DNS
DNS Server
Service | IPv4 | IPv6 |
---|---|---|
Quad Nine | 9.9.9.9 | 2620:fe::fe |
149.112.112.112 | 2620:fe::9 | |
Cloudflare and APNIC | 1.1.1.1 | 2606:4700:4700::1111 |
1.0.0.1 | 2606:4700:4700::1001 |
Configure systemd-resolved
The following configuration file will
- enable DNS over TLS
- DNSSEC where enabled
- use quad9 DNS servers with cloudflare as fallback
Create the configuration file /etc/systemd/resolved.conf.d/mydns.conf
with
the following content:
[Resolve]
DNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
FallbackDNS=1.1.1.1#cloudflare-dns.com
# Use the here configured DNS servers, even if a per-link DNS server sets the
# domain to ~. as well. More specific queries will go to the per-link DNS server
Domains=~.
DNSSEC=true
DNSOverTLS=yes
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
For the default options check the file /etc/systemd/resolved.conf
and the
manpage with man resolved.conf
.
Query version
dig ch version.bind txt
# or
dig ch @1.1.1.1 version.bind txt
Dump DNS Cache
If systemd-resolved
is used, you can dump the current DNS cache.
Follow the unit in the journal with:
journalctl -f -u systemd-resolved
Then dump the cache with this command.
sudo killall -USR1 systemd-resolved
Flush DNS Cache
systemd-resolve --flush-caches
Show Statistics
systemd-resolve --statistics
Monitor DNS Requests
sudo resolvectl monitor