How do I remove the default DNS fallback blob from systemd?

Good day and/or evening.
Does anyone know how to completely remove or replace the Google and Cloudflare DNS fallback from systemd?
There is no fallback activated in the file:

/etc/systemd/resolved.conf

So why is it that after the command:
resolvectl status

“Current DNS Server” is what I entered curently as the active DNS myself via:
/etc/systemd/resolved.conf.d/upstream.conf

I haven’t defined a fallback myself yet because I understood that he would simply select another one from my upstream.conf
And now that he’s rubbed this blob in my face, I’m going to make it my own private matter and want to remove it completely before I define a fallback myself. :roll_eyes:

Does anyone have any idea how?

By the way, I set DNS and systemd-resolved to false in
/etc/NetworkManager/conf.d/nodns.conf


  GNU nano 8.1                       /etc/NetworkManager/conf.d/nodns.conf                                   
[main]
dns=none
systemd-resolved=false

This was advised to me in a DNS tutorial.

You can add a drop-in (override) and set FallbackDNS= (empty).

1 Like

In which file?
Where is the configuration file for the fallback actually located? I would like to have it completely out or off.

Those are compile time defaults.
It even says so in the file.
If you don’t change them, this is what will be.

remove the # in front of the line and put your own - or leave empty
(don’t know what will happen when empty - no fallback would be my guess)

Here is the setting, if you want to compile systemd yourself:

I’ll find out. And then tell you how I did it.

I use the fallback (with systemd-resolved) as

/etc/systemd/resolved.conf.d/fallback_dns.conf

[Resolve]
FallbackDNS=1.1.1.1 1.0.0.1
Domains=~.
3 Likes

Remove the # in the FallbackDNS line and delete the rest of the line after =

I now understand a little more about resolved configuration.
When @Nachlese pointed me to the description within
/etc/systemd/resolved.conf, I followed the description.
It says that you should create a resolved.conf in /etc/systemd/resolved.conf.d/.

So I created it and equipped it with the standard drop-ins and my own DNS servers.

  GNU nano 8.1                     /etc/systemd/resolved.conf.d/resolved.conf                                
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/resolved.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.

[Resolve]
#Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
#
#DNS=
FallbackDNS=empty
#Domains=
DNSSEC=yes
DNSOverTLS=yes
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0

I also activated a special DNS there to understand which configuration file Resolved prefers when it makes a DNS query.
Because in /etc/systemd/resolved.conf.d/ I still had my upstream.conf in which I also activated [resolve].

Now I know that systemd prefers /etc/systemd/resolved.conf.d/resolved.conf over the upstream.conf or other files stored there.

This now shows us resolvectl status

$ resolvectl status                                                                          ✔ 
Global
         Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=yes/supported
  resolv.conf mode: foreign
Current DNS Server: 78.46.244.143#dot-de.blahdns.com
       DNS Servers: 78.46.244.143#dot-de.blahdns.com 45.91.92.121#dot-ch.blahdns.com
                    185.95.218.42#dns.digitale-gesellschaft.ch 185.95.218.43#dns.digitale-gesellschaft.ch

Link 2 (enp4s0)
    Current Scopes: LLMNR/IPv4 mDNS/IPv4
         Protocols: -DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=yes/supported

The upstream.conf is used as an additional source if [resolve] is active in it.
This brings me to the conclusion that in /etc/systemd/resolved.conf.d/ you can generally very easily create your own rules in your own files for different purposes. You can write everything in one file that you then call resolved.conf, or into multiple files without using a resolved.conf.

As long as [resolve] is enabled within the file and some rules, for example FallbackDNS=empty (overrides disabled systemd Blob FallbackDNS) or DNSOverTLS=yes, are enabled.
It also uses these to find itself.

Current DNS Server: is always what was defined in the resolved.conf.
DNS Servers: are all DNS servers from all files in which [resolve] was activated, and these are automatically used as a fallback!

Who should I tell about the solution now? Everyone helped a little. But @mithrial left the tip empty. I do it FallbackDNS=empty in my new /etc/systemd/resolved.conf.d/resolved.conf
Which was ultimately the most effective.

But @cscs showed me that you can simply write any file in there yourself. And activate it with [resolve].

Please do not provide screenshots of text - let alone screenshots of default configuration files.

Do not post images or screenshots as part of your topic. The forum is a technical forum not an image gallery.
Forum Rules - Manjaro

Please remove all those unnecessary scrrenshots.

I changed it. :blush:
@linux-aarhus I can remove the screenshots from my main post, but I no longer have the original errors, so I can no longer insert them as text.

Just to clarify, the line should be

FallbackDNS=

(Not “empty” but literally empty)

Yes, but both work. I see empty as a note.

systemd sees “empty” as an invalid configuration option. Just leave it blank after FallbackDNS=

1 Like

:hugs: It doesn’t hurt anyone. Ouch… :smiling_face_with_tear:
And I know that. :woman_factory_worker:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.