Bind and systemd-resolved

Nick Tait nick at tait.net.nz
Sun May 1 04:38:05 UTC 2022 

Hi list.

I'm not 100% sure, but I wonder if disabling systemd-resolved may create 
issues if, for example, you are using netplan with systemd-networkd as 
the renderer? E.g. Will it still be possible to pick up DNS servers from 
IPv6 router advertisements?

A lower impact (and IMHO more future-proof) alternative to disabling 
systemd-resolved completely, is to simply turn off the stub resolver? 
That can be achieved by creating a file under 
/etc/systemd/resolved.conf.d (e.g. 00-local.conf) containing:

    [Resolve]
    DNSStubListener=no

BTW There are some other useful settings that can be configured here. 
Check out "man resolved.conf" for details. FWIW The configuration that I 
use contains:

    [Resolve]
    FallbackDNS=/<list IPv4 DNS servers because I don't want it to fall-back to
    Google DNS servers>/
    DNSSEC=yes
    DNSStubListener=no

NB: After making changes to the configuration run "systemctl restart 
systemd-resolved". Use "resolvectl status" to see current settings.

Thanks,

Nick.


On 23/04/22 03:50, Ondřej Surý wrote:
> I think you also might want to mask the service:
>
> https://fedoramagazine.org/systemd-masking-units/
>
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do 
> not feel obligated to reply outside your normal working hours.
>
>> On 22. 4. 2022, at 17:20, Randy Bush <randy at psg.com> wrote:
>>
>>    sudo systemctl disable systemd-resolved.service
>>    sudo service systemd-resolved stop
>> -- 
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list
>>
>> ISC funds the development of this software with paid support 
>> subscriptions. Contact us at https://www.isc.org/contact/ for more 
>> information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220501/738e15e5/attachment.htm>

More information about the bind-users mailing list