Setting default (global) DNS

I am trying to set a default DNS on my laptop so that it would use it on all networks, bypassing DHCP DNS.

On Arch I simply did it in /etc/NetworkManager/conf.d/dns-servers.conf:

[global-dns-domain-*]
servers=9.9.9.9,...

But it doesn’t work, and after looking around I found this: Current DNS server systemd-resolved - #12 by pemensik

But it either doesn’t do what I think, or I missed a step that disables using the DNS from DHCP

From a reddit-thread:

First you need to get the IPs where those services provide the DNS.

And since you’re not mention which DE, I’m assuming it’s Gnome therefore:

Open Settings

Go to Network

Select the network device you want to modify (Wired or wireless), click on the gearwheel

Select IPv4

Disable automatic DNS

Input your desired DNS

Click Apply

Of course you can do it via CLI too:

Get the network profiles: `nmcli connection show`

Identify the profile you want to modify

Change the DNS: nmcli con mod <network_profile> ipv4.dns "8.8.8.8 8.8.4.4"

replace <network_profile> with the one you need.

Also, see here.

I had to change it for the actual device, not the connection since I want it on all WiFi connections, but it doesn’t work permanently, restarting the service/rebooting makes it use DHCP again.

Also the DNS I am trying to use (quad9.net) supports TLS, but it doesn’t use it and setting DNSOverTLS=yes in /etc/systemd/resolved.conf breaks my connection, I can connect to the router, but web requests don’t come thru (even without changing the DNS, my router is already set to use quad9) I am mildly annoyed as this worked without fuss on Arch

There is exactly 1 connection per device on any given computer:

nmcli connection show

This command will list all (networking hardware) DEVICES (if they are enabled, and not in airplane mode) and show their corresponding CONNECTION (i.e. Name, UUID, TYPE, and DEVICE, of course). There may be virtual connections shown, too, if you use a VPN or other DNS manager methods (e.g. unbound, or dnsmasq, or dnscrypt-proxy).

So you would have to set DNS for your WIFI DEVICE only once, on any machine.

/etc/systemd/resolved.conf should not be edited manually, as it is automatically created during installl and updates.

No you can edit that file it is fine

https://www.freedesktop.org/software/systemd/man/resolved.conf.html

So this: nmcli con mod <WiFi UUID> ipv4.dns "..." affects all WiFi connections? Because I thought it only modifies this one connection, that’s why I used nmcli dev mod <DEVICE> ...

So how do I enable DoT?

Yea I did the same on Arch. Any idea why it doesn’t work tho?

Yes.

You could try out dnscrypt-proxy, like shown in this thread. It should work easily.

Or try to use unbound (without dns-encryption). Documentation is here.

Hope you won’t end up having to install Fedora all over again, which happened to me before.

Apparently this is true, sorry I wasn’t aware of this.

The whole networking in Fedora is quite complicated, and I gave up myself on it, getting to run unbound.

I’d rather try dnscrypt-proxy instead!

It works in here and I am using for years but If DNS server
doesn’t support TLS you have to turn off

https://fedoraproject.org/wiki/Changes/systemd-resolved#DNS_over_TLS

I found the magic word that fixed everything: ipv4.ignore-auto-dns I have set my DNS and this setting for the connection and the device since it doesn’t seem to cause any problems, and enabling DoT and DNSSEC in resolved.conf now works as expected.

@thunderbirdtr @ivanhoe

2 Likes

I am happy you found a solution!