Disabling systemd-resolvd service on Ubuntu systems

Posted on by

What is systemd-resolved?

systemd-resolved acts as a systemd based DNS proxy system which has intelligent request handling both from a D-BUS interface as well as a DNS server to intercept traditional network lookups.

It performs this task by setting a single localhost address in the /etc/resolv.conf file (really symbolic linked to another static file managed by systemd-resolved).

This can be very useful, in situations where you intend to perform lookups against different interfaces with different sets of resolvers (say one set of resolvers for your VPN, and another set of resolvers for your local ISP.

If your local ISP, or another Internet routeable host is set as your resolver, it’s possible that your ISP could continue to receive DNS request data through the VPN. Which could be used to unmask your connection, making you no longer anonymous (theoretically).

That’s great and very useful, however systemd-resolved adds another layer of lookup cruft in something that needs to be extremely fast.

Additionally it adds local logging capability of all of your DNS request traffic which could be something you’re not interested in.

Because of these performance problems, and seemingly unreliable service I’ve disabled the service on my laptops and carefully manage my DNS settings, especially when on foreign networks or networks which I don’t directly control the lookup path from system to root servers.

Here’s the quick and dirty on how to do it

Disable systemd-resolved service

ubuntu@laptop:~$ sudo systemctl disable systemd-resolved.service
ubuntu@laptop:~$ sudo service systemd-resolved stop

Reconfigure the NetworkManager

Open the NetworkManager configuration fileĀ  /etc/NetworkManager/NetworkManager.conf

Find and modify or add a new — dns key in the [main] section of the configuration file and set the value to default.

[main]
dns=default

Clean up

Remove the existing symbolic link called /etc/resolv.conf (don’t worry this file will be regenerated by NetworkManager on restart

ubuntu@laptop:~$ sudo rm /etc/resolv.conf

Restart NetworkManager

Now restart the NetworkManager service

ubuntu@laptop:~$ sudo service network-manager restart

Verify that your resolver works

Check that NetworkManager recreated the /etc/resolv.conf file and that it contains the DNS entries which match your network configuration

ubuntu@laptop:~$ cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 10.10.0.1
nameserver 10.10.0.2
ubuntu@laptop:~$

You should also be able to ping Google.com

Leave a Reply

Your email address will not be published. Required fields are marked *