Jump to content

systemd-resolved

From NixOS Wiki
Revision as of 05:49, 21 September 2025 by DavHau (talk | contribs) (Mention that the given example config breaks captive portals)

systemd-resolved is a systemd service that provides network name resolution to local applications via a D-Bus interface, the resolve NSS service (nss-resolve(8)), and a local DNS stub listener on 127.0.0.53. See systemd-resolved(8) for the usage.

Configuration Example: Enforce secure DNS

The following configuration configures resolved daemon to use the public DNS resolver provided by Cloudflare. DNSSEC and DNS-over-TLS is enabled for authenticity and encryption.

Warning: This config snippet will break most captive portals like those of public or hotel wifi access points, resulting in inability to gain internet access through such access points. 

networking.nameservers = [
  "1.1.1.1"
  "1.0.0.1"
];

services.resolved = {
  enable = true;
  dnssec = "true";
  domains = [ "~." ];
  fallbackDns = [
    "1.1.1.1"
    "1.0.0.1"
  ];
  dnsovertls = "true";
};
Retrieved from "https://wiki.nixos.org/w/index.php?title=Systemd/resolved&oldid=26470"