Ubuntu 18.04 systemd-resolve doesn't read the /etc/resolv.conf properly
using 18.10 I had a similar problem. I resolved my problem by modifying /etc/systemd/resolved.conf with the dns server and search domain information. this looks to be correct behavior, according to the man page,
The DNS servers contacted are determined from the global settings in /etc/systemd/resolved.conf, the per-link static settings in /etc/systemd/network/*.network files (in case systemd- networkd.service(8) is used), the per-link dynamic settings received over DHCP, and any DNS server information made available by other system services. See resolved.conf(5) and systemd.network(5) for details about systemd's own configuration files for DNS servers. To improve compatibility, /etc/resolv.conf is read in order to discover configured system DNS servers, but only if it is not a symlink to /run/systemd/resolve/stub-resolv.conf or /run/systemd/resolve/resolv.conf (see below).
my config looks like this, adjust to fit your environment,
192.168.1.1 is your private dns
domain syntax is important, don't forget the trailing dot "."
#/etc/systemd/resolved.conf
[Resolve]
DNS=192.168.1.1
#FallbackDNS=
Domains=blah.mydomain.com. blahblah.mydomain.com.
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
then restart the service
sudo systemctl restart systemd-resolved.service
verify service is running. syntax errors might cause issues that you can see here.
sudo systemctl status systemd-resolved.service
try to lookup a local domain
nslookup blah.mydomain.com
if that did not work, then verify the query does not time out. manually specify the dns server
nslookup blah.mydomain.com 192.168.1.1
resolved has a built-in query function which is helpful
% resolvectl query fedoraproject.org
fedoraproject.org: 2605:bc80:3010:600:dead:beef:cafe:fed9 -- link: enp5s0
2620:52:3:1:dead:beef:cafe:fed7 -- link: enp5s0
2610:28:3090:3001:dead:beef:cafe:fed3 -- link: enp5s0
2604:1580:fe00:0:dead:beef:cafe:fed1 -- link: enp5s0
2605:bc80:3010:600:dead:beef:cafe:feda -- link: enp5s0
2620:52:3:1:dead:beef:cafe:fed6 -- link: enp5s0
209.132.190.2 -- link: enp5s0
8.43.85.67 -- link: enp5s0
38.145.60.21 -- link: enp5s0
67.219.144.68 -- link: enp5s0
140.211.169.196 -- link: enp5s0
140.211.169.206 -- link: enp5s0
152.19.134.142 -- link: enp5s0
38.145.60.20 -- link: enp5s0
152.19.134.198 -- link: enp5s0
8.43.85.73 -- link: enp5s0
-- Information acquired via protocol DNS in 99.8ms.
-- Data is authenticated: no
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I faced a strange issue with my Ubuntu 18.04. I use openfortivpn to connect to my company resources and it worked OK. I also use openvpn to connect to some different resources as well, sometimes even simultaneously. Today all resources behind the vpn became unreachable and I figured out this is related to some DNS settings on my PC.
With no active openfortivpn connection:
ll /etc/resolv.conf lrwxrwxrwx 1 root root 37 Jan 9 10:52 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf grep name /run/systemd/resolve/*.conf /run/systemd/resolve/resolv.conf:nameserver 192.168.139.2 /run/systemd/resolve/stub-resolv.conf:nameserver 127.0.0.53
With active openfortivpn:
As you can see, the openfortivpn has inserted 2 new nameservers into the `/run/systemd/resolve/stub-resolv.conf` which is fine. But seems like the `systemd-resolve` doesn't take this new config (no DNS server for `ppp0` interface) and internal resources behind the VPN were not reachable:ll /etc/resolv.conf lrwxrwxrwx 1 root root 37 Jan 9 10:52 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf grep name /run/systemd/resolve/*.conf resolv.conf:nameserver 192.168.139.2 stub-resolv.conf:nameserver 10.220.64.161 stub-resolv.conf:nameserver 10.220.64.162
sudo systemd-resolve --status Global DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 6 (ppp0) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no Link 2 (ens33) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 192.168.139.2 DNS Domain: localdomain
So I tried to add the DNS manually into the systemd-resolve:
And finally it works. Any idea what is the problem here? Isn't this somehow related to `openvpn-systemd-resolved` because I can remember I installed this package recently in order to be able to use my other openvpn connections.sudo systemd-resolve --set-dns=10.220.64.161 --set-domain=localdomain --set-llmnr=yes --set-mdns=no --set-dnssec=no --interface=ppp0 systemd-resolve --status Global DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 6 (ppp0) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 10.220.64.161 DNS Domain: localdomain Link 2 (ens33) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 192.168.139.2 DNS Domain: localdomain
Thank you a lot for any advice. Michal.