Hello everyone,
I would like to hear some peoples opinion on switching over to systemd-resolved for handling the DNS part of the PinePhone.
First of all, why switch and what would be the benefits:
-
Standardize DNS handling across different distributions.
Ubuntu is already using systemd-resolved since version 16.10. Fedora joined this since release 33, and probably more will follow. Standardizing on upstream systemd services is beneficial to the broader Linux ecosystem, since standardizing reduces behavior differences between different Linux distributions. -
Resolvectl:
Powerfull control over the DNS Backend, using the tool resolvectl. For example you can check the status on DNS servers across the different interfaces using ‘resolvectl status’ -
Caching
Systemd-resolved will, for a short period of time, cache DNS requests to speed up frequently handled DNS requests. This is particularly handy for applications which do not cache their own DNS requests. Normally only browsers do. -
Split DNS
Each interface will use it’s own DNS server. Systemd-resolved will make sure that DNS requests from each interface will only be handled by the corresponding DNS interface. This is particularly handy when dealing with VPNs, as this prevents the phenomenon DNS Leaking. Also when using multiple VPN’s, this split DNS is handy to make sure you can resolve DNS requests which would be inside certain VPN domains, because each VPN will be a interface on it’s own, and therefore use it’s own DNS servers. -
DNS over TLS
Systemd-resolved supports using DNS over TLS. If your provider offers this ability, you can configure systemd-resolved to make use of this, to encrypt the DNS request handling. This provides more security.
How to test it:
The service is already installed in both Phosh and PlaMo edition, but is disabled by default.
It’s easy to enable it, just by executing the following two commands:
sudo systemctl enable systemd-resolved
sudo systemctl start systemd-resolved
After enabling the service you need to do the following steps to make systemd-resolved handle DNS requests on your system:
sudo rm /etc/resolv.conf
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Reboot the system, and voila you’re using systemd-resolved as DNS backend.
Let me know your thoughts about it, and when you test it let me know your experience with it.