Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)LO
5long @lemmy.run
Posts 0
Comments 2
Linux DNS settings is a total mess
  • Modern browsers use their buit-in DNS settings which adds to the confusion.

    There's no way of stopping any application sending DNS queries on its own unless you really want to lock down everything with a heavy hand (firewall, container, apparmor / selinux). As long as there's a toggle to turn it off, I'm okay with that.

    How do you think it should be fixed?

    The Tailscale folks speak of systemd-resolved positively and it works well for my own use case.

    Right now I use both systemd-resolved & systemd-networkd on my laptop with a dnsproxy service to query outside DNS servers with DNS-over-HTTPS. systemd-resolved is responsible for handling queries from applications, caching and per-domain DNS routing (~home.arpa for virtual machines and ~lan for machines in my home network).

    There is one little caveat: when I have to connect to a free Wi-Fi which requires authorizing via a captive portal implemented by traffic hijacking, I'll have to enable DNSDefaultRoute= in the Wi-Fi network config file, tell systemd-networkd to reload, finish the authorization in a browser page, revert the previous change, reload systemd-networkd again. It's a lot of steps but I can automate most of them with a script for now.

    Long term wise, hopefully systemd-resolved will support DNS-over-HTTPS (and DNS-over-QUIC) then I can stop running dnsproxy.

    Edit: link to some blog post