5

I recently run into an apparent DNS resolution issue which I documented here and this led me to investigate /etc/resolv.conf further.

On my Linux Mint machine, this is a symlink that points to /run/systemd/resolve/stub-resolv.conf and whose contents are:

nameserver 127.0.0.53
options edns0 trust-ad

The file actually contains far more comment lines advising admins not to change its contents (which I had to do in the end to solve my original problem).

After researching around I think I understood that modern Linux systems use a new resolveconf package although, very disconcertingly, sudo apt changelog resolvconf reveals that the latest version, 1.82, is unstable.

My understanding is that 127.0.0.53 is redirecting DNS requests to resolveconf which in turn will do the necessary lookups. Could someone please confirm this?

This post claims that is is possible to create a file with alternative DNS servers which then, via sudo resolvconf -u, would update /etc/resolv.conf. Well, in version 1.82 this command does not exist. man resolvconf shows that the closest would be resolvectl but the page does not show any such -u option nor does it make any mention of the base file suggested. Have things changed again or was the comment in that post simply wrong?

My temporary shortcut is to remove the symlink /etc/resolv.conf and create a file with the same name and my choice of DNS servers but I suppose this completely renders the resolveconf package useless with potentially other negative side effects. Therefore I revert my hack straight after doing what I needed. In the meantime I am searching further clarity and I hope someone can shed some light here.

Improve this question
1
  • "sudo apt changelog resolvconf reveals that the latest version, 1.82, is unstable." - No, it isn't. resolvconf (1.82) unstable; urgency=medium means this version was uploaded to unstable, which is a Debian (and, more relevant for you, Ubuntu) distribution. It's the normal distribution to upload to, from where it'll trickle down to testing and later stable distributions. Seeing unstable in that field is perfectly normal; in fact, seeing anything else there is the exception. It does not indicate anything about the stability of a package. Commented Mar 17, 2022 at 19:19

2 Answers 2

Reset to default
8

resolvconf was/is a tool designed to allow updates to /etc/resolv.conf file from multiple sources (e.g. DHCP, static configuration by sysadmin, VPN clients, installation of a local DNS server...) in a way that allows the settings from each source to be reverted without interference to the other sources. It also allows setting priorities for each DNS configuration source, so that whenever there are more than three DNS server candidates, only the top three candidates will get chosen.

(Unless DNS timeouts are adjusted from defaults, only three query attempts can be made before the query times out, so configuring more than three DNS servers in /etc/resolv.conf is not typically useful.)

However, I think Ubuntu & Mint have migrated to using systemd-resolved instead of the classic glibc DNS resolver. This is true if the hosts: line in /etc/nsswitch.conf has resolve instead of or before dns. This configuration will route any DNS queries performed using glibc's hostname resolution API directly to systemd-resolved without checking /etc/resolv.conf at all. (Technically, libnss_resolve.so is used instead of libnss_dns.so.)

But your system may have some legacy applications that won't use glibc, or DNS diagnostic programs (nslookup, dig etc.) which will implement their own DNS queries, but will read /etc/resolv.conf to find out the default DNS server(s) to use. Because of this, systemd-resolved will by default offer a DNS-server-like interface at 127.0.0.53:53 and (unless this compatibility interface is disabled) will configure /etc/resolv.conf with a nameserver 127.0.0.53 line, so that even the special cases will end up using systemd-resolved.

resolvectl is primarily a tool for managing systemd-resolved, whose functionality is a superset of (the classic libnss_dns.so resolver library + resolvconf). The resolvectl command has some compatibility with resolvconf, however the compatibility is not perfect: instead of modifying existing files in /etc/resolvconf/resolv.conf.d/ or adding a new file to [/var]/run/resolvconf/interface/ and then running resolvconf -u, you can supply per-interface DNS server configuration by resolvectl dns <interface name> 1.1.1.1 8.8.8.8, resolvectl domain <interface name> domain.name.example etc.

Since you seem to have both resolvconf and systemd-resolved installed, you may have the same situation as in Debian 11: man resolvconf will actually display the man page of resolvectl, including its compatibility notes. To view the man page of actual resolvconf, you'll need to type man 8 resolvconf.

The "unstable" in the output of sudo apt changelog resolvconf doesn't mean that version is unstable now: it means at the time that change was made that version was in Debian unstable. For security bugfixes, you would see <releasename>-security in place of unstable. The changelogs are part of the history of the individual package: they won't be rewritten as the package moves from Debian unstable to testing and onward to stable, or from unstable/testing to Ubuntu, Mint or other distributions which draw from Debian.

Improve this answer
4

You could try to use systemd-resolved only:

  • add the missing nameservers to /etc/systemd/resolved.conf
  • remove resolvconf
  • leave the symlink to /run/systemd/resolve/stub-resolv.conf in place.

Check your DNS Servers with resolvectl status or systemd-resolve --status and test the name resolving with systemd-resolve NAME.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.