[SOLVED] DNS Issues with systemd-resolved.service

DNSSEC prevents to resolve DNS-Zones like *.local. On Linux Mint for example this leads to a DNS-Problem in company wide networks with for example domain.local domains.

Pic by thesslstore.com

I lastly found a solution while setting up my colleagues new laptop which where installed with the latest Linux Mint (19.x) Ubuntu.

The problem we encounterd was that we have different domains where some inhouse where ending with . So DNSSEC obviously rightly don’t like.

Here is our solution:

First unlink or delete, rename it.

Then link it to the dynamic configuration.

$ unlink /etc/resolv.conf
$ ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

In the next step we will disable DNSSEC. Therefore you need to edit your to something like that:

$ vim /etc/systemd/resolved.conf#  This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details
[Resolve]
#DNS=
#FallbackDNS=
Domains=domain1.local domain2.local
#LLMNR=no
#MulticastDNS=true
DNSSEC=no
#Cache=yes
DNSStubListener=yes

Lastly find in the line which tells the sequence in how your device should resolve.

Find the line and replace it with . This will resolve your first and 2nd asking your specified DNS-Server.

$ vim /etc/nsswitch.conf
[...]
#hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
hosts: files dns
[...]

Cheers!

Working as a IT-Operations engineer at NeXenio, a spin-off by Hasso-Plattner-Institute for products around a digitial workspace.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store