I know that systemd-resolve --status lists all my connections and their DNS servers and nmcli connection show <connection> | grep -i dns will list the priority of the DNS connections. But is there a single command I can run that will list all DNS servers and their priority/order?
I was trying to enable DNS over TLS via systemd-resolved. I changed /etc/systemd/resolved.conf as follows:
[Resolve]
DNS=1.1.1.1
#FallbackDNS=
Domains=~.
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
DNSOverTLS=opportunistic
#Cache=yes
#DNSStubListener=yes
While monitoring the network (with tcpdump) to see if the resulting behavior was the intended one, it seems that a TLS session is established with the target server; but, then the server closes the connection. I get the same results with 1.1.1.1, 8.8.8.8 and others.
Any ideas on how to fix this?
P.S.: systemd-resolved ends up doing parallel resolution with traditional DNS (despite the setting of "Domains" above). But my main question for this post is what may be going wrong with the TLS one.
I just installed a new Ubuntu Server 18.04. I set my hostname hostnamectl set-hostname ****.openbayou.biz and I set /etc/hosts:
127.0.0.1 localhost
[ip address] ****.openbayou.biz hostname
# The following lines are desirable for IPv6 capable hosts
[ip6 address] *****.openbayou.biz hostname
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
I also installed OSSEC to monitor for new files, errors and changes to my server and I'm now getting these alerts:
Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-
0001, retrying transaction with reduced feature level UDP.`
It's now repeating itself:
systemd-resolved[3195]: message repeated 4 times: [ Server returned error
NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction
with reduced feature level UDP.]
I've looked online for a solution and nobody is reporting this issue.
When I connect to a VPN network through Gnome Network-manager I lose DNS resolution and in practice, I cannot access resources inside the VPN network or outside.
When I was using Ubuntu 16.04 and I was using the VPN, the "/etc/resolv.conf/" file would contain the DNS servers of the (VPN) network I had connected. Now it always contains the following entries:
nameserver 127.0.0.53
search myprovider.com
From what I have understood 127.0.0.53 is the address of the DNS stub used by the system-resolved.
I suspect that this is a bug because the VPN was working fine the Ubuntu 16.04. Is there any way that I can set the DNS servers of my network when I am using a VPN service?
Update:
I tried connecting to the OpenVPN network with the configuration file attached at the end of the post, but I get the following error:
Authenticate/Decrypt packet error: cipher final failed
I have verified that the server uses lzo compression and I have enabled it as well. The connection stays active but I cannot navigate to any page inside or outside the VPN.
In the configuration file listed below, I have included the solutions posted in the replies
client
dev tun
proto udp
remote openvpn.bibsys.no 1194
remote my-server-2 1194
resolv-retry infinite
nobind
user myuser
group myuser
persist-key
persist-tun
ca ca-cert.pem
cert openvpn.crt
key openvpn.key
cipher AES-256-CBC
comp-lzo yes
script-security 2
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved
down-pre
I've recently upgraded to 17.10. When I try to browse to a website, or ping a domain it fails saying the site cannot be resolved.
network-admin shows the contents of /etc/resolv.conf to be nameserver: 127.0.0.53
If I change that to 8.8.8.8 or 208.67.222.222 then everything works. Until I reboot.
Upon reboot or resume, the nameserver is reset to 127.0.0.53.
How do I permanently set the nameserver to something that works?
For systemd fans, if I run systemd-resolve --status I get
Link 3 (wlo1)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
If I follow the advice at this question - DNS keeps resetting after reboot. Ubuntu 17.10 - DNS still fails to resolve.