Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[question] Is there a need to update the /etc/resolv.conf symlink? #570

Open
KoenDG opened this issue Mar 3, 2024 · 1 comment
Open

[question] Is there a need to update the /etc/resolv.conf symlink? #570

KoenDG opened this issue Mar 3, 2024 · 1 comment
Assignees
@konstruktoid

Comments

@KoenDG
Copy link
Contributor

KoenDG commented Mar 3, 2024
edited

By default, at least on ubuntu, /etc/resolv.conf points here: /run/systemd/resolve/stub-resolv.conf

This is a stub, it only contains this:

nameserver 127.0.0.53
options edns0 trust-ad

Whereas there is also this file: /run/systemd/resolve/resolv.conf

Which actually gets updated with the settings from the systemd-resolved conf file, which this project has a playbook for and actually updates:

nameserver 1.1.1.2
nameserver 9.9.9.9
nameserver 8.8.4.4

The first 2 entries of that come from /etc/systemd/resolved.conf. The last entry comes from the netplan configuration I altered on the machine I got this config from. So both those services get appended to each other.

This raises a few questions:

  1. Would it be good practice to change the symlink? Or leave it at the stub? I'm not sure but my understanding is that 127.0.0.53 is the address that systemd-resolved listens to? So propagating to that nameserver should automatically use the systemd-resolved service and the settings that the playbook here configures, right?
  2. Old systems that upgraded 16.04 -> 18.04 -> 20.04 -> ... will still have the old resolvconf package and the /etc/resolv.conf symlink pointing at that. Should resolvconf be uninstalled? At which point, is there even a symlink? I read resolvconf will be removed completely from repos in ubuntu 24.04, but a lot of people and companies have their reasons for sticking to extended support. Still, systemd-resolved became default in 18.04, which has been 6 years now. In terms of hardening, would it be a good idea to switch 18.04 and newer systems away from resolvconf and towards systemd-resolved?

In terms of netplan, that's broader than just DNS, I don't think disabling only the DNS for that is possible.
@konstruktoid
Copy link
Owner

I don't think changing anything related to sytemd-resolved or resolv.conf, more than updating the resolved.conf, will be beneficial. This because it's kind of messy with all the symlinks and dependencies, and removing resolvconf will have consequences (especially if it's an upgraded system relying on resolvconf).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@konstruktoid konstruktoid

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KoenDG @konstruktoid