Skip to content
GitLab
Closed
Issue created by François Guerraz@fguerraz

NetworkManager & systemd-resloved: DHCP provided DNS server isn't used

Hello,

I am using NetworkManager (1.24.2) & systemd-resloved (245.6) in their default configuration.

/etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf

As it should, NetworkManager reports in the logs when it starts:

dns-mgr[0x55f2a8093240]: init: dns=systemd-resolved rc-manager=symlink, plugin=systemd-resolved

Which is what I want.

NetworkManager correctly picks-up the right DNS server from DHCP

NetworkManager[19709]: <info> [1593431290.2268] dhcp4 (enp0s13f0u3u3): option domain_name_servers => '192.168.199.1'

But it doesn't detect that there is a change with the running configuration:

dns-mgr: (device_ip_config_changed): queueing DNS updates (1)
dns-mgr: (device_ip_config_changed): DNS configuration did not change
dns-mgr: (device_ip_config_changed): no DNS changes to commit (0)

Therefore, systemd-resolved keeps on using the fallback DNS server:

$ systemd-resolve --status
Global
       LLMNR setting: yes                 
MulticastDNS setting: yes                 
  DNSOverTLS setting: no                  
      DNSSEC setting: no                  
    DNSSEC supported: no                  
  Current DNS Server: 8.8.8.8             
Fallback DNS Servers: 1.1.1.1             
                      9.9.9.10            
                      8.8.8.8             
                      2606:4700:4700::1111
                      2620:fe::10         
                      2001:4860:4860::8888
          DNSSEC NTA: 10.in-addr.arpa     
                      16.172.in-addr.arpa 
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa 
                      18.172.in-addr.arpa 
                      19.172.in-addr.arpa 
                      20.172.in-addr.arpa 
                      21.172.in-addr.arpa 
                      22.172.in-addr.arpa 
                      23.172.in-addr.arpa 
                      24.172.in-addr.arpa 
                      25.172.in-addr.arpa 
                      26.172.in-addr.arpa 
                      27.172.in-addr.arpa 
                      28.172.in-addr.arpa 
                      29.172.in-addr.arpa 
                      30.172.in-addr.arpa 
                      31.172.in-addr.arpa 
                      corp                
                      d.f.ip6.arpa        
                      home                
                      internal            
                      intranet            
                      lan                 
                      local               
                      private             
                      test                

Link 12 (enp0s13f0u3u3)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: no                   
       LLMNR setting: yes                  
MulticastDNS setting: no                   
  DNSOverTLS setting: no                   
      DNSSEC setting: no                   
    DNSSEC supported: no                   

Link 2 (wlp0s20f3)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: no                   
       LLMNR setting: yes                  
MulticastDNS setting: no                   
  DNSOverTLS setting: no                   
      DNSSEC setting: no                   
    DNSSEC supported: no

Which https://www.dnsleaktest.com/ confirms.

If I manually set the DNS server for the interface with resolvectl, it works and the correct entries are reported in the status.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information