Investigate Systemd DNS Resolver

January 17, 2025 - Reading time: 2 minutes

DNS queries using Systemd Resolver can be difficult to grasp at the begining. Here are some commands that can help you understand how Systemd Resolver works under the hood.

To see which network interface (link) a DNS query is sent to execute

resolvectl query see.org

To see the DNS ip address in the other side of the link execute

resolvectl status

To see Systemd Resolver in action while browsing the internet execute

sudo resolvectl monitor

Systemd Resolver uses stub stage which is locally cached previous DNS answers (accessed through localhost ip 127.0.0.53) as the first attempt to answer DNS queries. Then Systemd Resolver pass the query to next DNS server on the default network link.

The main resolver in the system points to the stub configuration

/etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

The next DNS server on the default network link is

cat /run/systemd/resolve/resolv.conf

You can turn on debug flag for Systemd Resolver to see full resolver steps while answering a DNS query, execute these commands

sudo resolvectl log-level debug
journalctl -fu systemd-resolved