systemd provides a address name resolution (DNS) daemon which can be used in conjunction with systemd-networkd.
Usage
Service
To have systemd manage address name resolution, replace /etc/resolv.conf file with a symlink to systemd-resolved's stub resolver and (re)start the systemd-resolved service:
root #ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
root #systemctl enable --now systemd-resolved.service
Note
The target path with ../ at the start is relative to the link location, not necessarily to the current directory.
resolvectl
A resolvectl user space utility exists to control the name resolution manager for systems running systemd-resolved.
user $resolvectl --help
Expandresolvectl [OPTIONS...] COMMAND ...
Send control commands to the network name resolution manager, or
resolve domain names, IPv4 and IPv6 addresses, DNS records, and services.
Commands:
query HOSTNAME|ADDRESS... Resolve domain names, IPv4 and IPv6 addresses
service [[NAME] TYPE] DOMAIN Resolve service (SRV)
openpgp EMAIL@DOMAIN... Query OpenPGP public key
tlsa DOMAIN[:PORT]... Query TLS public key
status [LINK...] Show link and server status
statistics Show resolver statistics
reset-statistics Reset resolver statistics
flush-caches Flush all local DNS caches
reset-server-features Forget learnt DNS server feature levels
monitor Monitor DNS queries
dns [LINK [SERVER...]] Get/set per-interface DNS server address
domain [LINK [DOMAIN...]] Get/set per-interface search domain
default-route [LINK [BOOL]] Get/set per-interface default route flag
llmnr [LINK [MODE]] Get/set per-interface LLMNR mode
mdns [LINK [MODE]] Get/set per-interface MulticastDNS mode
dnsovertls [LINK [MODE]] Get/set per-interface DNS-over-TLS mode
dnssec [LINK [MODE]] Get/set per-interface DNSSEC mode
nta [LINK [DOMAIN...]] Get/set per-interface DNSSEC NTA
revert LINK Revert per-interface configuration
log-level [LEVEL] Get/set logging threshold for systemd-resolved
Options:
-h --help Show this help
--version Show package version
--no-pager Do not pipe output into a pager
-4 Resolve IPv4 addresses
-6 Resolve IPv6 addresses
-i --interface=INTERFACE Look on interface
-p --protocol=PROTO|help Look via protocol
-t --type=TYPE|help Query RR with DNS type
-c --class=CLASS|help Query RR with DNS class
--service-address=BOOL Resolve address for services (default: yes)
--service-txt=BOOL Resolve TXT records for services (default: yes)
--cname=BOOL Follow CNAME redirects (default: yes)
--validate=BOOL Allow DNSSEC validation (default: yes)
--synthesize=BOOL Allow synthetic response (default: yes)
--cache=BOOL Allow response from cache (default: yes)
--zone=BOOL Allow response from locally registered mDNS/LLMNR
records (default: yes)
--trust-anchor=BOOL Allow response from local trust anchor (default:
yes)
--network=BOOL Allow response from network (default: yes)
--search=BOOL Use search domains for single-label names (default:
yes)
--raw[=payload|packet] Dump the answer as binary data
--legend=BOOL Print headers and additional info (default: yes)
--json=MODE Output as JSON
-j Same as --json=pretty on tty, --json=short
otherwise
See the resolvectl(1) man page for details.
See also
External resources
