Troubleshooting Slow DNS Lookups with systemd-resolved and resolvectl

Introduction to Troubleshooting Slow DNS Lookups

I’ve seen slow DNS lookups bring Linux systems to a crawl, and with our increasing reliance on online services, efficient DNS resolution is crucial. This article focuses on troubleshooting slow DNS lookups using systemd-resolved and resolvectl, which are integral to many modern Linux distributions.

Understanding systemd-resolved

systemd-resolved is a system service that provides DNS resolution, replacing traditional implementations like glibc’s resolver. It offers improved security, better DNSSEC handling, and efficient management of multiple DNS servers. To check if it’s running on your system, use:

systemctl status systemd-resolved

This command shows the current status of the systemd-resolved service.

Using resolvectl for DNS Troubleshooting

resolvectl is a powerful command-line utility for querying and controlling systemd-resolved. It’s great for troubleshooting DNS issues, including slow lookups. With resolvectl, you can query current DNS servers, flush caches, perform manual lookups, and manage DNS over TLS (DoT) and DNS over HTTPS (DoH) settings. To see the current DNS servers, use:

resolvectl status

This command displays information about the current DNS servers, including their IP addresses and protocols in use.

Troubleshooting Slow DNS Lookups

Slow DNS lookups can be caused by network issues, incorrect DNS server configuration, or DNS cache problems. To troubleshoot, follow these steps:

1. Check DNS Server Configuration: Ensure you’re using reliable and fast DNS servers. Check the current servers with resolvectl status.
2. Flush DNS Cache: Flushing the cache can resolve issues. Use resolvectl flush-caches to clear the cache.
3. Perform a Manual DNS Lookup: Use resolvectl query <domain> to perform a manual lookup and identify if the issue is with the DNS server or your system’s configuration.
4. Check for Network Issues: Ensure your internet connection is stable and not causing the slowdown.

Security Considerations

When configuring DNS settings, security is key. Using DoT or DoH can enhance privacy by encrypting DNS queries. systemd-resolved supports both, and you can configure these settings using resolvectl. For example, to enable DoT for a specific DNS server, use:

resolvectl dns <interface> <dns-server> +dot

Replace <interface> with the network interface (e.g., eth0) and <dns-server> with the IP address of the DNS server.

Additional Tips and Tools

• Use Reliable DNS Servers: Choose servers known for their speed and reliability, like Cloudflare DNS and Google Public DNS.
• Monitor DNS Performance: Tools like dig and dnsperf can help you monitor DNS performance and identify bottlenecks.
• Keep systemd-resolved Updated: Ensure systemd-resolved and related packages are up to date to benefit from the latest features and security patches.

For more information, visit the systemd.io website, which provides detailed documentation and guides on using these tools.

See also

• Taming systemd-resolved: Avoiding DNS Leaks and Surprises with Split DNS Configurations
• Using systemd to Manage and Rotate Log Files Without Running Out of Disk Space
• Taming systemd-resolved: Tips for Troubleshooting and Customizing DNS Resolution on Linux
• Using rsync and systemd to Automate Offsite Backups of Selected Config Files and User Data
• Troubleshooting Broken Dependencies After Adding a Third-Party Repository