145

Linux DNS settings is a total mess (lemdro.id)

submitted 11 months ago by mfat@lemdro.id to c/linux@lemmy.ml

68 comments fedilink hide all child comments

I recently tried to enable system-wide DNS over https on Fedora. To do so I had to to some research and found out how comfusing it is for the average user (and even experienced users) to change the settings. In fact there are multiple backends messing with system DNS at the same time.

Most major Linux distributions use systemd-resolved for DNS but there is no utility for changing its configuration.

The average user would still try to change DNS settings by editing /etc/relov.conf (which is overwritten and will not survive reboots) or changing settings in Network Manager.

Based on documentation of systemd-resolved, the standard way of adding custom DNS servers is putting so-called 'drop-in' files in /etc/systemd/resolved.conf.d directory, especially when you want to use DNS-over-TLS or DNS-over-https.

Modern browsers use their buit-in DNS settings which adds to the confusion.

I think this is one area that Linux needs more work and more standardization.

How do you think it should be fixed?

you are viewing a single comment's thread
view the rest of the comments

[-] 5long@lemmy.run 11 points 11 months ago* (last edited 11 months ago)

Modern browsers use their buit-in DNS settings which adds to the confusion.

There's no way of stopping any application sending DNS queries on its own unless you really want to lock down everything with a heavy hand (firewall, container, apparmor / selinux). As long as there's a toggle to turn it off, I'm okay with that.

How do you think it should be fixed?

The Tailscale folks speak of systemd-resolved positively and it works well for my own use case.

Right now I use both systemd-resolved & systemd-networkd on my laptop with a dnsproxy service to query outside DNS servers with DNS-over-HTTPS. systemd-resolved is responsible for handling queries from applications, caching and per-domain DNS routing (~home.arpa for virtual machines and ~lan for machines in my home network).

There is one little caveat: when I have to connect to a free Wi-Fi which requires authorizing via a captive portal implemented by traffic hijacking, I'll have to enable DNSDefaultRoute= in the Wi-Fi network config file, tell systemd-networkd to reload, finish the authorization in a browser page, revert the previous change, reload systemd-networkd again. It's a lot of steps but I can automate most of them with a script for now.

Long term wise, hopefully systemd-resolved will support DNS-over-HTTPS (and DNS-over-QUIC) then I can stop running dnsproxy.

Edit: link to some blog post

this post was submitted on 20 Oct 2023

145 points (89.6% liked)

Linux

47401 readers

565 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz