Bdtyktl

Ubuntu 16.10+ uses systemd-resolved as DNS resolver.

I prefer the setup 16.04 uses, dnsmasq as the resolver.

How can I do that on 16.10+, especially on 17.04?

dnsmasq packages are still available in 16.10 and 17.04.

1. 
   

   Install dnsmasq and dependencies (or at least download their packages) before disabling systemd-resolved:

   
   
   

   sudo apt-get install dnsmasq
   
   

   
   


2. 
   

   Disable systemd-resolved and verify dnsmasq is running:

   
   
   

   sudo systemctl stop systemd-resolved
   
   sudo systemctl disable systemd-resolved
   
   
   
   systemctl status dnsmasq
   
   

   
   


3. 
   

   Season dnsmasq to taste. After applying your settings, restart dnsmasq:

   
   
   

   sudo systemctl stop dnsmasq
   
   sudo systemctl start dnsmasq
   
   

   
   

After step 2 you might be without a working system resolver until step 3 is complete. You may need to restart the networking subsystem (or simply reboot) to get dnsmasq functioning with the default configs. In my testing, adding a known DNS server to /etc/dnsmasq.conf and restarting dnsmasq was enough to get it working in a liveCD environment.

In addition to the answer of @quixotic:

Make sure you have in /etc/NetworkManager/NetworkManager.conf :

[main]

dns=dnsmasq

if you need to add it, restart NetworkManager like this:

sudo systemctl restart NetworkManager

and /etc/resolv.conf needs to be a symlink to /var/run/NetworkManager/resolv.conf . could be done like this

sudo rm /etc/resolv.conf; sudo ln -s /var/run/NetworkManager/resolv.conf /etc/resolv.conf

According to the manual of systemd-resolved, systemd-resolved provides with name resolution services via three different interfaces:

1. "fully-featured API systemd-resolved exposes on the bus"


2. "a local DNS stub listener on IP address 127.0.0.53 on the local loopback interface"



3. 
   

   The glibc getaddrinfo(3) API as defined by RFC3493 and its related resolver functions, including gethostbyname(3). This API is widely supported, including beyond the Linux platform. In its current form it does not expose DNSSEC validation status information however, and is synchronous only. This API is backed by the glibc Name Service Switch (nss(5)). Usage of the glibc NSS module nss-resolve(8) is required in order to allow glibc's NSS resolver functions to resolve host names via systemd-resolved.

   
   

It seems that the first two interfaces won't interfere in normal DNS resolution and for me the problem is likely to reside on the third.

In the manual of nss-resolve:

To activate the NSS module, add "resolve" to the line starting with "hosts:" in /etc/nsswitch.conf. Specifically, it is recommended to place "resolve" early in /etc/nsswitch.conf's "hosts:" line (but after the "files" or "mymachines" entries), right before the "dns" entry if it exists, followed by "[!UNAVAIL=return]", to ensure DNS queries are always routed via systemd-resolved(8) if it is running, but are routed to nss-dns if this service is not available

So what is needed is to make "dns" precedes "resolve" in "host:" line of /etc/nsswitch.conf. And then getaddrinfo should simply adhere to /etc/resolv.conf .

This solution only prevents systemd-resolved from handling all the DNS resolution requests and is not restricted to a specific network manager. And it also makes sure LLMNR and mDNS service are operating normally.

( I am not fair familiar with how name resolution works under Linux and also unsure about what I understood from these manuals. Pleaes point out if I got something wrong. Thx :) )