4

I am running a local server using Ubuntu 20.04, and had a need to do one thing that should be simple - tell it to resolve DNS using something other than the ISP's DNS server. However for reasons I won't go into it does need to get its IP address using DHCP, so no static IP address. This was easy to implement in previous versions of Ubuntu, and apparently is still not too difficult if you are running a desktop, but I've yet to see good clear instructions on how to do it in Ubuntu Server.

What I tried and what appears to work for now, is this:

sudo apt update
sudo apt install resolvconf
sudo nano /etc/resolv.conf

(Right under the commented out lines I added two nameserver lines pointing to the Preferred DNS, for example

nameserver 8.8.8.8
nameserver 8.8.4.4

then saved and exited nano)

sudo systemctl start resolvconf.service

Now that appears to have worked but what troubles me is this text that appears in resolv.conf:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

Despite this I see that a lot of people tell you to go ahead and edit this file anyway, but what I am wondering is, is this file going to get overwritten at some point, and if so, then what is now considered the "correct" way to specify nameservers in Ubuntu 20.04, keeping in mind that I can't use a static IP address and that I don't have a desktop on the system? You would think by now someone would have covered this in a web page or video, but if so I can't find it.

EDIT: I do realize that the "correct" way should involve modifying the /etc/netplan/00-installer-config.yaml file to use specific nameservers, but the problem with that is that if you do not set dhcp4: to false or no, it adds the DNS servers you specify to the list that already includes the one(s) it got from DHCP. So if the DHCP request specifies using the ISP's nameserver, it will always check that first, and only go to your preferred nameservers if that DNS fails to respond. Obviously that's not the desired behavior, and that's exactly what prompted me to install resolvconf in the first place.

But continuing on this theme, what I'd really kind of like to implement, if it's not too terribly difficult, is DNS encryption, which I guess is called DNS over TLS. What I am wanting to know is if this capability is built into Ubuntu Server and if so, how you enable it. I have seen several pages that suggest installing a package called stubby, but once again pretty much all the instructions I find are written for users of earlier Ubuntu versions or for Ubuntu desktop users.

This all seems like it would have been a lot easier in Ubuntu 18.04, but in all the pages I have visited trying to get solid information on this subject, if 20.04 is mentioned at all the instructions almost universally tell you to use the network configuration tool in the desktop version. It's as if no one seems to know the correct way to do something that should be really easy in Ubuntu 20.04 without using that GUI-based utility. So I'm wondering why they made this harder for users - that kind of seems like going in the wrong direction!

UbuntuUser
  • 347

2 Answers2

5

I do agree with @chili555, netplan is your best choice. Don't install unnecessary new packages and patch your system with alternative config. Netplan is good, but I must admit that the spacing is annoying :)

In Ubuntu 20.04 you should already have Netplan package in version 0.99 which does work with dhcp4-overrides:

So, from the previously mentioned post:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp2s1:
      dhcp4: yes
      dhcp4-overrides:
        use-dns: false
      dhcp6: yes
      dhcp6-overrides:
        use-dns: false
      nameservers:
        addresses: ["fd35:2ff0:b0b9:d0c0::1:1", 192.168.255.17]

and then don't throw yourself at

netplan apply

but use

netplan try

instead. This way you have 120 seconds before the config is reverted and you can connect again.

NOTE: One additional setting would be to disable router-advertisements (accept-ra: false). These can also set unwanted IPv6 DNS servers.

References

Zanna
  • 72,312
dzidek23
  • 51
  • 2
1

Ok, you have several questions rolled into one:

DNS-over-TLS (DoT)

Ubuntu provides the stubby package which is one of the de-facto standard DoT daemons. Just run apt install stubby and you should be good to go.

DHCP DNS Overrides

As chili555 pointed to in the comments, you want to use the dhcp4-overrides -> use-dns option to disable the use of DHCP-provided DNS servers.

Using Stubby

As you already encountered, systemd-networkd will start its own DNS resolver (systemd-resolved) by default. If you want to run Stubby, they'll both want to bind on port 53 which will cause an error. You have two options:

  • Disable systemd-resolved and configure netplan.io to use 127.0.0.1 as your DNS override server. This has the downside of disabling DNS caching (I think).
  • Tell Stubby to bind on a different localhost IP and/or port using the listen_addresses variable in /etc/stubby/stubby.yml and then tell "netplan.io" to use a dns override to point it at that new IP/port.
Brian Turek
  • 1,866