Poking around the web this morning got me to the point of tweaking the DNS servers via systemd-resolve. However, while I was able to add the DNS entries, I wasn't able to prioritize them. I figured I could do so just by adding them in a certain order...
The command went through just fine and I was actually using the first server in the list for a few minutes but then it changed to third one on the list and I'm unsure how that happened...
systemd-resolve --status enp3s0
Link 2 (enp3s0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 9.9.9.9
DNS Servers: 192.168.100.13
192.168.20.103
9.9.9.9
1.1.1.1
DNS Domain: ~.
localdomain
How can I prioritize the list? Why would the Current DNS Server change - seemingly - on its own?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason:Topic automatically closed 6 months after creation. New replies are no longer allowed.
It is set up to use the fastest responding server even if you try setting the order rigidly. Otherwise you will end up with very slow page resolution as it pings all the DNS servers in order until it gets a response to your request to load a page. The first two aren't responding to pings for me so maybe your machine has worked out that too for itself.
I’ll tell you a DNS joke but be advised, it could take up to 24 hours for everyone to get it.
The DNS servers contacted are determined from the global settings in /etc/systemd/resolved.conf, the per-link static settings in /etc/systemd/network/*.network files (in case systemd-networkd.service(8) is used), the per-link dynamic settings received over DHCP, information provided via resolvectl(1), and any DNS server information made available by other system services. See resolved.conf(5) and systemd.network(5) for details about systemd's own configuration files for DNS servers. To improve compatibility, /etc/resolv.conf is read in order to discover configured system DNS servers, but only if it is not a symlink to /run/systemd/resolve/stub-resolv.conf, /usr/lib/systemd/resolv.conf or /run/systemd/resolve/resolv.conf.
antikythera wrote: ⤴Sat Jan 30, 2021 11:52 am
The first two aren't responding to pings for me so maybe your machine has worked out that too for itself.
The first two are local to my network. Unless you have something on your network using those same IPs and responding to ICMP, you'll never get a response from them.
yeah, should have realised that from the IP addresses. Anyhow, the same logic applies still. If your system doesn't get a decent response from those IP addresses it will use the next that does work okay.
I’ll tell you a DNS joke but be advised, it could take up to 24 hours for everyone to get it.
antikythera wrote: ⤴Sat Jan 30, 2021 2:01 pm yeah, should have realised that from the IP addresses. Anyhow, the same logic applies still. If your system doesn't get a decent response from those IP addresses it will use the next that does work okay.
I get it but, based on my limited testing, I don't see how an external address can respond faster than a local one in most cases.
ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=43.1 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=57 time=43.2 ms
ping 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 9.9.9.9: icmp_seq=1 ttl=57 time=41.3 ms
64 bytes from 9.9.9.9: icmp_seq=2 ttl=57 time=40.9 ms
ping 192.168.20.103
PING 192.168.20.103 (192.168.20.103) 56(84) bytes of data.
64 bytes from 192.168.20.103: icmp_seq=1 ttl=64 time=0.390 ms
64 bytes from 192.168.20.103: icmp_seq=2 ttl=64 time=0.310 ms
ping 192.168.100.13
PING 192.168.100.13 (192.168.100.13) 56(84) bytes of data.
64 bytes from 192.168.100.13: icmp_seq=1 ttl=63 time=1.10 ms
64 bytes from 192.168.100.13: icmp_seq=2 ttl=63 time=0.973 ms
The DNS servers contacted are determined from the global settings in /etc/systemd/resolved.conf, the per-link static settings in /etc/systemd/network/*.network files (in case systemd-networkd.service(8) is used), the per-link dynamic settings received over DHCP, information provided via resolvectl(1), and any DNS server information made available by other system services. See resolved.conf(5) and systemd.network(5) for details about systemd's own configuration files for DNS servers. To improve compatibility, /etc/resolv.conf is read in order to discover configured system DNS servers, but only if it is not a symlink to /run/systemd/resolve/stub-resolv.conf, /usr/lib/systemd/resolv.conf or /run/systemd/resolve/resolv.conf.
I ran the command. I may be a little foggy/slow from the sickness but I'm not fully understanding what I'm looking for in the excerpt you highlighted.
To improve compatibility, /etc/resolv.conf is read in order to discover configured system DNS servers, but only if it is not a symlink to /run/systemd/resolve/stub-resolv.conf, /usr/lib/systemd/resolv.conf or /run/systemd/resolve/resolv.conf.
Wait...I think I'm getting something.... So, my /etc/resolv.confis a symlink so that's why it can't/won't be read directly. Therefore, I cannot bypass the way the system uses the configured DNS servers....
So, could I just delete the symlink? What could possibly go wrong!?
rkillcrazy wrote: ⤴Sat Jan 30, 2021 2:15 pm
could I just delete the symlink? What could possibly go wrong!?
You can try to replace the symlink with ASCII text such as /run/resolvconf/resolv.conf and edit it accordingly.
Be warned - resolved resolver is a complicated mess. I stopped using it long ago.
t42 wrote: ⤴Sat Jan 30, 2021 4:31 pm
You can try to replace the symlink with ASCII text such as /run/resolvconf/resolv.conf and edit it accordingly.
Be warned - resolved resolver is a complicated mess. I stopped using it long ago.
If you've stopped using this method, is there a better way of going about what I'm looking to do?
I'm using DOT with stubby + dnsmasq from each PC directly, trying to exclude router. Something like Setting up DNS over TLS . It may be not how you want to configure your internal network. Stubby can be set up in the round robin mode or prioritize the first server in the stubby config.
t42 wrote: ⤴Sun Jan 31, 2021 2:02 am
I'm using DOT with stubby + dnsmasq from each PC directly, trying to exclude router. Something like Setting up DNS over TLS . It may be not how you want to configure your internal network. Stubby can be set up in the round robin mode or prioritize the first server in the stubby config.
Interesting... Well, if I decide to go that route, how do I revert the changes I've made? If I run something like the following, does the system revert back to the settings where it used the DNS servers provided by DHCP?
I'm not sure, there is Network Manager participation too. For me it's easy to revert settings described. Also you can create another profile in the network manager and switch several resolvers with a click of a button.
yeah, should have realised that from the IP addresses. Anyhow, the same logic applies still. If your system doesn't get a decent response from those IP addresses it will use the next that does work okay.