Adding a new DNS server with systemd-resolved

domain-name-systeminternal-dnsnetworkingsystemd

To access other machines on my network by their name, I have to add the following two lines to my /etc/resolv.conf:

search foo.local
nameserver 192.168.X.Y

But any changes I make do not persist across reboots.

This is the content of my /etc/resolv.conf, which is actually a symlink to /run/systemd/resolve/stub-resolv.conf:

$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0

I read the manuals mentioned above as well as the ArchWiki on systemd-resolved, but I could not figure out what needs to be done.

This is a Ubuntu 18.04 VM (on a Ubuntu 18.04 host).

$ systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 2 (ens2)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.122.1

Best Answer

In case you are using systemd-resolved instead of NetworkManager, add the following line to the very beginning to /etc/resolv.conf.head:

/etc/resolv.conf.head

nameserver 127.0.0.1

Prevent NetworkManager from modifying /etc/resolv.conf and leave everything to systemd-resolved by adding the following line under the [main] section of /etc/NetworkManager/NetworkManager.conf

/etc/NetworkManager/NetworkManager.conf

dns=none

As a last step you will have to restart systemd-resolved.

host> sudo systemctl stop systemd-resolved
host> sudo systemctl start systemd-resolved

Once done, you can verify if the new DNS settings are effective:

host> systemd-resolve --status

Related Solutions

Fedora – Setting Up a DNS Server on Fedora 11

Looks like a DNSSEC problem but is commented in your config file. You need to check if is enabled for Bind:

dnssec-configure -s -b

DNSSEC has been included in Fedora 11: http://fedoraproject.org/wiki/Features/DNSSEC

BIND9 DNS for Round Robin routing

Your forward zone is correct for DNS round-robin (one hostname, two addresses). You can confirm that your DNS server is returning both records by running dig www.mygateway.com. You should receive two A records.

Your reverse zone IS NOT configured correctly for round-robin DNS. What you've created there are entries for www.183.9.15.in-addr.arpa, which will both be returned, and one picked by the client's resolver library. This is definitely not what you want.
What you probably want are records like:

216    IN   PTR www.mygateway.com.
223    IN   PTR www.mygateway.com.

which will ensure that reverse DNS lookups for 15.9.183.216 and 15.9.183.223 return "www.mygateway.com" (and therefore match the forward A records).

Remember that round-robin DNS doesn't guarantee even load distribution: The choice of which record to use is made by the client resolver library and may be decided randomly, by which record was received first, by which record was received last, or any other method some drunk programmer came up with while hacking together a resolver library.

DNS round-robin is cheap and reasonably effective, but if you need good load balancing you may want to invest in load-balancing hardware (or software - pf, HAProxy, etc.).

Obligatory plug: Your question and some of the mistakes you made above imply a fundamental misunderstanding of some basic DNS concepts. I strongly suggest picking up a copy of DNS and BIND (electronically or from your local bookstore) and reading through it - at least chapters 1, 5 and 6, and in your case the relevant part of chapter 10.

The time you save by doing so will far outweigh the price of the book.

Best Answer

Related Solutions

Fedora – Setting Up a DNS Server on Fedora 11

BIND9 DNS for Round Robin routing

Related Topic