How and why (not) to use the 127.0.0.53 nameserver, systemd-resolved and resolvctl

How and why (not) to use the 127.0.0.53 nameserver, systemd-resolved and resolvctl

FOSDEM 2019

Resolved is a local, caching, DNS nameserver resolver and is used by default on Ubuntu. This talk's goals is to de-mystify how it works and what it does by default on Ubuntu, and how one can further configure it to either not get in the way, or do even more cool things. We will discuss how it can be used (nss, dbus, over the network, command-line, text-configs) and how to configure it (config files, command line, resolvconf, dbus, networkd, network-manager). We will cover advanced use cases for per-interface nameservers, true split-dns configuration, and optional features such as DNSSEC MDNS Zeroconf. Last we will discuss bugs, DNS violations and diss captive portals.

Talk outline

= Fantastic DNS records and where to find them =

Demystifying systemd-resolved and how it is integrated on Ubuntu

== What is systemd-resolved? ==

• Local, caching nameserver resolver
• Nss-module, dbus-interface, command-line tool, networked daemon
• Per-connection nameservers

== How can one integrate systemd-resolved on the system? ==

• Nss
• Resolv.conf symlinks

== How to update resolved nameservers ==

• Netplan.io / NetworkManager / Networkd
• Dbus
• Systemd-resolved / Resolvctl
• Resolvconf
• Read resolv.conf

== Ubuntu defaults ==

• Things we do by default
• Divergent defaults from upstream applied

== Fun stuff ==

• Dnssec
• Mdns
• Zeroconf
• Split DNS ~

== Bugs ==

• Edns0 is sad
• Captive portals are sad
• Abuse of Option 15 for multiple domains
• MDNS taking too long
• Domain-less searches are not forwarded

Speakers: Dimitri John Ledkov