It’s /etc/resolv.conf, and systemd overwrites it, Network Manager overwrites it (like every 10 minutes), dhcp overwrites it, etc. What do they overwrite it to? Most just get it from the router even if the router has no assigned servers. These days manually managing /etc/resolv.conf by hand requires hooking into every service that overwrites it on most systemd distributions. So really the people this change would affect are those with misconfigured routers.
My issue is why they didn’t go with a more private DNS such as Open DNS or even Cloudfare DNS. Google’s privacy policy is worse than either of the two. It seems the questioner asked in bad faith but I would’ve hoped Poettering would respond to the validity and dismiss the malintent instead of dismissing the whole issue.
It seems kinda brutal to just stop writing, but I guess there's a bit of a dogpile for writes on this file, does dhcpconf let you specify DNS servers kind of a 'layer up' from resolvconf?
It’s /etc/resolv.conf, and systemd overwrites it,
Network Manager overwrites it (like every 10 minutes),
dhcp overwrites it, etc. What do they overwrite it to?
I still haven't understood where is the definitive place to set dns nowadays.
/etc/resolv.conf is routinely touched by stuff like NetworkManager and other stuff. Systemd-resolved config seems like the correct place, but I'm not sure how that plays with network-manager.
There is no definitive place, because there are several ways in which people set up DNS service:
1. local resolving/forwarding proxy DNS server on loopback
2. resolving/forwarding proxy DNS server on another machine on the LAN with a known IP address
3. resolving/forwarding proxy DNS server on another machine on the LAN but only the LAN's DHCP server definitively knows what its IP address is
4. resolving/forwarding proxy DNS server out on the WAN with a known IP address
5. resolving/forwarding proxy DNS server out on the WAN but only the LAN's DHCP server definitively knows what its IP address is
There's scope for variation within each of these categories, moreover.
Part of the confusion is that most DHCP clients assume that you are doing #3 or #5, and continually switch over to them, until you turn that off by ignoring/superseding the relevant DHCP options. Traditionally in the Unix world one actually generally did #1, with a local BIND being as much a thing as a local Sendmail. Some DHCP clients can do a forwarding variant of #1, but only interoperate (easily) with a few forwarding proxy DNS server softwares. That nowadays #1 might be done with dnscache, or dnsmasq, or PowerDNS, or MaraDNS, or unbound, or something else, introduces configuration file variance but doesn't change the fundamental nature of #1.
systemd-resolved is mainly #1 too, but can operate in a mode where it is #3 or #5, in which case you have it and the DHCP clients doing overlapping work. One of the things that, in fairness, one can actually praise about systemd-resolved is that whilst conventional DHCP clients actually end up rewriting /etc/resolv.conf itself (via resolvconf and similar mechanisms) systemd-resolved instead rewrites two files of its own, and lets you rather choose to symbolically link /etc/resolv.conf to (one of) them. If the conventional DHCP clients also did this more, there'd be less of the conflict between #1/#2/#4 and #3/#5.
I think it get's a bit harder than this, with newer systemd supporting name resolution over dbus. It's conceivable that some programs may move away from libc resolvers using resolv.conf and start querying the service directly over dbus.
I'm not sure I'm personally a fan, just saying it's something that might become more common based on my read of the systemd docs awhile back.
> with newer systemd supporting name resolution over dbus.
Not only that, with suitably configured nsswitch.conf, (e.g. with nss-resolve), you might find out that your /etc/resolv.conf is used only by apps that have their own resolver and ignore the glibc one.
Ah, I didn't want to get into the stupidity and sysadmin nightmare of systemd-resolved, but rest-assured even with systemd-resolved active most users can simply manage their /etc/resolv.conf file and systemd-resolved should respect it. It gets trickier when you don't have a network manager program or are use dhcp, VPNs, etc.
> I still haven't understood where is the definitive place to set dns nowadays.
If you are using NetworkManager, then in NetworkManager, per each connection. You can also configure which zones each of them can resolve, if they are not global.
So you can things like using your prefered global DNS and then have per-VPN DNS that can resolve hosts in whatever network you VPN into.
> I still haven't understood where is the definitive place to set dns nowadays.
There isn't. There are half a dozen packages on a Linux install that each will reset the DNS settings as they wish.
Setting your network DHCP with the correct values tends to work, because everything queries it. But I still didn't manage to replace the upstream DNS on the DHCP server.
Are you sure systemd overwrites it? I believe it maintains its own /run/systemd/resolve/{resolv,stub-resolv}.conf file, and it's up to you whether you want to symlink /etc/resolv.conf to one of these or not.
It’s /etc/resolv.conf, and systemd overwrites it, Network Manager overwrites it (like every 10 minutes), dhcp overwrites it, etc. What do they overwrite it to? Most just get it from the router even if the router has no assigned servers. These days manually managing /etc/resolv.conf by hand requires hooking into every service that overwrites it on most systemd distributions. So really the people this change would affect are those with misconfigured routers.
My issue is why they didn’t go with a more private DNS such as Open DNS or even Cloudfare DNS. Google’s privacy policy is worse than either of the two. It seems the questioner asked in bad faith but I would’ve hoped Poettering would respond to the validity and dismiss the malintent instead of dismissing the whole issue.