WiKi ArchLinux : systemd-resolved

systemd-resolved is a system service that provides network name resolution to local applications by implementing a caching DNS stub resolver, as well as LLMNR and MulticastDNS (mDNS) resolvers. It offers several interfaces for name resolution, including the nss-resolve NSS module, a local DNS stub listener on 127.0.0.53, and a D-Bus API. Key features include DNSSEC validation, DNS-over-TLS support, and the ability to manage DNS lookups through routing rules.

Key features

• Caching and stub resolver: It caches DNS queries to improve performance and acts as a validating stub resolver for DNS and DNSSEC.
• Multiple resolution protocols: It handles traditional unicast DNS, as well as Link-Local Multicast Name Resolution (LLMNR) and Multicast DNS (mDNS) for local name resolution.
• Interfaces for applications: Applications can use systemd-resolved via:
  • The nss-resolve module, which is integrated into the standard GNU C Library (glibc) resolver functions.
  • A local DNS stub listener on 127.0.0.53 (IPv4 only), which local applications can query directly.
  • A D-Bus API for more direct control.
• DNSSEC support: It validates DNSSEC records to ensure the authenticity of DNS data.
• DNS-over-TLS (DoT): It can be configured to use DoT for encrypted DNS communication.
• Split DNS: It is more effective at routing DNS queries through the correct server, which is especially beneficial when using a VPN.