Bonjour,
I am a little bit confused about the dns : I have systemd-resolved installed and when I list the content of the package (rpm -ql), I can read on the first line:
/etc/systemd/resolved.conf
But there is no /etc/systemd/resolved.conf
There is a /usr/lib/systemd/resolved.conf but it is a file the lines of whitch are all commented...
There is a /usr/sbin/resolvconf and a man for this, so I tried to use this resolvconf and read the man... Under the OPTIONS :
" -i INTERFACE, --interface=INTERFACE Specifies the network interface to execute the query on. This may either be specified as numeric interface index or as network interface string (e.g. "en0")"
So, I tried resolvconf -i eno1 and...
Switch -i not supported
lol!
I can see that /usr/sbin/resolvconf is a symbolic link to ../bin/resolvectl
Trying to use resolvectl I get:
Global Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub
Link 2 (eno1) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 80.67.169.12 80.67.169.40 192.168.1.1 DNS Domain: home
Link 3 (wlp6s0) Current Scopes: none Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Well! But where is the config file where all this is defined? That's a mystery!
It seems that (at least) two systems are install for the dns but is there a way to see what is the one in use and how can I -- safely -- configure the dns system on my machine to use DNSOverTLS?
Thank you for helping.
F.P.
On Apr 24, 2025, at 08:28, François Patte francois.patte@fdn.fr wrote:
am a little bit confused about the dns : I have systemd-resolved installed and when I list the content of the package (rpm -ql), I can read on the first line:
/etc/systemd/resolved.conf
But there is no /etc/systemd/resolved.conf
There is a /usr/lib/systemd/resolved.conf but it is a file the lines of whitch are all commented...
It may take some getting used to, but systemd has multiple places where configuration is read, and the files in /etc/systemd overrides the files in /usr/lib/systemd. The idea is that the OS packages files in /usr/lib and /etc is for local changes. The same occurs with systemd service units.
You can create (or copy over from /usr/lib/systemd) the /etc/systemd/resolved.conf and use the options that are commented out, and it will override the file in /usr/lib/systemd.
The package has that file marked as %ghost, it is part of the package but actually supplied by the package.
Le 24/04/2025 à 23:01, Jonathan Billings a écrit :
On Apr 24, 2025, at 08:28, François Patte francois.patte@fdn.fr wrote:
am a little bit confused about the dns : I have systemd-resolved installed and when I list the content of the package (rpm -ql), I can read on the first line:
/etc/systemd/resolved.conf
But there is no /etc/systemd/resolved.conf
There is a /usr/lib/systemd/resolved.conf but it is a file the lines of whitch are all commented...
It may take some getting used to, but systemd has multiple places where configuration is read, and the files in /etc/systemd overrides the files in /usr/lib/systemd. The idea is that the OS packages files in /usr/lib and /etc is for local changes. The same occurs with systemd service units.
You can create (or copy over from /usr/lib/systemd) the /etc/systemd/resolved.conf and use the options that are commented out, and it will override the file in /usr/lib/systemd.
The package has that file marked as %ghost, it is part of the package but actually supplied by the package.
Thank you for these explanations (and thank you to Samuel too). Now I would like to understand something else: I created a /etc/systemd/resolved.conf file with:
[Resolve] DNS=80.67.169.12#ns0.fdn.fr 2001:910:800::12#ns0.fdn.fr FallbackDNS=80.67.169.40#ns1.fdn.fr 2001:910:800::40#ns.fdn.fr DNSOverTLS=yes
When I ask resolvectl status I get this:
Global Protocols: LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Current DNS Server: 80.67.169.12#ns0.fdn.fr DNS Servers: 80.67.169.12#ns0.fdn.fr 2001:910:800::12#ns0.fdn.fr Fallback DNS Servers: 80.67.169.40#ns1.fdn.fr 2001:910:800::40#ns.fdn.fr
Link 2 (eno1) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 80.67.169.12 80.67.169.40 192.168.1.1 DNS Domain: home
Link 3 (wlp6s0) Current Scopes: none Protocols: -DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported
OK for "global", that is what I want but what is the meaning of "Link 2" ? eno1 is the name of the ethernet device, should I understand that, in fact my dns resolver is 192.168.1.1, the box, and then the dns is the one of my ISP?
Thank you for lights.
F.P.
On 4/26/25 2:05 PM, François Patte wrote:
Le 24/04/2025 à 23:01, Jonathan Billings a écrit :
On Apr 24, 2025, at 08:28, François Patte francois.patte@fdn.fr wrote:
am a little bit confused about the dns : I have systemd-resolved installed and when I list the content of the package (rpm -ql), I can read on the first line:
/etc/systemd/resolved.conf
But there is no /etc/systemd/resolved.conf
There is a /usr/lib/systemd/resolved.conf but it is a file the lines of whitch are all commented...
It may take some getting used to, but systemd has multiple places where configuration is read, and the files in /etc/systemd overrides the files in /usr/lib/systemd. The idea is that the OS packages files in /usr/lib and /etc is for local changes. The same occurs with systemd service units.
You can create (or copy over from /usr/lib/systemd) the /etc/systemd/ resolved.conf and use the options that are commented out, and it will override the file in /usr/lib/systemd.
The package has that file marked as %ghost, it is part of the package but actually supplied by the package.
Thank you for these explanations (and thank you to Samuel too). Now I would like to understand something else: I created a /etc/systemd/ resolved.conf file with:
[Resolve] DNS=80.67.169.12#ns0.fdn.fr 2001:910:800::12#ns0.fdn.fr FallbackDNS=80.67.169.40#ns1.fdn.fr 2001:910:800::40#ns.fdn.fr DNSOverTLS=yes
When I ask resolvectl status I get this:
Global Protocols: LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/ unsupported resolv.conf mode: stub Current DNS Server: 80.67.169.12#ns0.fdn.fr DNS Servers: 80.67.169.12#ns0.fdn.fr 2001:910:800::12#ns0.fdn.fr Fallback DNS Servers: 80.67.169.40#ns1.fdn.fr 2001:910:800::40#ns.fdn.fr
Link 2 (eno1) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 80.67.169.12 80.67.169.40 192.168.1.1 DNS Domain: home
Link 3 (wlp6s0) Current Scopes: none Protocols: -DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported
OK for "global", that is what I want but what is the meaning of "Link 2" ? eno1 is the name of the ethernet device, should I understand that, in fact my dns resolver is 192.168.1.1, the box, and then the dns is the one of my ISP?
I would expect that unless you tell it otherwise, it's going to use the DHCP provided DNS server. If you want to override that, you put it in the network config for the ethernet adapter.
Le 27/04/2025 à 07:49, Samuel Sieb a écrit :
On 4/26/25 2:05 PM, François Patte wrote:
Le 24/04/2025 à 23:01, Jonathan Billings a écrit :
On Apr 24, 2025, at 08:28, François Patte francois.patte@fdn.fr wrote:
am a little bit confused about the dns : I have systemd-resolved installed and when I list the content of the package (rpm -ql), I can read on the first line:
/etc/systemd/resolved.conf
But there is no /etc/systemd/resolved.conf
There is a /usr/lib/systemd/resolved.conf but it is a file the lines of whitch are all commented...
It may take some getting used to, but systemd has multiple places where configuration is read, and the files in /etc/systemd overrides the files in /usr/lib/systemd. The idea is that the OS packages files in /usr/lib and /etc is for local changes. The same occurs with systemd service units.
You can create (or copy over from /usr/lib/systemd) the /etc/systemd/ resolved.conf and use the options that are commented out, and it will override the file in /usr/lib/systemd.
The package has that file marked as %ghost, it is part of the package but actually supplied by the package.
Thank you for these explanations (and thank you to Samuel too). Now I would like to understand something else: I created a /etc/systemd/ resolved.conf file with:
[Resolve] DNS=80.67.169.12#ns0.fdn.fr 2001:910:800::12#ns0.fdn.fr FallbackDNS=80.67.169.40#ns1.fdn.fr 2001:910:800::40#ns.fdn.fr DNSOverTLS=yes
When I ask resolvectl status I get this:
Global Protocols: LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/ unsupported resolv.conf mode: stub Current DNS Server: 80.67.169.12#ns0.fdn.fr DNS Servers: 80.67.169.12#ns0.fdn.fr 2001:910:800::12#ns0.fdn.fr Fallback DNS Servers: 80.67.169.40#ns1.fdn.fr 2001:910:800::40#ns.fdn.fr
Link 2 (eno1) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 80.67.169.12 80.67.169.40 192.168.1.1 DNS Domain: home
Link 3 (wlp6s0) Current Scopes: none Protocols: -DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported
OK for "global", that is what I want but what is the meaning of "Link 2" ? eno1 is the name of the ethernet device, should I understand that, in fact my dns resolver is 192.168.1.1, the box, and then the dns is the one of my ISP?
I would expect that unless you tell it otherwise, it's going to use the DHCP provided DNS server. If you want to override that, you put it in the network config for the ethernet adapter.
Ok. But where is defined the network configuration ? I try to find some dhcp instructions with nmcli but.... no success.
Once upon a time, there were a file ifcfg-xxx were the ethernet config was clearly written but times have changed!
I don't want to go back (I'm not competitive enough for that...) but I find that all these configurations are becoming increasingly opaque.
Regards
On 4/27/25 3:46 AM, François Patte wrote:
Le 27/04/2025 à 07:49, Samuel Sieb a écrit :
On 4/26/25 2:05 PM, François Patte wrote:
Le 24/04/2025 à 23:01, Jonathan Billings a écrit :
On Apr 24, 2025, at 08:28, François Patte francois.patte@fdn.fr wrote:
am a little bit confused about the dns : I have systemd-resolved installed and when I list the content of the package (rpm -ql), I can read on the first line:
/etc/systemd/resolved.conf
But there is no /etc/systemd/resolved.conf
There is a /usr/lib/systemd/resolved.conf but it is a file the lines of whitch are all commented...
It may take some getting used to, but systemd has multiple places where configuration is read, and the files in /etc/systemd overrides the files in /usr/lib/systemd. The idea is that the OS packages files in /usr/lib and /etc is for local changes. The same occurs with systemd service units.
You can create (or copy over from /usr/lib/systemd) the /etc/ systemd/ resolved.conf and use the options that are commented out, and it will override the file in /usr/lib/systemd.
The package has that file marked as %ghost, it is part of the package but actually supplied by the package.
Thank you for these explanations (and thank you to Samuel too). Now I would like to understand something else: I created a /etc/systemd/ resolved.conf file with:
[Resolve] DNS=80.67.169.12#ns0.fdn.fr 2001:910:800::12#ns0.fdn.fr FallbackDNS=80.67.169.40#ns1.fdn.fr 2001:910:800::40#ns.fdn.fr DNSOverTLS=yes
When I ask resolvectl status I get this:
Global Protocols: LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/ unsupported resolv.conf mode: stub Current DNS Server: 80.67.169.12#ns0.fdn.fr DNS Servers: 80.67.169.12#ns0.fdn.fr 2001:910:800::12#ns0.fdn.fr Fallback DNS Servers: 80.67.169.40#ns1.fdn.fr 2001:910:800::40#ns.fdn.fr
Link 2 (eno1) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 80.67.169.12 80.67.169.40 192.168.1.1 DNS Domain: home
Link 3 (wlp6s0) Current Scopes: none Protocols: -DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported
OK for "global", that is what I want but what is the meaning of "Link 2" ? eno1 is the name of the ethernet device, should I understand that, in fact my dns resolver is 192.168.1.1, the box, and then the dns is the one of my ISP?
I would expect that unless you tell it otherwise, it's going to use the DHCP provided DNS server. If you want to override that, you put it in the network config for the ethernet adapter.
Ok. But where is defined the network configuration ? I try to find some dhcp instructions with nmcli but.... no success.
If you really want to use nmcli, the parameter is "ipv4.dns". Otherwise, it's the DNS setting in the network configuration, which depends on which desktop you're using.
Once upon a time, there were a file ifcfg-xxx were the ethernet config was clearly written but times have changed!
Now they're in /etc/NetworkManager/system-connections/
François Patte composed on 2025-04-27 12:46 (UTC+0200):
Once upon a time, there were a file ifcfg-xxx were the ethernet config was clearly written but times have changed!
Having no mobile computers, and none using wireless networking, I find myself to be the only network manager needed, and barely so, so have no network manager installed: # inxi -S System: Host: ab560 Kernel: 6.13.11-200.fc41.x86_64 arch: x86_64 bits: 64 Console: pty pts/0 Distro: Fedora Linux 42 (Adams) # rpm -qa | egrep 'net|esolve|nmi|nager' | grep -v libn | sort lpcnetfreedv-0.5-8.fc42.x86_64 nettle-3.10.1-1.fc42.x86_64 perl-libnet-3.15-513.fc42.noarch systemd-networkd-257.5-2.fc42.x86_64 # ls -gGh /etc/systemd/network /etc/*work* /etc/*ager* /etc/*solv* | sort ls: cannot access '/etc/*ager*': No such file or directory
-rw-r--r-- 1 58 Mar 4 19:00 /etc/networks -rw-r--r-- 1 68 Oct 1 2019 /etc/resolv.conf01 -rw-r--r-- 1 68 Oct 9 2020 /etc/resolv.conf.orig-with-nm -rw-r--r-- 1 233 Nov 30 2020 /etc/resolv.conf -rw-r--r-- 1 233 Nov 30 2020 /etc/resolv.conf.latest -rw-r--r-- 1 174 Apr 5 2023 eth0.network /etc/systemd/network: total 1.0K # systemctl list-unit-files | egrep 'net|solv' systemd-network-generator.service disabled enabled systemd-networkd-persistent-storage.service static - systemd-networkd-wait-online.service disabled disabled systemd-networkd-wait-online@.service disabled disabled systemd-networkd.service disabled disabled systemd-resolved.service masked enabled systemd-networkd.socket enabled disabled network-online.target static - network-pre.target static - network.target static - #
On Sun, 2025-04-27 at 13:58 -0400, Felix Miata wrote:
Having no mobile computers, and none using wireless networking, I find myself to be the only network manager needed, and barely so, so have no network manager installed
It can still manage that *one* connection. And there are (or were?) various apps that look to Network Manager to tell if you're off- or on- line.
Tim composed on 2025-04-28 15:16 (UTC+0930):
On Sun, 2025-04-27 at 13:58 -0400, Felix Miata wrote:
Having no mobile computers, and none using wireless networking, I find myself to be the only network manager needed, and barely so, so have no network manager installed
It can still manage that *one* connection.
"Barely so" means nothing at all to manage, beyond initial configuration, which is simply a copy from backup, or a new one using a backup copy as template.
And there are (or were?) various apps that look to Network Manager to tell if you're off- or on- line.
I don't know why apps would care. When I want to know, I look at the LEDs on my router and/or modem and/or ethernet port.
Tim:
And there are (or were?) various apps that look to Network Manager to tell if you're off- or on- line.
Felix Miata:
I don't know why apps would care. When I want to know, I look at the LEDs on my router and/or modem and/or ethernet port
Likewise...
I found it a problem. If one interface went down it'd tell some apps that the computer was off-line, when it wasn't.
On Sat, 2025-04-26 at 23:05 +0200, François Patte wrote:
Current DNS Server: 192.168.1.1 DNS Servers: 80.67.169.12 80.67.169.40 192.168.1.1
Having multiple DNS servers, like that, *can* be a problem. It depends on your use case.
The system will usually have a default server it queries for everything, and if it doesn't respond (at all) it will try one of the others. If it does respond (even if it doesn't have and results), it has answered and the others won't be queried.
If all your DNS servers do is resolve public internet addresses, and do it well, you'll probably never notice any problems.
If you depend on *your* DNS server to answer queries about local IPs on your LAN, which the public ones cannot do, you will strike problems if your system starts querying the public ones.
If your system round-robins the queries, instead of always using your preferred server, you get that problem rearing its head again and again.
On 27 Apr 2025, at 09:20, Tim via users users@lists.fedoraproject.org wrote:
The system will usually have a default server it queries for everything, and if it doesn't respond (at all) it will try one of the others. If it does respond (even if it doesn't have and results), it has answered and the others won't be queried.
I think I read that systemd-resolved queries all servers in parallel and return the answer from the first server to respond?
If the servers do not have consistent contents you see unexpected query results.
Barry
Am 27.04.2025 um 10:57:30 Uhr schrieb Barry Scott:
On 27 Apr 2025, at 09:20, Tim via users users@lists.fedoraproject.org wrote:
The system will usually have a default server it queries for everything, and if it doesn't respond (at all) it will try one of the others. If it does respond (even if it doesn't have and results), it has answered and the others won't be queried.
I think I read that systemd-resolved queries all servers in parallel and return the answer from the first server to respond?
If the servers do not have consistent contents you see unexpected query results.
Then you have a general problem. DNS is intended to give back the same results for the same query - regardless which server you ask.
On Sun, 2025-04-27 at 12:17 +0200, Marco Moock wrote:
Then you have a general problem. DNS is intended to give back the same results for the same query - regardless which server you ask.
Yes, and no.
My internal DNS can obviously answer my LAN addressing queries, and it's set up to also resolve queries about internet addresses. It runs as a full server. No public server can answer queries about my LAN.
On the internet, various services have multiple IPs and use round-robin DNS answers as load sharing.
On various ISPs, as a customer, if you ask their DNS server for their mail server addresses you may get a different answer than if an outsider asked the same query.
Am 27.04.2025 um 20:42:23 Uhr schrieb Tim via users:
My internal DNS can obviously answer my LAN addressing queries, and it's set up to also resolve queries about internet addresses. It runs as a full server. No public server can answer queries about my LAN.
Then only have the internal DNS set in your OS. If you have at least one set that behaves different, you get arbitrary results.
On the internet, various services have multiple IPs and use round-robin DNS answers as load sharing.
That is fine, if they provide all the same service.
On various ISPs, as a customer, if you ask their DNS server for their mail server addresses you may get a different answer than if an outsider asked the same query.
That is simply a rather crappy solution.
Tim via users:
My internal DNS can obviously answer my LAN addressing queries, and it's set up to also resolve queries about internet addresses. It runs as a full server. No public server can answer queries about my LAN.
Marco Moock:
Then only have the internal DNS set in your OS. If you have at least one set that behaves different, you get arbitrary results.
That is what I do.
On various ISPs, as a customer, if you ask their DNS server for their mail server addresses you may get a different answer than if an outsider asked the same query.
That is simply a rather crappy solution.
There's a lot that do it, it's a rather simple solution to when *you* connect from home you're connected directly to them and use their mail server (for example) with full privileges. However, if you're roaming and use their mail server you connect through a more restricted way. Likewise if they offer other services, like proxies.
Though, because one of my ISPs had a really crappy DNS server when I joined them 20 years ago I started running my own server.
It was overloaded and *very* slow at responding. It was that bad that it made dial-up internet even slower. Sometimes it didn't respond at all. It frequently gave no answer for the service's own news server address. And it was the biggest ISP in the country (Telstra) who ought to be able to do a lot better.
On 4/24/25 5:27 AM, François Patte wrote:
I am a little bit confused about the dns : I have systemd-resolved installed and when I list the content of the package (rpm -ql), I can read on the first line:
/etc/systemd/resolved.conf
But there is no /etc/systemd/resolved.conf
It's a ghost file. If it exists, it's owned by the package.
There is a /usr/lib/systemd/resolved.conf but it is a file the lines of whitch are all commented...
That's the system default config which doesn't override any of the program defaults.
There is a /usr/sbin/resolvconf and a man for this, so I tried to use this resolvconf and read the man... Under the OPTIONS :
" -i INTERFACE, --interface=INTERFACE Specifies the network interface to execute the query on. This may either be specified as numeric interface index or as network interface string (e.g. "en0")"
So, I tried resolvconf -i eno1 and...
Switch -i not supported
lol!
I can see that /usr/sbin/resolvconf is a symbolic link to ../bin/resolvectl
Yes, if you notice, the man page is actually for "resolvectl" and if you read to the bottom, you will get an answer to your "lol".
Trying to use resolvectl I get:
Global Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub
Link 2 (eno1) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 80.67.169.12 80.67.169.40 192.168.1.1 DNS Domain: home
Link 3 (wlp6s0) Current Scopes: none Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Well! But where is the config file where all this is defined? That's a mystery!
It's using the defaults. Presumably your DHCP server is providing that info or you've configured it in the network config.
It seems that (at least) two systems are install for the dns but is there a way to see what is the one in use and how can I -- safely -- configure the dns system on my machine to use DNSOverTLS?
What two systems?
-
Barry Scott -
Felix Miata -
François Patte -
Jonathan Billings -
Marco Moock -
Samuel Sieb -
Tim