[kwlug-disc] Systemd resolv issue ...
Khalid Baheyeldin
kb at 2bits.com
Thu Feb 12 11:34:57 EST 2026
Thanks Chris, that is very helpful.
It seems there is a way to do per interface DNS (split DNS) using systemd.
Like this:
cat /etc/systemd/network/wg0.network
[Match]
Name=wg0
[Network]
DNS=10.10.0.1
Domains=priv
Then restart systemd-networkd, then wg-quick
When I do this, resolvectl shows:
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 3 (enp3s0)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS
DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1
DNS Domain: lan
Link 15 (wg0)
Current Scopes: none
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS
DNSSEC=no/unsupported
DNS Servers: 10.10.0.1
DNS Domain: priv
Which shows that 10.10.0.1 will be the DNS server for domain suffix .priv
No idea why DNS Domain is "lan" for the main ethernet connection.
But after doing all that, I cannot ping the 10.10.0.1 gateway, nor does
name lookup work on .priv hosts.
So I went back to your idea of adding PostUp, and completed it with PostDown
It looks like this:
PostUp = resolvectl dns %i 10.10.0.1
PostUp = resolvectl domain %i priv
PostDown = resolvectl revert %i
It seems to work so far.
I can ping and resolve everything (private and global)
Link 3 (enp3s0)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS
DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1
DNS Domain: lan
Link 16 (wg0)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS
DNSSEC=no/unsupported
Current DNS Server: 10.10.0.1
DNS Servers: 10.10.0.1
DNS Domain: priv
But there is +DefaultRoute on both interfaces ...
Many thanks Chris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20260212/a08e5918/attachment.htm>
More information about the kwlug-disc
mailing list