systemd-resolved.service disabled? KDE + NetworkManager + DNSCrypt

Utini · 2023-12-07 09:06:19

Hi everyone,
I just noticed I have systemd-resolved.service disabled on my machine and I can't figure out if I did that manually or if that is disabled out of the box.
I am running KDE + Wayland so it comes with NetworkManager.
Additionally I installed and configured DNSCrypt to be used as resolver + cache.

I have no started the service (not enabled) to test it for a day and didn't notice anything bad happening.
I also tried looking in the wiki for all pages mentioning "systemd-resolved" and couldn't find any page that recommends/advises it (e.g. as a workaround for some problem).

Anything else I could check?
Should I keep it disabled or enable it?

Thanks!

V1del · 2023-12-07 09:21:10

Very little is enabled by default on an Arch system, that's somewhat the point. So yes that it is disabled is normal. Whether you need or want it is up to you. One of the "main" reasons someone could want it outside of it's DNS resolver role is for the implementation of mDNS/Zeroconf which soem tools use for local device/service discovery (you could also use and is somewhat the older precursor of this - Avahi for that) so that e.g. network/samba shares are autodiscovered as well as local hostname resolution (you can resolve local network devices implementing this with hostname.local instead of via IP address for example)

nl6720 · 2023-12-07 10:16:31

systemd-resolved can be useful for NetworkManager when using a VPN to ensure conditional forwarding works (so that both VPN and non-VPN connections use the correct DNS server).

Utini · 2023-12-07 16:36:42

V1del wrote:

Very little is enabled by default on an Arch system, that's somewhat the point. So yes that it is disabled is normal. Whether you need or want it is up to you. One of the "main" reasons someone could want it outside of it's DNS resolver role is for the implementation of mDNS/Zeroconf which soem tools use for local device/service discovery (you could also use and is somewhat the older precursor of this - Avahi for that) so that e.g. network/samba shares are autodiscovered as well as local hostname resolution (you can resolve local network devices implementing this with hostname.local instead of via IP address for example)

Thanks! It sounds like I want this to make common working easier and less like to behave like I would want it (click on it, see shares, work with them, not having to troubleshoot why what where who).
Although so far I didn't miss anything without the service enabled either

But it probably means that I have to give up dnscrypt.. which is usually something that can break this (captive portal, corporate network usage,...).
In terms of security it probably isn't a huge step backwards when switching from dnscrypt to e.g. DoH.

Utini · 2023-12-07 16:37:29

nl6720 wrote:

systemd-resolved can be useful for NetworkManager when using a VPN to ensure conditional forwarding works (so that both VPN and non-VPN connections use the correct DNS server).

That sounds interesting since I work 95% with one VPN enabled to route part of my connections. Thanks!

But then as mentioned above to V1del already:
Tt probably means that I have to give up dnscrypt.. which is usually something that can break this (captive portal, corporate network usage,...).
In terms of security it probably isn't a huge step backwards when switching from dnscrypt to e.g. DoH.

nl6720 · 2023-12-07 16:54:18

Unfortunately there's no easy way to use dnscrypt together with NetworkManager+systemd-resolved. In theory you should be able to specify dnscrypt-proxy's address as the global DNS server in NetworkManager settings, but, like the note in https://wiki.archlinux.org/title/Networ … NS_servers says, for whatever reason they do not get sent to systemd-resolved, so that won't work.

Utini · 2023-12-07 21:00:32

nl6720 wrote:

Unfortunately there's no easy way to use dnscrypt together with NetworkManager+systemd-resolved. In theory you should be able to specify dnscrypt-proxy's address as the global DNS server in NetworkManager settings, but, like the note in https://wiki.archlinux.org/title/Networ … NS_servers says, for whatever reason they do not get sent to systemd-resolved, so that won't work.

Just as I wanted to switch and remove DNSCrypt I am reading that systemd-resolved doesn't support DoH (only DoT).
DoT gets blocked more often in public networks from my experience.

Arch Linux

#1 2023-12-07 09:06:19

systemd-resolved.service disabled? KDE + NetworkManager + DNSCrypt

#2 2023-12-07 09:21:10

Re: systemd-resolved.service disabled? KDE + NetworkManager + DNSCrypt

#3 2023-12-07 10:16:31

Re: systemd-resolved.service disabled? KDE + NetworkManager + DNSCrypt

#4 2023-12-07 16:36:42

Re: systemd-resolved.service disabled? KDE + NetworkManager + DNSCrypt

#5 2023-12-07 16:37:29

Re: systemd-resolved.service disabled? KDE + NetworkManager + DNSCrypt

#6 2023-12-07 16:54:18

Re: systemd-resolved.service disabled? KDE + NetworkManager + DNSCrypt

#7 2023-12-07 21:00:32

Re: systemd-resolved.service disabled? KDE + NetworkManager + DNSCrypt

Board footer