[PinePhone Discussion] Using systemd-resolved as DNS backend

Hello everyone,

I would like to hear some peoples opinion on switching over to systemd-resolved for handling the DNS part of the PinePhone.
First of all, why switch and what would be the benefits:

  1. Standardize DNS handling across different distributions.
    Ubuntu is already using systemd-resolved since version 16.10. Fedora joined this since release 33, and probably more will follow. Standardizing on upstream systemd services is beneficial to the broader Linux ecosystem, since standardizing reduces behavior differences between different Linux distributions.

  2. Resolvectl:
    Powerfull control over the DNS Backend, using the tool resolvectl. For example you can check the status on DNS servers across the different interfaces using ‘resolvectl status’

  3. Caching
    Systemd-resolved will, for a short period of time, cache DNS requests to speed up frequently handled DNS requests. This is particularly handy for applications which do not cache their own DNS requests. Normally only browsers do.

  4. Split DNS
    Each interface will use it’s own DNS server. Systemd-resolved will make sure that DNS requests from each interface will only be handled by the corresponding DNS interface. This is particularly handy when dealing with VPNs, as this prevents the phenomenon DNS Leaking. Also when using multiple VPN’s, this split DNS is handy to make sure you can resolve DNS requests which would be inside certain VPN domains, because each VPN will be a interface on it’s own, and therefore use it’s own DNS servers.

  5. DNS over TLS
    Systemd-resolved supports using DNS over TLS. If your provider offers this ability, you can configure systemd-resolved to make use of this, to encrypt the DNS request handling. This provides more security.

How to test it:
The service is already installed in both Phosh and PlaMo edition, but is disabled by default.
It’s easy to enable it, just by executing the following two commands:
sudo systemctl enable systemd-resolved
sudo systemctl start systemd-resolved

After enabling the service you need to do the following steps to make systemd-resolved handle DNS requests on your system:
sudo rm /etc/resolv.conf
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Reboot the system, and voila you’re using systemd-resolved as DNS backend.

Let me know your thoughts about it, and when you test it let me know your experience with it.

I have had problems with it in the past and for a time used openresolv in different hacky ways.
but …
it is quickly becoming the new standard … and most of the things that you want to work well, like VPNs erecting firewalls and dynamically switching not just the connection but also the DNS, will use systemd-resolved as the bedrock for most modern clients. This will likely only become more true over time.

I agree that unless there is a very specific reason, the focus should be on adopting this as default.