I am using systemd-resolved
on Ubuntu 24 LTS to manage DNS resolution. My goal is to have the following DNS resolution behavior:
- Shortnames (hostnames that do not include a domain suffix (e.g., server1, server2)) should be resolved by a local
dnsmasq
server with IP192.168.2.254
- Fully Qualified Domain Names (FQDNs) ending in
.example.lan
should also be resolved by the localdnsmasq
server. - All other FQDNs should be resolved using the DNS servers configured on the network interface
enp1s0
dictated by my VPS provider.
Current Configuration:
-
/etc/systemd/resolved.conf
[Resolve] DNS=192.168.2.254 Domains=example.lan
-
/etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8). # Do not edit. nameserver 127.0.0.53 options edns0 trust-ad search example.lan
-
resolvectl status
output:
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
DNS Servers: 192.168.2.254
DNS Domain: example.lan
Link 2 (enp1s0)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: {{VPS_DNS_IPv4_Server}} {{VPS_DNS_IPv6_Server}}
DNS Domain: ~.
Link 3 (enp8s0)
Current Scopes: DNS
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 192.168.2.254
DNS Domain: example.lan
What Should Happen:
- Shortnames should be forwarded and resolved by the
dnsmasq
server at192.168.2.254
(reachable over link enp8s0) - FQDNs ending in
.example.lan
should be forwarded and resolved by thednsmasq
server at192.168.2.254
. - Other FQDNs should be resolved by the DNS server(s) configured on the
enp1s0
network link.
What Actually Happens:
- (BAD) Shortnames are never forwarded to
192.168.2.254
, and in fact are not even forwarded to the DNS server(s) on linkenp1s0
. I verified this viatcpdump
where I see the following “ServFail” output from127.0.0.53
:
06:53:57.187793 lo In IP 127.0.0.1.45390 > 127.0.0.53.53: 46296+ [1au] A? example. (50)
06:53:57.188045 lo In IP 127.0.0.53.53 > 127.0.0.1.45390: 46296 ServFail* 0/0/1 (38)
- (GOOD) Queries for FQDNs ending in
.example.lan
are correctly forwarded and resolved by192.168.2.254
. - (GOOD) All other FQDN queries are forwarded to
{{VPS_DNS_IPv4_Server}}
(verified bytcpdump
)
Observation:
It seems like the search
domain setting is not being applied before routing/forwarding decisions are made.
Question:
How can I ensure that shortnames and FQDNs ending in .example.lan
are forwarded to 192.168.2.254
, while other FQDNs are resolved by the DNS servers on the enp1s0
network link?
Any help or insights would be greatly appreciated!
*Note: This Question is very similar to my situation but does not consider shortnames