This is part 5 of my series of posts about making Linux Mint my daily driver.

Feb 2025 update: In my opinion, a day without learning something new is a wasted day. There are a number of ways to deal with the whole systemd-resolved issue, this is just one of them. One of the better ones is to configure /etc/systemd/resolved.conf properly, but that’s something for a future post.

Last time we looked at Gaming on Linux Mint, this time we look at a slightly better way of using dnsmasq instead of systemd-resolved for DNS.

Update on 2024-08-23: So there was another systemd update and it stomped all over my custom setup, creating a symlink /etc/resolv.conf pointing to a file in /run/systemd/ that doesn’t exist. I had to remove that and add a new one with the contents nameserver ::1 (This will probably have to be done every time systemd is updated). I also had to add listen-address=::1 to /etc/NetworkManager/dnsmasq.d/local.conf. I’ve updated the description below with this new info.

But first

Most Linux distributions these days make use of systemd for system services, it’s pretty much the standard these days. While systemd is good, there is one internal service in it that annoys many people. This is the beast known as systemd-resolved, which is supposed to manage how your computer translates names like google.com to IP addresses so the computer can talk to them. It does this by looking at what information is provided by things like your ISP or local network services like DHCP, and usually it works just fine.

While systemd-resolved is fine for most scenarios, there are cases where it just doesn’t do what you need, for example when you need some domains to be resolved using other DNS servers. For example, imagine you are connected to a corporate VPN, your company uses work.local as the DNS domain for internal resources and the DNS server for that is 192.168.1.1 and 192.168.1.2. You need some way to send DNS requests for names like fileserver.work.local to 192.168.1.1 or 192.168.1.2 instead of your ISP’s DNS server.

I think most people can agree that systemd-resolved is not an easy thing to do custom configurations on, many people think it’s a terrible tool. So we need to be able to change what our system uses for DNS, I describe one solution in my post Using dnsmasq on Ubuntu or Mint, but I ran into a small issue I describe below.

An aside first. While investigating my issue and looking for a better way, I looked at the Linux Mint forums. One of the posts was from someone who was getting very frustrated with systemd-resolved, and below is one of the responses they got.

(Note I had to blur out a phrase that the OP used in their frustration with systemd-resolved)

This response is, in my opinion, over aggressive and utterly unhelpful. Telling someone to go away and use a completely different distribution because they don’t like one component? Really Moonstone Man? This makes me think maybe you need to go use a different distribution, maybe Arch.

So the problem with my previous solution

While my previous solution did in fact work, it ignores a different tool on Linux Mint that I’m finding more and more useful as time goes by. This being NetworkManager. I think this is what caused my issue as well.

So what was the problem, you say? I’m in the habit of checking for and installing software updates every day, because Security Is Important. A couple of days ago systemd was one of the packages that needed to be updated. All fine and dandy, except that the update ignored the fact that I’d disabled systemd-resolved in favour of dnsmasq, and enabled it again. Suddenly the hundreds of work machines I need to be able to connect to over the VPN were no longer DNS resolvable and I had to go do the process of disabling systemd-resolved again and changing my /etc/resolv.conf again.

The new solution

Before we get started, let me make it clear that I have no idea at all if this will solve the problem I describe above, the only way to find out is to wait until there is a systemd update again.

So the more Linux Mint way of switching to dnsmasq is to use the NetworkManager system.

One caveat: If you have used the process I’ve described before, there is an extra step shown below.

NetworkManager can be set to run its own copy of dnsmasq and use that as the DNS resolver. We set that up by creating some dnsmasq configuration files in /etc/NetworkManager/dnsmasq.d/ and then editing /etc/NetworkManager/NetworkManager.conf to tell NetworkManager to use dnsmasq.

The dnsmasq configuration is the same as in my previous post, except the configuration goes in /etc/NetworkManager/dnsmasq.d/local.conf instead of /etc/dnsmasq.conf. Here’s an example of what could go in there:

listen-address=::1port=53
clear-on-reload # I put this in so the dnsmasq cache is cleared if I reload
server=/work.local/192.168.1.1 # work.local has DNS at 192.168.1.1
server=/work.local/192.168.1.2 # work.local also has DNS at 192.168.1.2
server=1.1.1.1 # DNS server for everything else

The next configuration file we need to edit is /etc/NetworkManager/NetworkManager.conf, this is the main configuration file for NetworkManager. In this file you will find a line that says [main], just after that, add a line that says dns=dnsmasq.

Extra step: If you have used something like my previous method, now is the time to disable and stop the already running dnamasq: sudo systemctl disable dnsmasq.service && sudo systemctl stop dnsmasq.service

Next, we want to stop and disable systemd-resolved: sudo systemctl disable systemd-resolved.service && sudo systemctl stop systemd-resolved.service

The next steps will probably have to be repeated every time systemd is updated, I just made a script called /root/bin/systemdfix.sh that does this and run it if I find I can’t DNS resolve anything.

Now we also need to get rid of the (wrong) resolv.conf file: sudo rm /etc/resolv.conf

And create a new one that uses dnsmasq (NetworkManager can also be weird): echo 'nameserver ::1' | sudo tee /etc/resolv.conf

Finally, we want to give NetworkManager a nudge so it starts its own dnsmasq service and starts using it: sudo systemctl restart NetworkManager.service

And that’s it, we have dnsmasq handling our special DNS needs. Now we wait to see if systemd will stomp all over our configuration again the next time there is an update.