Changing DNS with systemd-resolved not working with PPPoE

I am not using a router, but only a DLS/PPPoE setup connection.

contents of /etc/systemd/resolved.conf:


Both /etc/resolv.conf and /etc/ppp/resolv.conf are symlinked to /run/systemd/resolve/stub-resolv.conf
I installed systemd-resolvconf and openresolv got uninstalled in the proccess.
I restarted both systemd-resolved.service and NetworkManager.service

I created the /etc/NetworkManager/conf.d/dns.conf with the contents


$resolvectl status:

Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=yes/supported
resolv.conf mode: stub
Current DNS Server:
DNS Servers:
Fallback DNS Servers:

Link 5 (ppp1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Current DNS Server:
DNS Servers:

If I use, it does show AS Name: WoodyNet, but if I go on it says NO, I am not using quad9.

perhaps as easy as this:
… I believe
and that is how that file looks in every example I saw, and mine as well
that this should not be just all on one line


two instead

My bad. The file is in two lines, but I copied it wrong.

When you are using a dhcp assigned IP you will get the DNS assigned as well.

If you want to override the assigned DNS you could override in NetworkManager configuration app.


Ok, so I removed both symlinks from /run/systemd/resolve/stub-resolv.conf and the file /etc/NetworkManager/conf.d/dns.conf

I entered NetworkManager from the KDE panel and edited the connection.
On IPv4 I set DNS Server: and Method: Automatic (Only addresses)

From /etc/systemd/resolved.conf I commented back DNSSEC=yes. It seems that because quad9 already has DNSSEC validation, this option makes it miss behave.
I restarted the computer and now, the contents of /etc/resolv.conf is:

#Generated by NetworkManager

but /etc/ppp/resolv.conf contents are:


and $resolvectl status is:

Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server:
DNS Servers:
Fallback DNS Servers:

Link 3 (ppp0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=no/unsupported
Current DNS Server:
DNS Servers:

When I check it says YES, I am using it and when I check DNS leak, it does show them.

My question is: now that in resolvectl status it says DNSSEC=no/unsupported, is it still active on the internet since their primary DNS says it has DNSSEC Validation?