Bind and systemd-resolved
Nick Tait
nick at tait.net.nz
Sun May 1 04:38:05 UTC 2022
Hi list.
I'm not 100% sure, but I wonder if disabling systemd-resolved may create
issues if, for example, you are using netplan with systemd-networkd as
the renderer? E.g. Will it still be possible to pick up DNS servers from
IPv6 router advertisements?
A lower impact (and IMHO more future-proof) alternative to disabling
systemd-resolved completely, is to simply turn off the stub resolver?
That can be achieved by creating a file under
/etc/systemd/resolved.conf.d (e.g. 00-local.conf) containing:
[Resolve]
DNSStubListener=no
BTW There are some other useful settings that can be configured here.
Check out "man resolved.conf" for details. FWIW The configuration that I
use contains:
[Resolve]
FallbackDNS=/<list IPv4 DNS servers because I don't want it to fall-back to
Google DNS servers>/
DNSSEC=yes
DNSStubListener=no
NB: After making changes to the configuration run "systemctl restart
systemd-resolved". Use "resolvectl status" to see current settings.
Thanks,
Nick.
On 23/04/22 03:50, Ondřej Surý wrote:
> I think you also might want to mask the service:
>
> https://fedoramagazine.org/systemd-masking-units/
>
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do
> not feel obligated to reply outside your normal working hours.
>
>> On 22. 4. 2022, at 17:20, Randy Bush <randy at psg.com> wrote:
>>
>> sudo systemctl disable systemd-resolved.service
>> sudo service systemd-resolved stop
>> --
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220501/738e15e5/attachment.htm>
More information about the bind-users
mailing list