Changing DNS with systemd-resolved not working with PPPoE

I am not using a router, but only a DLS/PPPoE setup connection.

contents of /etc/systemd/resolved.conf:

[Resolve]
DNS=9.9.9.9#dns.quad9.net
FallbackDNS=1.1.1.2#security.cloudflare-dns.com
#Domains=
DNSSEC=yes
#DNSOverTLS=yes
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

Both /etc/resolv.conf and /etc/ppp/resolv.conf are symlinked to /run/systemd/resolve/stub-resolv.conf
I installed systemd-resolvconf and openresolv got uninstalled in the proccess.
I restarted both systemd-resolved.service and NetworkManager.service

I created the /etc/NetworkManager/conf.d/dns.conf with the contents

[main]
dns=systemd-resolved

$resolvectl status:

Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=yes/supported
resolv.conf mode: stub
Current DNS Server: 9.9.9.9#dns.quad9.net
DNS Servers: 9.9.9.9#dns.quad9.net
Fallback DNS Servers: 1.1.1.2#security.cloudflare-dns.com

Link 5 (ppp1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 213.154.124.1
DNS Servers: 193.231.252.1 213.154.124.1

If I use 1.1.1.1/help, it does show AS Name: WoodyNet, but if I go on on.quad9.net it says NO, I am not using quad9.

perhaps as easy as this:
… I believe
and that is how that file looks in every example I saw, and mine as well
that this should not be just all on one line
but:

[main]
dns=systemd-resolved

two instead

1 Like

My bad. The file is in two lines, but I copied it wrong.

When you are using a dhcp assigned IP you will get the DNS assigned as well.

If you want to override the assigned DNS you could override in NetworkManager configuration app.

2 Likes

Ok, so I removed both symlinks from /run/systemd/resolve/stub-resolv.conf and the file /etc/NetworkManager/conf.d/dns.conf

I entered NetworkManager from the KDE panel and edited the connection.
On IPv4 I set DNS Server: 9.9.9.9 and Method: Automatic (Only addresses)

From /etc/systemd/resolved.conf I commented back DNSSEC=yes. It seems that because quad9 already has DNSSEC validation, this option makes it miss behave.
I restarted the computer and now, the contents of /etc/resolv.conf is:

#Generated by NetworkManager
nameserver 9.9.9.9

but /etc/ppp/resolv.conf contents are:

nameserver 193.231.252.1
nameserver 213.154.124.1

and $resolvectl status is:

Global
Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 9.9.9.9#dns.quad9.net
DNS Servers: 9.9.9.9#dns.quad9.net
Fallback DNS Servers: 1.1.1.2#security.cloudflare-dns.com

Link 3 (ppp0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 213.154.124.1
DNS Servers: 193.231.252.1 213.154.124.1

When I check on.quad9.net it says YES, I am using it and when I check DNS leak, it does show them.

My question is: now that in resolvectl status it says DNSSEC=no/unsupported, is it still active on the internet since their primary DNS says it has DNSSEC Validation?