I recently tried to enable system-wide DNS over https on Fedora. To do so I had to to some research and found out how comfusing it is for the average user (and even experienced users) to change the settings. In fact there are multiple backends messing with system DNS at the same time.

Most major Linux distributions use systemd-resolved for DNS but there is no utility for changing its configuration.

The average user would still try to change DNS settings by editing /etc/relov.conf (which is overwritten and will not survive reboots) or changing settings in Network Manager.

Based on documentation of systemd-resolved, the standard way of adding custom DNS servers is putting so-called ‘drop-in’ files in /etc/systemd/resolved.conf.d directory, especially when you want to use DNS-over-TLS or DNS-over-https.

Modern browsers use their buit-in DNS settings which adds to the confusion.

I think this is one area that Linux needs more work and more standardization.

How do you think it should be fixed?

  • _cnt0@feddit.de
    link
    fedilink
    arrow-up
    16
    arrow-down
    1
    ·
    1 year ago

    My two cents: Yes, it’s bad. The biggest hurdle to people not “intimately familiar” with their distro is A) what it’s using for DNS configuration and B) realizing that there are so many different ways in different distributions, and sometimes within one distribution, that you have to be very careful what googled results you follow. That many browsers do their own thing doesn’t help. I think the best way to solve it would be some desktop level abstraction like PackageKit where it doesn’t really matter what services does the resolving under the hood.

    • mFat@lemdro.idOP
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Totally agree. There should be only one place for setting the system-wide DNS.

    • astraeus
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I think a great example of bad is how Ubuntu used to use netplan and then switched over to systemd-resolved’s implementation which somehow seems even worse. In order to make changes to the DNS you have to write them in at the service level instead of using an interface that can actively change them. You’re free to use another DNS service but this as the default is sometimes very clunky and unstable.