[nmglug] DNS servers

Anthony J. Bentley anthony at anjbe.name
Sun Dec 9 13:36:38 PST 2018


Hi Tom,

Tom Ashcraft writes:
> Anyone know how to set up CloudFlare DNS on a home computer running Kubuntu 
> 18.04?

I just gave this a shot with Kubuntu in a VM. My solution is at the end
of this mail: modify /etc/systemd/resolved.conf and restart resolved.
The rest of the mail explains how I got there.

Despite my expectations, editing the System Settings/Network/Connections
menu in Kubuntu did not seem to have any effect on the machine. Instead,
systemd seems to have its own idea of how to resolve DNS... and it's
very opinionated.

First, I made sure systemd-resolved was running, by checking the output
of "systemctl status systemd-resolved": it showed a green "light" and
this output line (among many others):

   Status: "Processing requests..."

So I was confident that systemd is what's actually doing name
resolution by default on Kubuntu 18.04. Even moreso when I ran
"nslookup example.com" (nslookup being a non-systemd tool that I use
practically every day) and it mentioned 127.0.0.53, widely known as
systemd's default stub resolver. And a third indicator, for good
measure: "file /etc/resolv.conf" revealed the system nameserver config
file to be a symlink to /var/run/systemd/resolve/stub-resolv.conf.

So to use Cloudflare ourselves, we need to tell this stub resolver to
use Cloudflare. "systemd-resolve --status" prints the nameservers and
settings used by the stub resolver. Even after I had changed the network
settings in Kubuntu's "System Settings" menu to Cloudflare, there was no
sign of it in this status output, which was pretty discouraging.

The configuration is stored in /etc/systemd/resolved.conf and documented
in its manpage (https://www.freedesktop.org/software/systemd/man/resolved.conf.html).
I uncommented the DNS line and added the Cloudflare IP addresses, and
also disabled DNSSEC, since in my opinion it's not yet trouble-free
enough to be used on a normal desktop.

The result was the following resolved.conf:

[Resolve]
DNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
DNSSEC=no

One "sudo systemctl restart systemd-resolved" later, and everything
was working. Now "systemd-resolve --status" prints the Cloudflare
DNS servers, so I'm reasonably sure it's using Cloudflare for name
resolution.

-- 
Anthony J. Bentley


More information about the nmglug mailing list