I want to set the system to send DNS queries with a custom port, not 53. I added DNS=127.0.0.1 9053 to /etc/systemd/resolved.conf and DNS=127.0.0.1:9053 to /etc/systemd/networkd.conf. But now DNS queries are sent via the default DNS with port 53. What can I do?

  • Reza Hosseinzadeh@programming.devOPEnglish
    1·
    5 days ago

    Thank you for spending your time. Yes, resolvectl status’s output is like yours in Global part, but in the end of the output there is this:

    Link 3 (wlp3s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.1
       DNS Servers: 192.168.1.1
     Default Route: yes

    As you see, wlp3s0 uses the default ISP DNS. Wireshark’s output confirms this.

    • Gyroplast@pawb.social
      3·
      5 days ago

      Yeah, that’s normal, intended, and does not prevent general lookups taking the global DNS first. Do you see an issue with this?

      I gave this setup a try real quick, to make sure I’m not overlooking something, with dnsmasq for testing on 127.0.0.1:9053:

      [gyroplast@e15g4 ~]$ dnsmasq --listen-address=127.0.0.1 --port=9053 --address=/testme.localnet/127.42.0.69 --no-daemon --no-hosts --no-poll --log-queries
dnsmasq: started, version 2.90 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
dnsmasq: warning: no upstream servers configured
dnsmasq: cleared cache

      When triggering a query on that test record, f. ex. with ping -c1 testme.localnet, you’ll see it’s directed to the dnsmasq instance and working as intended:

      dnsmasq: query[A] testme.localnet from 127.0.0.1
dnsmasq: config testme.localnet is 127.42.0.69
dnsmasq: query[AAAA] testme.localnet from 127.0.0.1
dnsmasq: config error is REFUSED (EDE: not ready)
dnsmasq: query[AAAA] testme.localnet from 127.0.0.1
dnsmasq: config error is REFUSED (EDE: not ready)

      The DNS setup with systemd-resolved is pretty confusing, and outright contradicts many, MANY previously correct instructions of how to set your /etc/resolv.conf. I’m not surprised if it is giving you a headache right now, but all I can say is to diligently work through its configuration, and understand how systemd-resolved is supposed to work. From experience, make sure your tests are sound and representative, or you’ll continue looking for errors in your setup despite everything actually working just fine, maybe because you missed a reload or had a typo or misunderstanding in your wireshark filter.

      In the same vein, make sure your DNS listening on :9053 is really working as intended, otherwise you can bark up the wrong tree all day long. Debug logging is your friend, and more accessible and less error prone than tcpdump/wireshark.

      You’ll figure it out from here, I’m sure.

        • Gyroplast@pawb.social
          2·
          5 days ago

          Wise decision! Best of luck for when you give it another try, with fresh eyes and a clear mind, and enjoy your XP gain dopamine on the way.