How to disable systemd-resolved and resolve DNS with dnsmasq?

dns 17.04 16.10 systemd-resolved dnsmasq

Solution 1:

dnsmasq packages are still available in 16.10 and 17.04.

  1. Install dnsmasq and dependencies (or at least download their packages) before disabling systemd-resolved:

    sudo apt-get install dnsmasq

  2. Disable systemd-resolved and verify dnsmasq is running:

    sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

systemctl status dnsmasq

  3. Season dnsmasq to taste. After applying your settings, restart dnsmasq:

    sudo systemctl stop dnsmasq
sudo systemctl start dnsmasq

After step 2 you might be without a working system resolver until step 3 is complete. You may need to restart the networking subsystem (or simply reboot) to get dnsmasq functioning with the default configs. In my testing, adding a known DNS server to /etc/dnsmasq.conf and restarting dnsmasq was enough to get it working in a liveCD environment.

Solution 2:

In addition to the answer of @quixotic:

Make sure you have in /etc/NetworkManager/NetworkManager.conf :

[main]
dns=dnsmasq

if you need to add it, restart NetworkManager like this:

sudo systemctl restart NetworkManager

and /etc/resolv.conf needs to be a symlink to /var/run/NetworkManager/resolv.conf . could be done like this

sudo rm /etc/resolv.conf; sudo ln -s /var/run/NetworkManager/resolv.conf /etc/resolv.conf

Solution 3:

For (X)Ubuntu 18.04 (see my answer at stackexchange).

Here is copy of it (should I make a copy?)

Here is solution for (X)Ubuntu 18.04 Bionic.

Install dnsmasq

sudo apt install dnsmasq

Disable systemd-resolved listener on port 53 (do not touch /etc/systemd/resolved.conf, because it may be overwritten on upgrade):

$ cat /etc/systemd/resolved.conf.d/noresolved.conf 
[Resolve]
DNSStubListener=no

and restart it

$ sudo systemctl restart systemd-resolved

(alternatively disable it completely by $ sudo systemctl disable systemd-resolved.service)

Delete /etc/resolv.conf and create again. This is important, because resolv.conf is a symbolic link to /run/systemd/resolve/stub-resolv.conf by default. If you will not delete symbolic link, the file will be overwritten by systemd on reboot (even though we disabled systemd-resolved!). Also NetworkManager (NM) checks if it is a symbolic link to detect systemd-resolved configuration.

$ sudo rm /etc/resolv.conf
$ sudo touch /etc/resolv.conf

Disable overwriting of /etc/resolv.conf by NM (there is also an option rc-manager, but it does not work, despite it is described in a manual):

$ cat /etc/NetworkManager/conf.d/disableresolv.conf 
[main]
dns=none

and restart it:

$ sudo systemctl restart NetworkManager

Tell dnsmasq to use resolv.conf from NM:

$ cat /etc/dnsmasq.d/nmresolv.conf 
resolv-file=/var/run/NetworkManager/resolv.conf

and restart it:

$ sudo systemctl restart dnsmasq

Use dnsmasq for resolving:

$ cat /etc/resolv.conf 
# Use local dnsmasq for resolving
nameserver 127.0.0.1

Solution 4:

According to the manual of systemd-resolved, systemd-resolved provides with name resolution services via three different interfaces:

  1. "fully-featured API systemd-resolved exposes on the bus"
  2. "a local DNS stub listener on IP address 127.0.0.53 on the local loopback interface"

  3. The glibc getaddrinfo(3) API as defined by RFC3493 and its related resolver functions, including gethostbyname(3). This API is widely supported, including beyond the Linux platform. In its current form it does not expose DNSSEC validation status information however, and is synchronous only. This API is backed by the glibc Name Service Switch (nss(5)). Usage of the glibc NSS module nss-resolve(8) is required in order to allow glibc's NSS resolver functions to resolve host names via systemd-resolved.

It seems that the first two interfaces won't interfere in normal DNS resolution and for me the problem is likely to reside on the third.

In the manual of nss-resolve:

To activate the NSS module, add "resolve" to the line starting with "hosts:" in /etc/nsswitch.conf. Specifically, it is recommended to place "resolve" early in /etc/nsswitch.conf's "hosts:" line (but after the "files" or "mymachines" entries), right before the "dns" entry if it exists, followed by "[!UNAVAIL=return]", to ensure DNS queries are always routed via systemd-resolved(8) if it is running, but are routed to nss-dns if this service is not available

So what is needed is to make "dns" precedes "resolve" in "host:" line of /etc/nsswitch.conf. And then getaddrinfo should simply adhere to /etc/resolv.conf .

This solution only prevents systemd-resolved from handling all the DNS resolution requests and is not restricted to a specific network manager. And it also makes sure LLMNR and mDNS service are operating normally.

( I am not fair familiar with how name resolution works under Linux and also unsure about what I understood from these manuals. Pleaes point out if I got something wrong. Thx :) )

Related

Default screen magnifier?
How to disable Page Table Isolation to regain performance lost due to Intel CPU security hole patch?
Disabling Zeitgeist
Pulseaudio not detecting bluetooth headset automatically
easy_install/pip or apt-get
Mark bad sectors on hard drive without formatting
Can't switch anymore from Intel to NVIDIA GPU
Is system cleanup/optimization needed
How do I add myself into the sudoers group? [duplicate]
How to configure ADB access for Android devices?
Backup whole OS
How to completely remove Unity, and replace it with Cinnamon?