Trouble Overriding DNS Servers via Netplan Config

Question

I'm trying to override the nameserver settings in the netplan yaml configuration, but it doesn't seem to be working. Here's the /etc/netplan/01-netcfg.yaml file:

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes
      dhcp4-overrides:
        use-dns: no
      nameservers:
        addresses: [192.168.1.7]

I'm running Ubuntu 18.04.3 LTS (I changed the nameserver IP address, but everything else is the same). Also, when I run netplan --debug generate, it produces this:

** (generate:1951): DEBUG: 20:05:57.212: Processing input file /etc/netplan/01-netcfg.yaml..
** (generate:1951): DEBUG: 20:05:57.212: starting new processing pass
** (generate:1951): DEBUG: 20:05:57.212: eth0: setting default backend to 1
** (generate:1951): DEBUG: 20:05:57.212: Configuration is valid
** (generate:1951): DEBUG: 20:05:57.212: Generating output files..
** (generate:1951): DEBUG: 20:05:57.212: NetworkManager: definition eth0 is not for us (backend 1)

And the really confusing thing is that there isn't any /run/netplan directory...

I should also mention that this is a virtual private server, so I don't have access to the bare metal... Not sure if that's important... Also, the reason that I'm using eth0 is because that's the only one that shows up when I run ifconfig, other than the loopback address. The original /etc/netplan/01-netcfg.yaml file from when I got the server from the hosting company was:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s3:
      dhcp4: yes

I wanted to reconfigure it so that I could use another virtual private server as the DNS server...

EDIT Just wanted to mention the output of systemd-resolve --status shows that the DNS Servers are the original ones configured by DHCP, and not the one overridden by the netplan configuration above. It doesn't seem to be accepting the netplan settings.

EDIT 2 In answer to some of the questions posted in the comments, I believe the hosting company has installed Ubuntu Server rather than a desktop installation. As far as I know, I can only access the VPS through a terminal, and I don't believe I have access to a GUI desktop. As for the other questions, I've reverted back to the original /etc/netplan/01-netcfg.yaml file and rebooted the server. Now, it should be back to its original configuration:

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s3:
      dhcp4: yes

Also, it doesn't look like dhclient is running when I do ps aux | grep -i dhc... How can the /etc/netplan/01-netcfg.yaml file have dhcp4: yes configured if dhclient isn't running on the machine?

When I run ip a, I get

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
     ...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
     ...

But there's no mention of enp0s3... Similarly for the ifconfig command, it just mentions eth0 and not enp0s3...

Here's the /etc/resolv.conf file:

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver <Some loopback IP>
options edns0
search home

I changed the value of the nameserver above as well as the value of the seach option.

systemd-resolve --status includes the following at the bottom of its output:

Link 2 (eth0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: <IP1>
                      <IP2>
                      <IP3>
          DNS Domain: <domain1>

where IP1, IP2, and IP3 are three IPv4 addresses that I would prefer not to use for DNS, and domain1 is a domain name that I also have no use for. Please let me know in the comments if there's any other useful information that could be find. Should I configure a static IP in /etc/netplan/01-netcfg.yaml, since dhclient isn't running? Another question, wouldn't it make more sense to use eth0 for the network device instead of enp0s3, since the latter isn't present when ip a is run?

EDIT 3 It might be useful to know that the servers in question are being provided by Linode. I deactivated their Linode Network Helper in order to set up my own DNS servers. Just thought it be useful information to know... It should just be a regular Ubuntu 18.04 server.

Response to Update 1 - See Heynnema's response

So, after rebooting with /etc/netplan/01-netcnf.yaml as

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes
      dhcp4-overrides:
        use-dns: no
      nameservers:
        addresses: [ 192.168.1.7 ]

and /etc/systemd/resolved.conf as

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
#DNS=
DNS=192.168.1.7
#FallbackDNS=
#Domains=
Domains=mydomain.com
#LLMNR=no
LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#Cache=yes
#DNSStubListener=yes

I have the following:

/run/resolvconf/resolv.conf isn't present on the system.

cat /run/systemd/resolve/resolv.conf produces:

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 192.168.1.7
nameserver IP1
nameserver IP2
# Too many DNS servers configured, the following entries may be ignored.
nameserver IP3
search mydomain.com <domain1>

where IP1, IP2, and IP3 match those in the original output of systemd-resolve --status.

cat /run/systemd/resolve/stub-resolv.conf produces:

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0
search mydomain.com <domain1>

Also, dpkg -l *dnsmasq* | grep ii produces:

ii  dnsmasq-base     2.79-1       amd64        Small caching DNS proxy and DHCP/TFTP server

and dpkg -l *dhcp* | grep ii produces:

ii  isc-dhcp-client      4.3.5-3ubuntu7.1 amd64        DHCP client for automatically obtaining an IP address
ii  isc-dhcp-common      4.3.5-3ubuntu7.1 amd64        common manpages relevant to all of the isc-dhcp packages

However, when I run ps aux | grep dns and ps aux | grep dh, no results are returned other than grep itself.

Edit 4

In case anyone's interested, the contents of /etc/systemd/network/05-eth0.network, minus the comments, were:

[Match]
Name=eth0

[Network]
DHCP=no
DNS=IP1 IP2 IP3
Domains=<domain1>
IPv6PrivacyExtensions=false

Gateway=the_gateway_ip
Address=my_public_ip
Address=my_private_ip

where IP1, IP2, and IP3 were the nameserver IPs that I needed to override, and domain1 was a domain name created by the hosting provider. The Gateway and two Address settings were the correct ones that I needed. I just wanted to override the DNS settings, so renaming the file to avoid its being used did the trick.

Many thanks in advance!

Since you specified "renderer: networkd", when you "sudo netplan generate" NetworkManager just gives an informational message that "eth0 is not for us". What I don't see in your post is that you've done a "sudo netplan apply" which is what makes a newly generated config active. You've otherwise got the right idea. — heynnema, Jan 25 '20 at 02:05
@heynnema Thanks for the suggestion. I just tried sudo netplan apply, and it executes without any errors. However, the output of systemd-resolve --status is still showing the original dhcp servers:( I should have mentioned that when I ran sudo netplan try, it asked me if I wanted to keep the new settings, which I indicated by pressing enter. — Andrew, Jan 25 '20 at 02:46
Is this a desktop or server configuration? Reboot, and then edit your question and show me ls -al /etc/resolv.conf and cat /etc/resolv.conf and cat /etc/systemd/resolved.conf and systemd-resolve --status. — heynnema, Jan 25 '20 at 03:49
And I just noticed that you're using the wrong eth0... it should be enp0s3... you'd better show me sudo lshw -C network. — heynnema, Jan 25 '20 at 03:55
@heynnema I added EDIT 2 to provide some more information. Also, when I grep the /etc/default/grub file, it produces the line GRUB_CMDLINE_LINUX="console=ttyS0,19200n8 net.ifnames=0". Is that significant? It sure looks strange... — Andrew, Jan 25 '20 at 14:44
@heynnema It might be useful to know at this point that the server is being provided by Linode, in case anyone has any experience with their configurations. I'll add a third edit to the question... — Andrew, Jan 25 '20 at 15:15
Lets see if I can remember all of the items I need to cover. 1) you didn't show me all of the info that I requested, and please don't redact info unless it's internal or company private, like the cat /etc/resolv.conf I needed to actually see the nameserver if it's not 127.0.0.53. Please review my previous comment and supply the full info 2) the net.ifnames=0 is what messed things up, in so far as the network devices have been reverted to the non-portable names... so your .yaml file that uses eth0 is correct, enp0s3 is not. 3) yes, you have a server, so there's no GUI. — heynnema, Jan 25 '20 at 15:39
@heynnema You are correct, the nameserver from /etc/resolv.conf is set to 127.0.0.53. You're also correct that the file is symlinked to /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf. I redacted it because it appeared to be a nonstandard loopback IP address, although I guess this was not true. I've never seen a loopback that ends in 53. You learn something new everyday, I suppose... — Andrew, Jan 25 '20 at 16:19
Thanks for the update. However, I still need to see cat /etc/systemd/resolved.conf and the full systemd-resolve --status. — heynnema, Jan 25 '20 at 16:21

Stephen Boston · Answer 1 · 2020-01-25T17:14:42.343

4

For a minimalist effective solution try this :

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

Now delete the link /etc/resolv.conf and create the /etc/resolv.conf as a plain text file listing only the DNS servers you want to use, for example

nameserver 192.168.1.7
search mydomain

Where mydomain is a local domain declared in your local DNS config. Example : in /etc/bind/zones (depending on your bind config)

If your device is mobile then your local DNS will fail of course so I include in my resolv.conf

 nameserver 1.1.1.1
 nameserver 1.0.0.1

... i.e the Cloudfare servers for example.

I find that with this setup the netplan DNS config is ignored.

This approach has been working for me without issue through the last few releases of Ubuntu.

I do this because systemd-resolve insists on listing my ISP DNS servers -- which I do not want to use.

edited Jan 25 '20 at 17:14

answered Jan 25 '20 at 17:07

Stephen Boston

3,944

I personally don't recommend disabling parts of the OS to make this work. Although DNS has been a touchy subject in recent releases, it can be made to work. – heynnema Jan 25 '20 at 17:45
Although I would prefer to use a netplan solution, the config changes in /etc/netplan/01-netcfg.yaml and /etc/systemd/resolved.conf don't seem to be having an affect after reboot. This answer may end up saving the day for me:) – Andrew Jan 25 '20 at 18:00
Oops, my mistake. The changes are taking place in the Global section output of systemd-resolve --status, but not in the section for eth0. I just added a comment to the same effect under @heynnema 's answer. Sorry about that. Still need to find a way to change settings for eth0, though... – Andrew Jan 25 '20 at 18:09
@Andrew With systemd-resolved disabled, and not running, your output for systemd-resolve --status is irrelevant. It is likely that you are looking at cached data. Disable, stop, and restart your system. – Stephen Boston Jan 26 '20 at 00:08
1

@Andrew systemd-resolved is not an essential part of the OS but an optional service offering as part of the systemd suite of services. systemd is an init and service management system. There are also some standard system services integrated with systemd but we don't have to use them.They are offered as a feature. Linux is a flexible OS. – Stephen Boston Jan 26 '20 at 00:13
@StephenBoston thanks for the advice. Sorry I'm a little slow at this stuff. I've written a couple unit files for programs that I worked on for personal use, but I still don't have a firm grasp of systemd, and before today I didn't even know that it had its own resolver... I'm still struggling with it, actually - the dig command is outputting ;; SERVER: 127.0.0.53#53(127.0.0.53), so even though the DNS server in systemd-resolve --status is now correct, I'm not sure the systemd resolver is using it... I'll write another comment as soon as I figure it out, or disable it altogether:) – Andrew Jan 26 '20 at 00:32
@StephenBoston It turns out everything was okay. I just needed to (1) accept incoming UDP on port 53 (not just TCP) on the nameserver via the firewall and (2) fix a couple settings in /etc/bind/named.conf.options. You make a good point, though. Hopefully, in time, when I learn more about the utitilies on the Ubuntu distro, I'll feel more comfortable choosing which to use and which to disable:) – Andrew Jan 26 '20 at 01:56

Andrew · Accepted Answer · 2020-01-26T20:33:24.970

I called the hosting provider, and they directed me to look at two configuration files. One was the netplan configuration file that I was aware of, but the other was /etc/systemd/network/05-eth0.network. After renaming the file by placing a . in front of its name and then rebooting the server, the changes that had been made to /etc/netplan/01-netcfg.yaml took affect for device eth0. I added the contents of the file to the last update in the question, in case it can help anyone.

heynnema · Answer 3 · 2020-01-26T00:05:23.967

2

Change your .yaml file back to the eth0 version that you had before...

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes
      dhcp4-overrides:
        use-dns: no
      nameservers:
        addresses: [192.168.1.7]

sudo netplan --debug generate
sudo netplan apply
reboot

/etc/systemd/resolved.conf should probably be edited to look something like this...

[Resolve]
DNS=192.168.1.7
#FallbackDNS=
Domains=put_your_domain_here
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes

reboot

systemd-resolve --status

Update #1:

Let's check the three possible symlinks for /etc/resolv.conf...

Using the eth0 .yaml file... and the modified /etc/systemd/resolved.conf... after a reboot...

Show me...

cat /run/resolvconf/resolv.conf

cat /run/systemd/resolve/resolv.conf

cat /run/systemd/resolve/stub-resolv.conf

Update #2:

Assuming that the dhcp4-overrides is broken, let's try this .yaml...

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [x.x.x.x/24]
      gateway4: x.x.x.1
      nameservers:
        addresses: [192.168.1.7]
        search: [mydomain, otherdomain]

sudo netplan --debug generate

sudo netplan apply

reboot

systemd-resolve --status

edited Jan 26 '20 at 00:05

answered Jan 25 '20 at 16:45

heynnema

70,711

Thanks for the suggestion, but altering /etc/systemd/resolved.conf isn't having any effect on the output of systemd-resolve --status. I found another question here that appears to confirm this observation for the LLMNR setting, which also appears in systemd-resolve --status. This answer suggests adding a file to /etc/systemd/network as an override... Haven't quite tried that yet. – Andrew Jan 25 '20 at 17:54
@Andrew before you do that... let's check your symlink for /etc/resolv.conf. Give me a couple of minutes to update my partial answer... – heynnema Jan 25 '20 at 17:56
@hyennema Hold on, I made a mistake. I was looking at the Link 2 (eth0) output of systemd-resolve. The Global section above it, however, is showing the new DNS server and DNS domain setting. You're suggestions are working, just for the global setting and not the eth0 setting... Sorry about that. So I guess the /etc/systemd/resolved.conf is taken into consideration for global settings... Is there a way to change things for eth0? – Andrew Jan 25 '20 at 18:06
@Andrew yes... that's why I requested to see the full output of systemd-resolve --status :-) See the update in my answer. – heynnema Jan 25 '20 at 18:09
@Andrew do you have dnsmasq installed? dpkg -l *dnsmasq* | grep ii, how about dpkg -l *dhcp* | grep ii? – heynnema Jan 25 '20 at 18:14
Thanks @heynnema, I've rebooted and cated the files you suggested - please see update 1 section:) – Andrew Jan 25 '20 at 18:54
@Andrew you may have a typo on the first symlink check. Please review it for me, update your update, and let me know. Also, in /etc/system/resolved.conf, you don't have to uncomment "#LLMNR=no", as "no" is the default. – heynnema Jan 25 '20 at 19:09
no, there's no typo. The /run/resolvconf directory does not exist. Just to double check, I ran ls -la /run | grep resolv, which doesn't output anything. Good catch about the default LLMNR setting, though:) – Andrew Jan 25 '20 at 19:13
I'm also confused that the /run/netplan directory does not exist... I'm new to netplan, so this might just be something I'm unfamiliar with... – Andrew Jan 25 '20 at 19:15
@Andrew re: "/run/systemd/resolve/stub-resolv.conf isn't present on the system" is incorrect then. Please see Update #2 in my answer. Fill in the appropriate info. – heynnema Jan 25 '20 at 19:17
@Andrew status please... – heynnema Jan 25 '20 at 21:19
Hi, I just called the hosting provider. They were aware of a file which I didn't know about. I'm going to upvote your answer as well as @Stephen Boston's answer. You guys have both been very helpful:) Thanks:) – Andrew Jan 25 '20 at 21:24
@Andrew that sounds like a netplan bug. It would be interesting to see if it actually cured the extra DNS servers we saw in cat /run/systemd/resolve/resolv.conf... and I'll bet it didn't. – heynnema Jan 25 '20 at 21:26
the extra servers are no longer present in systemd-resolve --status. The cause ended up being a configuration in /etc/systemd/network/05-eth0.network, which was adding the extra DNS servers for eth0. I added an answer to the post. It's not as impressive as yours or @Stephen Boston's, but it ended up solving the issue:) – Andrew Jan 25 '20 at 21:29
@Andrew curious minds want to know... show me cat /run/systemd/resolve/resolv.conf | grep nameserver. – heynnema Jan 25 '20 at 21:36
@Andrew And cat /etc/systemd/network/.05-eth0.network. – heynnema Jan 25 '20 at 21:42
Just added Edit 4. Also, cat /run/systemd/resolve/resolv.conf | grep nameserver produces nameserver 192.168.1.7, which is good now:) – Andrew Jan 25 '20 at 21:50
@Andrew please show me cat /run/systemd/resolve/resolv.conf | grep nameserver, and what does the new /etc/systemd/network/05-eth0.network look like. Sorry for the extra work, but I can learn something here too :-) – heynnema Jan 25 '20 at 21:56
Sure, no worries @heynnema it should be under Edit 4, at the bottom of the question. cat /run/systemd/resolve/resolv.conf | grep nameserver produces nameserver 192.168.1.7, so that's good now:) – Andrew Jan 25 '20 at 22:00

Rommi · Answer 4 · 2020-06-30T11:36:23.823

to prioritize IP 192.168.1.7 as your primari DNS server IP, use BRACKETS in netplan. check with resolvectl status or systemd-resolve --status, the order of your IP will be as you desired

but before proceed, maybe you need to reset your network

sudo apt install resolvconf
sudo systemctl start resolvconf.service
sudo systemctl enable resolvconf.service

and then to reset all network (your case should eth0. mine is ens33):

sudo resolvectl revert ens33

after reset you can edit netplan

network:
    version: 2
    ethernets:
        ens33:            # mine is ens33. you use your network interface  
            nameservers:
                addresses: [
                 192.168.1.7,
                 192.168.1.10
                ]
                search: [mydomain, otherdomain]

score 1 · Answer 5 · answered Aug 11 '20 at 08:56

1

For me it was just

sudo systemctl restart systemd-resolved

Ubuntu 20.04.1.

answered Aug 11 '20 at 08:56

uav

363
1
11

score 0 · Answer 6 · edited Aug 07 '20 at 09:18

0

ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

edited Aug 07 '20 at 09:18

Kulfy

17,696

answered Aug 07 '20 at 09:03

a friend

1

Warning re: symlinks: https://askubuntu.com/a/1091556/935172 – Jesse Nickles Jan 24 '21 at 09:35

Trouble Overriding DNS Servers via Netplan Config

6 Answers6

Linked