What does the systemd-resolved service do and does it need to listen on all interfaces? [closed]

linux systemd

I am working on a project that involves an IOT device (the now deprecated Intel Galileo). I am looking at hardening these devices and I noticed that the systemd-resolved service is listening on all interfaces (0.0.0.0). 

root@hostname:~# netstat -altnp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      240/systemd-resolve

After reading the freedesktop.org description of the service here, it states that,

systemd-resolved is a system service that provides network name resolution to local applications.

I ran a test where I ran ping to google.com where the systemd-resolved was running. I then disabled the service and sent a ping to yahoo.com. There was no packet loss for either request.

My question(s) are as follows:

  1. What is this service doing?

  2. If it is providing name resolution to local applications, why does it listen on the 0.0.0.0 interface?

  3. Is this a security concern?

  4. What are the potential impacts of disabling this service?

Thanks in advance for any information / help. Apologies if I have not complied with question format, first time post. Please edit as required.


Solution 1:

systemd-resolved is needed by systemd. Unless you're installing an alternative DNS resolver, you should keep it.

It's important to note that it is actually listening for UDP packets on 127.0.0.53:53 to do DNS resolution for you:

# netstat -npa | grep systemd-resolve
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      205/systemd-resolve
tcp6       0      0 :::5355                 :::*                    LISTEN      205/systemd-resolve
udp        0      0 127.0.0.53:53           0.0.0.0:*                           205/systemd-resolve
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           205/systemd-resolve
udp6       0      0 :::5355                 :::*                                205/systemd-resolve

The port 5355 sockets are to implement Link-Local Multicast Name Resolution (LLMNR) which is a feature only useful in LANs.

To disable it, edit /etc/systemd/resolved.conf and change the line

#LLMNR=yes

to

LLMNR=no

and then restart the service with service systemd-resolved restart and check again:

# netstat -npa | grep systemd-resolve
udp        0      0 127.0.0.53:53           0.0.0.0:*                           404/systemd-resolve

Related

How to do regional DNS like a CDN does?
May I set multiple names in /etc/hostname?
Add a user to the "Team Foundation Service Accounts" group in TFS
Difference between link-local and global link addresses in ISATAP
/etc/security/limits.conf soft nproc limit appears to be ignored
How do I edit the SSH "last login" message?
Is RAID-Z on a single hard disk drive stupid?
Where is ASP.NET server log file is located?
Is there a "standard" way to make daemon in Debian?
User-specific anacrontab?
150 TB and growing, but how to grow?
Ensuring a repeatable directory ordering in linux