I am not using a router, but only a DLS/PPPoE setup connection.
contents of /etc/systemd/resolved.conf:
[Resolve]
DNS=9.9.9.9#dns.quad9.net
FallbackDNS=1.1.1.2#security.cloudflare-dns.com
#Domains=
DNSSEC=yes
#DNSOverTLS=yes
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
Both /etc/resolv.conf and /etc/ppp/resolv.conf are symlinked to /run/systemd/resolve/stub-resolv.conf
I installed systemd-resolvconf and openresolv got uninstalled in the proccess.
I restarted both systemd-resolved.service and NetworkManager.service
I created the /etc/NetworkManager/conf.d/dns.conf with the contents
[main]
dns=systemd-resolved
$resolvectl status:
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=yes/supported
resolv.conf mode: stub
Current DNS Server: 9.9.9.9#dns.quad9.net
DNS Servers: 9.9.9.9#dns.quad9.net
Fallback DNS Servers: 1.1.1.2#security.cloudflare-dns.com
Link 5 (ppp1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 213.154.124.1
DNS Servers: 193.231.252.1 213.154.124.1
If I use 1.1.1.1/help, it does show AS Name: WoodyNet, but if I go on on.quad9.net it says NO, I am not using quad9.
perhaps as easy as this:
… I believe
and that is how that file looks in every example I saw, and mine as well
that this should not be just all on one line
but:
[main]
dns=systemd-resolved
two instead
1 Like
My bad. The file is in two lines, but I copied it wrong.
When you are using a dhcp assigned IP you will get the DNS assigned as well.
If you want to override the assigned DNS you could override in NetworkManager configuration app.
2 Likes
Ok, so I removed both symlinks from /run/systemd/resolve/stub-resolv.conf and the file /etc/NetworkManager/conf.d/dns.conf
I entered NetworkManager from the KDE panel and edited the connection.
On IPv4 I set DNS Server: 9.9.9.9 and Method: Automatic (Only addresses)
From /etc/systemd/resolved.conf I commented back DNSSEC=yes. It seems that because quad9 already has DNSSEC validation, this option makes it miss behave.
I restarted the computer and now, the contents of /etc/resolv.conf is:
#Generated by NetworkManager
nameserver 9.9.9.9
but /etc/ppp/resolv.conf contents are:
nameserver 193.231.252.1
nameserver 213.154.124.1
and $resolvectl status is:
Global
Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 9.9.9.9#dns.quad9.net
DNS Servers: 9.9.9.9#dns.quad9.net
Fallback DNS Servers: 1.1.1.2#security.cloudflare-dns.com
Link 3 (ppp0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 213.154.124.1
DNS Servers: 193.231.252.1 213.154.124.1
When I check on.quad9.net it says YES, I am using it and when I check DNS leak, it does show them.
My question is: now that in resolvectl status it says DNSSEC=no/unsupported, is it still active on the internet since their primary DNS says it has DNSSEC Validation?