What is systemd-resolved?
systemd-resolved acts as a systemd based DNS proxy system which has intelligent request handling both from a D-BUS interface as well as a DNS server to intercept traditional network lookups.
It performs this task by setting a single localhost address in the /etc/resolv.conf file (really symbolic linked to another static file managed by systemd-resolved).
This can be very useful, in situations where you intend to perform lookups against different interfaces with different sets of resolvers (say one set of resolvers for your VPN, and another set of resolvers for your local ISP.
If your local ISP, or another Internet routeable host is set as your resolver, it’s possible that your ISP could continue to receive DNS request data through the VPN. Which could be used to unmask your connection, making you no longer anonymous (theoretically).
That’s great and very useful, however systemd-resolved adds another layer of lookup cruft in something that needs to be extremely fast.
Additionally it adds local logging capability of all of your DNS request traffic which could be something you’re not interested in.
Because of these performance problems, and seemingly unreliable service I’ve disabled the service on my laptops and carefully manage my DNS settings, especially when on foreign networks or networks which I don’t directly control the lookup path from system to root servers.
Here’s the quick and dirty on how to do it
Disable systemd-resolved service
ubuntu@laptop:~$ sudo systemctl disable systemd-resolved.service ubuntu@laptop:~$ sudo service systemd-resolved stop
Reconfigure the NetworkManager
Open the NetworkManager configuration fileĀ /etc/NetworkManager/NetworkManager.conf
Find and modify or add a new — dns key in the [main] section of the configuration file and set the value to default.
[main] dns=default
Clean up
Remove the existing symbolic link called /etc/resolv.conf (don’t worry this file will be regenerated by NetworkManager on restart
ubuntu@laptop:~$ sudo rm /etc/resolv.conf
Restart NetworkManager
Now restart the NetworkManager service
ubuntu@laptop:~$ sudo service network-manager restart
Verify that your resolver works
Check that NetworkManager recreated the /etc/resolv.conf file and that it contains the DNS entries which match your network configuration
ubuntu@laptop:~$ cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 10.10.0.1 nameserver 10.10.0.2 ubuntu@laptop:~$
You should also be able to ping Google.com