systemd-resolved?

systemd systemd-resolved

How can I disable LLMNR in systemd-resolved?

I tried adding: LLMNR=no to /etc/systemd/resolved.conf

but when I type systemd-resolve --status it still shows

LLMNR setting: yes

I have tried rebooting computer and restarting systemd-resolved.service


Solution 1:

There's a general LLMNR setting and a per link LLMNR setting

There's the LLMNR setting in systemd-resolved and there's also the per-link LLMNR setting in systemd-networkd.

The setting you're looking at in the systemd-resolve --status output is actually the one from systemd-networkd. Except that, if you're not running systemd-networkd, it will STILL show LLMNR setting: yes.

The default setting will show something like this:

Link 2 (ens3)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes

It also means systemd-resolved will be taking requests on UDP port 5355 (the LLMNR port), on these interfaces.

Changing resolved.conf file will change "Current Scopes:" line

If you disable it by setting LLMNR=no in resolved.conf and restarting systemd-resolved, then you get:

Link 2 (ens3)
      Current Scopes: DNS
       LLMNR setting: yes

You can see that the scope changed from DNS LLMNR/IPv4 LLMNR/IPv6 to just DNS. So it will use DNS only and will no longer take requests on UDP port 5355.

Changing *.network file will change "LLMNR setting:" line

If you're also using systemd-networkd, you can further disable LLMNR on that interface, by setting LLMNR=no in the [Network] section of the *.network file for that interface.

For example:

# /etc/systemd/network/90-ens3-nollmnr.network
[Match]
Name=ens3

[Network]
LLMNR=no

After setting that and restarting systemd-networkd, the output of systemd-resolve --status will include:

Link 2 (ens3)
      Current Scopes: DNS
       LLMNR setting: no

Summary

So, in short, LLMNR setting: yes just means that it wasn't explicitly disabled on that interface. And it can only be disabled on that interface if it's being managed by systemd-networkd. If you disable it through resolved itself, it will essentially have the same effect, but it will only show in the list of current scopes, and not really under LLMNR setting.

NOTE: Some pointers to the code showing that LLMNR=yes is the default setting here and here.

Related

Ubuntu 18.04 LTS release on AWS
Qt/KDE camera app alternative to Cheese in Kubuntu 18.04?
Google Chrome not using Ubuntu's Titlebar and Window Buttons
Unbuffer stopped working months ago
Can't install Midnight Commander [duplicate]
DNS Resolve is not working on 18.04 server
Skype loses focus when changing keyboard layout with ALT+SHIFT
Why does my ssh login include what looks like a promotion for a TechRepublic article?
What is the meaning of "clubbed to death?"
Equivalent word for 'Unfriend' on Social media sites?
What is a formal equivalent of "get (a)round something"?
Is there a short phrase to describe forgetting to do something because something else had your attention?