14

I'm trying to change my DNS settings on my Debian 12 VPS, and by this I mean, I want to use a public resolver like 1.1.1.1 instead of my VPS host's resolver.

I remember in Debian 11 I could just edit the /etc/resolv.conf file, and restart the resolvconf.service and everything would work fine.

However, on Debian 12, when I go to edit the /etc/resolv.conf it has a big warning:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

So if I can't edit this file, where can I configure my resolver?

I tried reading man resolvconf and man resolv.conf but this confused me even further.

Any ideas?

Cherona
  • 341

4 Answers4

11

Use the systemd-resolved stub resolver that is mentioned in your /etc/resolv.conf:

  1. Add the DNS servers to /etc/systemd/resolved.conf:
[Resolve]
DNS=1.1.1.1 8.8.8.8
  1. restart systemd-resolved
systemctl restart systemd-resolved

Check your settings with resolvectl status:

$ resolvectl status
Global
         Protocols: -LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1 8.8.8.8
        DNS Domain: your.search.domain

Link 2 (ens3)
...

Read man systemd-resolved

This is the stub resolver mentioned in your /etc/resolve.conf. In this man page you can read why you shouldn't edit /etc/resolv.conf and why it's a symbolic link etc.

There is also a man page for the configuration file of this stub resolver: man resolved.conf.

ctx
  • 245
  • 2
  • 6
8

  1. You need to install resolvconf.

    sudo apt install resolvconf

  2. Enable and Start the service resolvconf.

    systemctl start resolvconf
systemctl enable resolvconf
systemctl status resolvconf

  3. Update the file /etc/resolvconf/resolv.conf.d/head to have lines like:

    nameserver 8.8.8.8
nameserver 8.8.4.4

  4. Run the command:

    resolvconf --enable-updates
resolvconf -u

Ref: https://www.ionos.com/digitalguide/server/configuration/how-to-set-dns-on-debian/#:~:text=the%20DNS%20field.-,How%20to%20set%20your%20DNS%20server%20using%20the%20configuration%20file,-You%20can%20also

SJaafar
  • 97
2

I would suggest:

remove resolvconf package

# apt-get purge resolvconf

remove /etc/resolv.conf

# rm /etc/resolv.conf

enable systemd-resolved

# systemctl enable systemd-resolved --now

configure systemd-resolved

# grep -v '#' /etc/systemd/resolved.conf

[Resolve]


MulticastDNS=no
LLMNR=no


DNS=1.1.1.1  8.8.4.4
FallbackDNS=8.8.8.8
Domains=~.

restart systemd-resolved

# systemctl restart systemd-resolved

make proper symlink for resolv.conf

# ln -s /run/systemd/resolve/stub-resolv.conf  /etc/resolv.conf

correct resolv.conf will look like this

# grep -v '#' /etc/resolv.conf

nameserver 127.0.0.53
options edns0 trust-ad
search .

the setting

"Domains=~."

is very important. I do not want to give a full explanation as it is a long story, i just say that different programs can have influence to systemd-resolved daemon settings, mostly they do it on per-interface basis, they add custom dns servers, you will be suprized to find out that in this case systemd-resolved uses not dns server you configured but smth different. To prohibit it , that is if you want to be sure that systemd-resolved uses only 1.1.1.1 8.8.4.4 for requests and nothing else the setting "Domains=~." is a must. You can check this fact like so:
enable debug logging and checj the journal

# resolvectl log-level debug
# journalctl -f -u systemd-resolved | grep "Using DNS server"

you must see only 1.1.1.1 or 8.8.8.8

to disable debug logging just restart systemd-resolved

Alex
  • 358
0

First, check the presence of the /run/systemd/resolve/resolv.conf file if it exists, create a symbolic link to it instead of /etc/resolv.conf

#ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
newchel
  • 9