How do I disable the DNS service in Core 18?

jorge · January 27, 2019, 9:46pm

I am building a pihole appliance for a friend, the service runs on port 53.

Ubuntu Core 18 comes with systemd-resolved running, and I’m looking for a way to turn it off so that pihole’s dnsmasq can run on that port.

Things I’ve tried:

Setting DNSStubListener=no in /dev/systemd/resolved.conf results in the host unable to resolve DNS for itself.
- Also tried setting a DNS= and FallbackDNS= entry here with no success
Can’t mess with the /etc/resolv.conf symlink because the fs is read only.
/run/systemd/resolve/stub-resolv.conf is where the resolv.conf symlink ends up. Chaning it here works but I am unsure how I can make this setting stick through a reboot.
Adding an entry in /etc/netplan/00-snapd-config.yaml and then generating/applying also doesn’t seem to work and survive reboots. Running console-conf manually doesn’t even ask me to set a DNS server.

Any tips/ideas? Thanks in advance!

ogra · January 28, 2019, 12:11pm

looking at

github.com

snapcore/snapd/blob/master/interfaces/builtin/network_control.go

// -*- Mode: Go; indent-tabs-mode: t -*-

/*
 * Copyright (C) 2016-2017 Canonical Ltd
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3 as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

package builtin

This file has been truncated. show original

it seems like the network-control interface offers you access to the dbus interface of systemd-resolved, perhaps you can create some wrapper service that utilizes it to set the right DNS entries on boot ?

yala · February 18, 2019, 8:13pm

It seems you should be able to use busctl to access the DBus interface of systemd-resolved.

github.com

jonathanio/update-systemd-resolved/blob/master/update-systemd-resolved#L103-L137


if [[ "${#dns_servers[*]}" -gt 0 ]]; then
  busctl_params=("$if_index" "$dns_server_count" "${dns_servers[@]}")
  info "SetLinkDNS(${busctl_params[*]})"
  busctl_call SetLinkDNS 'ia(iay)' "${busctl_params[@]}" || return $?
fi
if [[ "${#dns_domain[*]}" -gt 0 \
   || "${#dns_search[*]}" -gt 0 \
   || "${#dns_routed[*]}" -gt 0 ]]; then
  dns_count=$((dns_domain_count+dns_search_count+dns_routed_count))
  busctl_params=("$if_index" "$dns_count")
  if [[ "${#dns_domain[*]}" -gt 0 ]]; then
    busctl_params+=("${dns_domain[@]}")
  fi
  if [[ "${#dns_search[*]}" -gt 0 ]]; then
    busctl_params+=("${dns_search[@]}")
  fi
  if [[ "${#dns_routed[*]}" -gt 0 ]]; then
    busctl_params+=("${dns_routed[@]}")
  fi

This file has been truncated. show original

rhys-davies · April 28, 2020, 4:06pm

I came across a similar issue when trying to run Adguard on a Raspberry Pi3. I could connect to it online but listen udp 0.0.0.0:53: bind: address was already in use. Is there a way to disable onboard dns and allow Adguard to be the dns server?

ogra · April 29, 2020, 9:14am

I doubt anything an interface provides could help here, no matter how you mangle the config, systemd-resolved would still listen on port 53 if you dont stop it somehow …

i guess that might have to become a snapd config option … i.e.:

snap set system service.resolved.disable=true

(which you could then set from a custom gadget.yaml entry)

@mvo or @pedronis might perhaps have better ideas though …

popey · April 29, 2020, 11:45am

This blocks the ability for us to easily create and run a network appliance (think Pi-Hole) which does DNS using our stock core images. It would be great if we could indeed prevent certain services from running so an appliance / application can replace that functionality.

popey · May 1, 2020, 8:45pm

Turns out I may be incorrect. If you bind the snapped dns server onto the single IP address of the device, it works perfectly.

catalinadler · August 1, 2022, 6:09am

On the latest UC22, this problem is still around. There’s a built-in DNS server, that we can disable easily by setting DNSStubListener=no, but that breaks the machine as the local DNS settings still point to localhost.

I am unable to change /etc/resolv.conf symlink to point to the network interface /run/systemd/resolve/resolv.conf doesn’t work as the file system is readonly.

Any documented solution to this?

Thanks!