DNS (Domain Name System) is a service that translates domain names into IP addresses and vice versa. DNS is essential for accessing websites, sending emails, and using other network services.
Table of Contents
Sometimes DNS may not work properly on your Debian 10 system, causing errors like “Temporary failure in name resolution” or “Name or service not known”. In this article, we will show you how to diagnose and fix DNS issues on Debian 10 using systemd-resolved, a network name resolution service that is part of systemd.
What is systemd-resolved?
systemd-resolved is a daemon that provides network name resolution to local applications via a D-Bus interface, the resolve NSS service, and a local DNS stub listener on 127.0.0.53. systemd-resolved supports various protocols, such as DNS, DNSSEC, DNS over TLS, LLMNR, and mDNS. systemd-resolved is enabled by default on Debian 10 and manages the /etc/resolv.conf file, which contains the DNS servers and search domains to use.
How to check the status of systemd-resolved?
To check the status of systemd-resolved, you can use the systemctl command:
sudo systemctl status systemd-resolved
This will show you whether the service is active, running, and enabled. You can also use the resolvectl command to see more information about the DNS settings and servers used by systemd-resolved:
This will show you the global and per-link DNS configuration, as well as the DNSSEC and DNS over TLS support.
How to configure systemd-resolved?
The main configuration file for systemd-resolved is /etc/systemd/resolved.conf, which contains various options to control the behavior of the service. You can edit this file with your preferred text editor, such as nano:
sudo nano /etc/systemd/resolved.conf
Some of the options you can configure are:
Specifies the DNS servers to use globally. You can list multiple servers separated by spaces, and use IPv4 or IPv6 addresses. For example, to use Google’s public DNS servers, you can write:
DNS=220.127.116.11 18.104.22.168 2001:4860:4860::8888 2001:4860:4860::8844
Specifies the DNS servers to use when no other servers are available. The default value is:
FallbackDNS=22.214.171.124 126.96.36.199 188.8.131.52 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888
Specifies the domains to use for DNS resolution. You can list multiple domains separated by spaces, and use a tilde (~) to indicate that the domain should be resolved only using the DNS servers specified in the DNS option. For example, to use your local DNS server for resolving local domains, and Google’s DNS servers for resolving other domains, you can write:
Domains=local ~. DNS=10.0.0.1
Specifies whether to enable DNSSEC validation. DNSSEC is a security feature that verifies the authenticity and integrity of DNS responses. The possible values are yes, no, or allow-downgrade (the default). For example, to enable DNSSEC validation, you can write:
Specifies whether to enable DNS over TLS. DNS over TLS is a security feature that encrypts DNS queries and responses. The possible values are yes, no, or opportunistic (the default). For example, to enable DNS over TLS, you can write:
After editing the /etc/systemd/resolved.conf file, you need to restart the systemd-resolved service for the changes to take effect:
sudo systemctl restart systemd-resolved
How to troubleshoot DNS issues on Debian 10?
If you encounter DNS issues on Debian 10, such as not being able to resolve hostnames or access websites, you can try the following steps to troubleshoot and fix them:
1. Check the status and configuration of systemd-resolved, as described in the previous sections. Make sure the service is running and the DNS servers and domains are correct.
2. Check the /etc/resolv.conf file, which is a symbolic link to /run/systemd/resolve/stub-resolv.conf. This file contains the local stub 127.0.0.53 as the only DNS server, and a list of search domains. This is the recommended mode of operation that propagates the systemd-resolved managed configuration to all clients. If the file is not a symbolic link, or points to a different file, you can recreate the link by running:
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
3, Check the network connectivity and firewall settings of your system. Make sure you can ping the DNS servers and the websites you want to access. For example, to ping Google’s DNS server, you can run:
ping -c 4 184.108.40.206
4. Check the DNS resolution using the systemd-resolve command, which queries systemd-resolved for name resolution. For example, to resolve google.com, you can run:
This will show you the IP address and other information about the hostname. You can also use the –status option to see the DNS configuration of systemd-resolved.
5. Check the DNS resolution using other tools, such as dig, host, or nslookup, which query the DNS servers directly. For example, to resolve google.com using dig, you can run:
This will show you the DNS response from the server. You can also specify a different DNS server to query, such as Google’s DNS server:
dig @220.127.116.11 google.com
6. Compare the results of the different tools and see if there are any discrepancies or errors. If the DNS resolution works with some tools but not others, it may indicate a problem with the configuration or compatibility of the tools. If the DNS resolution does not work with any tool, it may indicate a problem with the network or the DNS servers.
Frequently Asked Questions (FAQs)
Question: What is the difference between systemd-resolved and resolvconf?
Answer: systemd-resolved and resolvconf are two different programs that can manage the /etc/resolv.conf file and the DNS configuration on Debian 10. systemd-resolved is part of systemd and provides network name resolution services to local applications. resolvconf is a separate package that provides a framework for updating and managing the /etc/resolv.conf file. resolvconf can work with systemd-resolved, but it is not required.
Question: How to disable systemd-resolved on Debian 10?
Answer: If you want to disable systemd-resolved on Debian 10, you can use the systemctl command to stop and disable the service:
sudo systemctl stop systemd-resolved sudo systemctl disable systemd-resolved
You also need to remove the symbolic link from /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf, and create a new /etc/resolv.conf file with your desired DNS servers and search domains. For example, to use Google’s DNS servers, you can write:
nameserver 18.104.22.168 nameserver 22.214.171.124
Question: How to enable DNS caching on Debian 10?
Answer: By default, systemd-resolved does not cache DNS responses, but it can be enabled by setting the Cache option to yes in the /etc/systemd/resolved.conf file:
You also need to restart the systemd-resolved service for the change to take effect:
sudo systemctl restart systemd-resolved
In this article, we have learned how to diagnose and fix DNS issues on Debian 10 using systemd-resolved, a network name resolution service that is part of systemd. We have also learned how to check the status and configuration of systemd-resolved, how to edit the /etc/systemd/resolved.conf file, how to troubleshoot DNS resolution using various tools, and how to disable systemd-resolved if needed. We hope this article has helped you to solve your DNS problems on Debian 10.
Disclaimer: This article is for informational purposes only and does not constitute professional advice. The author and the publisher are not liable for any damages or losses that may result from the use of the information in this article. Always consult a qualified IT professional before making any changes to your network configuration.