Linux offers multiple methods to configure DNS servers depending on your distribution and network management system. This comprehensive guide covers all major approaches - from modern systemd-resolved to traditional resolv.conf, ensuring you can secure your DNS queries on any Linux system.
🐧 Linux DNS Methods Overview
- systemd-resolved: Modern systems (Ubuntu 18.04+, Fedora, Arch)
- NetworkManager: Desktop environments (GNOME, KDE)
- resolvconf: Traditional Debian/Ubuntu method
- Direct /etc/resolv.conf: Legacy/minimal systems
Recommended DNS Servers
TorGuard DNS (VPN Users Only)
| DNS Type | Primary DNS | Secondary DNS | Features |
|---|---|---|---|
| TorGuard Standard | 10.8.0.1 | 10.10.0.1 | No logs, VPN-only access |
| TorGuard Ad-Block | 10.9.0.1 | 10.11.0.1 | Blocks ads and trackers |
Public DNS Servers
| Provider | IPv4 Primary | IPv4 Secondary | IPv6 Primary | Features |
|---|---|---|---|---|
| Cloudflare | 1.1.1.1 | 1.0.0.1 | 2606:4700:4700::1111 | Fastest, privacy-focused |
| Quad9 | 9.9.9.9 | 149.112.112.112 | 2620:fe::fe | Malware blocking |
| 8.8.8.8 | 8.8.4.4 | 2001:4860:4860::8888 | Fast, reliable | |
| OpenDNS | 208.67.222.222 | 208.67.220.220 | 2620:119:35::35 | Content filtering |
Check Your Current DNS Configuration
First, identify which DNS management system your Linux uses:
# Check if using systemd-resolved
systemctl status systemd-resolved
# Check current DNS servers
resolvectl status # For systemd
nmcli dev show | grep DNS # For NetworkManager
cat /etc/resolv.conf # Traditional methodMethod 1: systemd-resolved (Ubuntu 18.04+, Fedora, Arch)
Option A: Using resolvectl (Recommended)
# Set DNS for specific interface
sudo resolvectl dns eth0 1.1.1.1 1.0.0.1
# Set DNS for all interfaces
sudo resolvectl dns 1.1.1.1 1.0.0.1
# Enable DNS over TLS
sudo resolvectl dnsovertls yes
# Make changes persistent
sudo systemctl restart systemd-resolvedOption B: Edit Configuration File
# Edit systemd-resolved configuration
sudo nano /etc/systemd/resolved.conf
# Add/modify these lines:
[Resolve]
DNS=1.1.1.1 1.0.0.1
FallbackDNS=9.9.9.9 149.112.112.112
DNSOverTLS=yes
DNSSEC=yes
DNSStubListener=yes
# Apply changes
sudo systemctl restart systemd-resolvedOption C: Using systemd-networkd
# Create network configuration
sudo nano /etc/systemd/network/20-wired.network
# Add content:
[Match]
Name=eth0
[Network]
DHCP=yes
DNS=1.1.1.1
DNS=1.0.0.1
# Enable and restart
sudo systemctl enable systemd-networkd
sudo systemctl restart systemd-networkdMethod 2: NetworkManager (GNOME, KDE)
GUI Method
- Open Network Settings (varies by desktop)
- Click gear icon next to your connection
- Go to IPv4/IPv6 tab
- Set DNS to "Manual" or "Automatic, addresses only"
- Enter DNS servers: 1.1.1.1, 1.0.0.1
- Apply changes
Command Line Method
# List connections
nmcli connection show
# Modify connection (replace 'Wired connection 1' with your connection name)
nmcli connection modify "Wired connection 1" ipv4.dns "1.1.1.1 1.0.0.1"
nmcli connection modify "Wired connection 1" ipv4.ignore-auto-dns yes
# For IPv6
nmcli connection modify "Wired connection 1" ipv6.dns "2606:4700:4700::1111 2606:4700:4700::1001"
# Apply changes
nmcli connection up "Wired connection 1"Method 3: resolvconf (Traditional Debian/Ubuntu)
# Install resolvconf if needed
sudo apt-get install resolvconf
# Edit base configuration
sudo nano /etc/resolvconf/resolv.conf.d/base
# Add DNS servers:
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0 trust-ad
# Update configuration
sudo resolvconf -u
# Make persistent across reboots
sudo systemctl enable resolvconf.serviceMethod 4: Direct /etc/resolv.conf Edit
Warning: This method may not persist through reboots or network changes on modern systems.
# Backup current configuration
sudo cp /etc/resolv.conf /etc/resolv.conf.backup
# Edit resolv.conf
sudo nano /etc/resolv.conf
# Add DNS servers:
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0
# Prevent overwriting (varies by system)
sudo chattr +i /etc/resolv.conf # Make immutable
# To undo: sudo chattr -i /etc/resolv.confDistribution-Specific Methods
Ubuntu 22.04+ (Netplan)
# Edit netplan configuration
sudo nano /etc/netplan/01-netcfg.yaml
# Example configuration:
network:
version: 2
renderer: NetworkManager
ethernets:
eth0:
dhcp4: true
nameservers:
addresses: [1.1.1.1, 1.0.0.1]
# Apply changes
sudo netplan applyFedora/RHEL/CentOS
# Using nmcli (preferred)
nmcli con mod "System eth0" ipv4.dns "1.1.1.1 1.0.0.1"
nmcli con up "System eth0"
# Or edit interface configuration
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
# Add: DNS1=1.1.1.1
# DNS2=1.0.0.1Arch Linux
# Using systemd-resolved (recommended)
sudo systemctl enable systemd-resolved
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
# Or using dhcpcd
echo "static domain_name_servers=1.1.1.1 1.0.0.1" | sudo tee -a /etc/dhcpcd.conf
sudo systemctl restart dhcpcdOpenSUSE
# Using YaST (GUI)
sudo yast2 dns
# Or edit config
sudo nano /etc/sysconfig/network/config
# Set: NETCONFIG_DNS_STATIC_SERVERS="1.1.1.1 1.0.0.1"Configure DNS over HTTPS (DoH)
Using cloudflared
# Install cloudflared
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
sudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflared
sudo chmod +x /usr/local/bin/cloudflared
# Create systemd service
sudo cloudflared service install
# Configure
sudo nano /etc/cloudflared/config.yml
# Add:
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.1/dns-query
- https://1.0.0.1/dns-query
# Start service
sudo systemctl start cloudflared
sudo systemctl enable cloudflared
# Point system DNS to cloudflared
# Add to your DNS configuration: 127.0.0.1Verify DNS Configuration
Test DNS Resolution
# Using dig
dig @1.1.1.1 google.com
# Using nslookup
nslookup google.com
# Using systemd-resolve
resolvectl query google.com
# Check which DNS server is being used
dig +short whoami.akamai.net @resolver1.opendns.comCheck for DNS Leaks
# Command line test
curl https://dnsleaktest.com/api/v1/leak-test
# Or visit in browser
firefox https://torguard.net/dns-leak-test.phpTroubleshooting Common Issues
DNS Not Resolving
# Flush DNS cache
sudo systemctl restart systemd-resolved
# Or
sudo systemd-resolve --flush-caches
# Test connectivity
ping -c 4 1.1.1.1
# Check service status
systemctl status systemd-resolved
journalctl -u systemd-resolvedChanges Revert After Reboot
- Check if NetworkManager is overriding settings
- Ensure resolvconf service is enabled
- Verify no DHCP client is overwriting DNS
- Check for immutable flag on resolv.conf
Slow DNS Resolution
# Test DNS response time
time dig google.com @1.1.1.1
time dig google.com @8.8.8.8
# Use fastest responding server
# Add to resolv.conf:
options timeout:1 attempts:1 rotateVPN and DNS Considerations
⚠️ Important for VPN Users
When using TorGuard VPN, the client automatically configures secure DNS to prevent leaks. Manual DNS changes may interfere with this protection.
Prevent DNS Leaks with VPN
# For OpenVPN, add to .ovpn file:
dhcp-option DNS 10.8.0.1
dhcp-option DNS 10.10.0.1
block-outside-dns
# For WireGuard, add to .conf:
DNS = 10.8.0.1, 10.10.0.1DNS Security Hardening
Enable DNSSEC
# For systemd-resolved
sudo nano /etc/systemd/resolved.conf
# Set: DNSSEC=yes
# Verify DNSSEC
dig +dnssec example.comUse DNS over TLS
# systemd-resolved (Ubuntu 20.04+)
sudo resolvectl dnsovertls yes
# Stubby alternative
sudo apt install stubby
sudo systemctl enable stubbyAutomation Scripts
Quick DNS Switcher
#!/bin/bash
# Save as ~/bin/dns-switch.sh
case "$1" in
cloudflare)
sudo resolvectl dns 1.1.1.1 1.0.0.1
echo "Switched to Cloudflare DNS"
;;
google)
sudo resolvectl dns 8.8.8.8 8.8.4.4
echo "Switched to Google DNS"
;;
torguard)
sudo resolvectl dns 10.8.0.1 10.10.0.1
echo "Switched to TorGuard DNS"
;;
*)
echo "Usage: $0 {cloudflare|google|torguard}"
;;
esac✅ Best Practices
- Always backup configuration before changes
- Test DNS resolution after changes
- Use encrypted DNS (DoH/DoT) when possible
- Monitor for DNS leaks regularly
- Document your configuration method
Need Linux DNS Help?
Our support team can assist with DNS configuration on any Linux distribution, troubleshooting issues, and optimizing for privacy.
Get Linux Support