Taming systemd-resolved: Tips for Troubleshooting and Customizing DNS Resolution on Linux -

Introduction to systemd-resolved

I’ve been using systemd-resolved for a while now, and I have to say, it’s a big improvement over traditional DNS resolvers. As of 2026, many Linux distributions, including Ubuntu, Debian, and Fedora, have adopted systemd-resolved as the default DNS resolver. While it offers several benefits, including improved security and performance, some users may encounter issues or require customization to suit their specific needs. Don’t bother with trying to disable it, though - it’s usually worth the effort to get it working right.

Understanding How systemd-resolved Works

systemd-resolved uses a combination of DNS resolvers, including the system’s configured DNS servers, to resolve domain names. It also supports DNS over TLS (DoT) and DNS over HTTPS (DoH) for encrypted DNS resolution. By default, systemd-resolved will use the DNS servers configured in /etc/systemd/resolved.conf or those provided by the system’s DHCP server. I usually start with checking the current DNS resolver configuration using the following command:

resolvectl status

This will display the current DNS resolver configuration, including the DNS servers being used. The real trick is to make sure you understand what you’re looking at - it can be a bit overwhelming at first.

Troubleshooting Common Issues

One common issue with systemd-resolved is DNS resolution failures. If you’re experiencing issues with DNS resolution, you can try the following:

Check the systemd-resolved logs for errors: journalctl -u systemd-resolved
Verify the DNS resolver configuration: resolvectl status
Try resolving a domain name manually: resolvectl query example.com

If you’re still experiencing issues, you can try disabling DNS over TLS (DoT) or DNS over HTTPS (DoH) to see if it resolves the problem. This is where people usually get burned - they don’t realize that DoT and DoH can sometimes cause issues.

Customizing DNS Resolution

systemd-resolved allows for customization of DNS resolution through the /etc/systemd/resolved.conf configuration file. You can modify this file to specify custom DNS servers, disable DNS over TLS (DoT) or DNS over HTTPS (DoH), or configure other DNS resolution settings. For example, to specify custom DNS servers, you can add the following lines to /etc/systemd/resolved.conf:

[Resolve]
DNS=1.1.1.1 8.8.8.8

Replace 1.1.1.1 and 8.8.8.8 with your desired DNS server IP addresses. After modifying the configuration file, you’ll need to restart the systemd-resolved service to apply the changes:

sudo systemctl restart systemd-resolved

In practice, this is usually a straightforward process, but it’s easy to mess up if you’re not careful.

Using resolvectl

resolvectl is a command-line tool provided by systemd-resolved for managing DNS resolution. You can use resolvectl to query DNS records, configure DNS servers, and troubleshoot DNS resolution issues. For example, to query the IP address of a domain name, you can use the following command:

resolvectl query example.com

This will display the IP address of the specified domain name. You can also use resolvectl to configure DNS servers or modify other DNS resolution settings. For more information on using resolvectl, you can refer to the systemd-resolved documentation on the systemd.io website.

Security Considerations

When customizing DNS resolution, it’s essential to consider security implications. Using DNS over TLS (DoT) or DNS over HTTPS (DoH) can provide an additional layer of security by encrypting DNS traffic. However, it’s crucial to ensure that the DNS servers you’re using are trustworthy and configured correctly. I’ve seen this go wrong when people use untrusted DNS servers - it’s a recipe for disaster. You can also use tools like dnsviz to verify the security of your DNS configuration.

Taming systemd-resolved: Tips for Troubleshooting and Customizing DNS Resolution on Linux