Systemd/resolved: Difference between revisions

Revision as of 05:49, 21 September 2025

systemd-resolved is a systemd service that provides network name resolution to local applications via a D-Bus interface, the resolve NSS service (nss-resolve(8)), and a local DNS stub listener on 127.0.0.53. See systemd-resolved(8) for the usage.

Configuration Example: Enforce secure DNS

The following configuration configures resolved daemon to use the public DNS resolver provided by Cloudflare. DNSSEC and DNS-over-TLS is enabled for authenticity and encryption.

Warning: This config snippet will break most captive portals like those of public or hotel wifi access points, resulting in inability to gain internet access through such access points.

networking.nameservers = [
  "1.1.1.1"
  "1.0.0.1"
];

services.resolved = {
  enable = true;
  dnssec = "true";
  domains = [ "~." ];
  fallbackDns = [
    "1.1.1.1"
    "1.0.0.1"
  ];
  dnsovertls = "true";
};

@@ Line 3: / Line 3: @@
 [https://www.freedesktop.org/software/systemd/man/systemd-resolved.html systemd-resolved] is a [[systemd]] service that provides network name resolution to local applications via a D-Bus interface, the resolve NSS service (nss-resolve(8)), and a local DNS stub listener on 127.0.0.53. See systemd-resolved(8) for the usage.
-== Configuration ==
+== Configuration Example: Enforce secure DNS ==
 The following configuration configures resolved daemon to use the public DNS resolver provided by [https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/ Cloudflare]. DNSSEC and DNS-over-TLS is enabled for authenticity and encryption.
+Warning: This config snippet will break most captive portals like those of public or hotel wifi access points, resulting in inability to gain internet access through such access points.
 <syntaxhighlight lang="nix">