I now understand a little more about resolved configuration.
When @Nachlese pointed me to the description within
/etc/systemd/resolved.conf
, I followed the description.
It says that you should create a resolved.conf in /etc/systemd/resolved.conf.d/
.
So I created it and equipped it with the standard drop-ins and my own DNS servers.
GNU nano 8.1 /etc/systemd/resolved.conf.d/resolved.conf
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/resolved.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.
[Resolve]
#Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
#
#DNS=
FallbackDNS=empty
#Domains=
DNSSEC=yes
DNSOverTLS=yes
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0
I also activated a special DNS there to understand which configuration file Resolved prefers when it makes a DNS query.
Because in /etc/systemd/resolved.conf.d/
I still had my upstream.conf
in which I also activated [resolve]
.
Now I know that systemd prefers /etc/systemd/resolved.conf.d/resolved.conf
over the upstream.conf
or other files stored there.
This now shows us resolvectl status
$ resolvectl status ✔
Global
Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=yes/supported
resolv.conf mode: foreign
Current DNS Server: 78.46.244.143#dot-de.blahdns.com
DNS Servers: 78.46.244.143#dot-de.blahdns.com 45.91.92.121#dot-ch.blahdns.com
185.95.218.42#dns.digitale-gesellschaft.ch 185.95.218.43#dns.digitale-gesellschaft.ch
Link 2 (enp4s0)
Current Scopes: LLMNR/IPv4 mDNS/IPv4
Protocols: -DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=yes/supported
The upstream.conf
is used as an additional source if [resolve]
is active in it.
This brings me to the conclusion that in /etc/systemd/resolved.conf.d/
you can generally very easily create your own rules in your own files for different purposes. You can write everything in one file that you then call resolved.conf
, or into multiple files without using a resolved.conf
.
As long as [resolve]
is enabled within the file and some rules, for example FallbackDNS=empty
(overrides disabled systemd Blob FallbackDNS) or DNSOverTLS=yes
, are enabled.
It also uses these to find itself.
Current DNS Server:
is always what was defined in the resolved.conf
.
DNS Servers:
are all DNS servers from all files in which [resolve]
was activated, and these are automatically used as a fallback!
Who should I tell about the solution now? Everyone helped a little. But @mithrial left the tip empty. I do it FallbackDNS=empty
in my new /etc/systemd/resolved.conf.d/resolved.conf
Which was ultimately the most effective.
But @cscs showed me that you can simply write any file in there yourself. And activate it with [resolve]
.