You are not logged in.
I'm having with controlling the DNS server used when using systemd-resolved and NetworkManager. Long term I'm interested in configuring DoH and configuring DNS security. WIth the current settings, Meraki DNS is used instead of Quad9 configured in systemd-resolved.
I've verified that
/etc/resolv.conf -> /run/systemd/resolve/stub-resolv.confand have NetworkManager and systemd-resolved configured as follows:
# NetworkManager configuration: /etc/NetworkManager/NetworkManager.conf (lib: 20-connectivity.conf) (etc: mdns.conf, no_dns.conf)
[main]
# plugins=keyfile
# rc-manager=symlink
# auth-polkit=true
# dhcp=internal
dns=none
[connectivity]
uri=http://www.archlinux.org/check_network_status.txt
[logging]
# backend=journal
# audit=true
[connection]
connection.mdns=1Global
LLMNR setting: yes
MulticastDNS setting: resolve
DNSOverTLS setting: opportunistic
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 9.9.9.9
DNS Servers: 9.9.9.9
1.1.1.1
2620:fe::fe
2606:4700:4700::1111
Fallback DNS Servers: 9.9.9.10
8.8.8.8
2606:4700:4700::1111
2620:fe::10
2001:4860:4860::8888
DNSSEC NTA: 10.in-addr.arpa
.....
Link 2 (wlp59s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: resolve
DNSOverTLS setting: opportunistic
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 10.128.128.128
DNS Servers: 10.128.128.128
DNS Domain: ~.I'm also having issues with MDNS but not sure if they're related.
Thanks in advance,
Eric
Last edited by erauer (2019-10-07 22:15:06)
Offline
What's your exact question? If it's about "How to route DNS traffic to 9.9.9.9" then just remove DefaultRoute setting: yes and DNS Domain: ~. from Link 2 (wlp59s0) (reference). Or ask a more specific question, please.
Offline
My question should have been "How do I route DNS traffic to the providers configured in systemd-resolved?"
What's the best way to control the Default Route setting and DNS Domain?
I've stumbled my way into setting this per connection using
nmcli conn modify "MySSID" ipv4.ignore-auto-dns yes
but that feels clumsy.
Thanks
Offline
I'm not so proficient with NetworkManager configuration. But it looks like a best solution you can get from it. As I understood DNS Domain: ~. is automatically setup on a link with default route (and I didn't figure out from the docs#dns-priority how to disable this configuration). Therefore, you can act on the other hand without adding servers received through DHCP. What are you doing, in fact.
This is not as bad as it looks because you don’t get any other domain names anyway (am I right?) and there is no sense in using these two servers (given the global settings).
Offline