# [[systemd-resolved]] _Created: 2025-08-27_ | #dns #systemd | [[010 System Administration MOC|System Administration]] This is a systemd service providing name resolution via multiple interfaces - DNS, DBUS and NSS. Apart from the different interfaces to resolve names, it also provides a way to have a different DNS server per network link. This is pretty similar to how DNS is handled on Mac as well (Use `scutil --dns` to see the information). ## Files This replaces `/etc/resolv.conf` with a symlink to a stub file in `/run/systemd/resolve/stub-resolv.conf` which redirects queries to its own listener on loopback address `127.0.0.53`. The actual DNS `resolv.conf` file filled with values from the DHCP server are at `/run/systemd/resolve/resolv.conf` ## CLI `resolvctl` is the tool to use. Just running by itself, it gives information on all interfaces. ```shell-session $ resolvectl Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Link 2 (eth0) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 3 (wlan0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.135 DNS Servers: 192.168.1.135 192.168.1.150 192.168.1.31 DNS Domain: home service.consul consul ``` One pretty cool feature is that you can live monitor DNS queries on the machine using `resolvectl monitor`. ```shell-session $ sudo resolvectl monitor → Q: cnn.com IN A ← S: success ← A: cnn.com IN A 151.101.67.5 ← A: cnn.com IN A 151.101.195.5 ← A: cnn.com IN A 151.101.131.5 ← A: cnn.com IN A 151.101.3.5 ... ``` You can make queries to test name resolution. ```shell-session $ resolvectl query cnn.com cnn.com: 151.101.195.5 -- link: wlan0 151.101.131.5 -- link: wlan0 151.101.67.5 -- link: wlan0 151.101.3.5 -- link: wlan0 2a04:4e42:c00::773 -- link: wlan0 2a04:4e42:400::773 -- link: wlan0 2a04:4e42:a00::773 -- link: wlan0 2a04:4e42:200::773 -- link: wlan0 2a04:4e42::773 -- link: wlan0 2a04:4e42:800::773 -- link: wlan0 2a04:4e42:600::773 -- link: wlan0 2a04:4e42:e00::773 -- link: wlan0 -- Information acquired via protocol DNS in 13.4ms. -- Data is authenticated: no; Data was acquired via local or encrypted transport: no -- Data from: cache network ```