How do I disable the DNS service in Core 18?

I am building a pihole appliance for a friend, the service runs on port 53.

Ubuntu Core 18 comes with systemd-resolved running, and I’m looking for a way to turn it off so that pihole’s dnsmasq can run on that port.

Things I’ve tried:

  • Setting DNSStubListener=no in /dev/systemd/resolved.conf results in the host unable to resolve DNS for itself.
    • Also tried setting a DNS= and FallbackDNS= entry here with no success
  • Can’t mess with the /etc/resolv.conf symlink because the fs is read only.
  • /run/systemd/resolve/stub-resolv.conf is where the resolv.conf symlink ends up. Chaning it here works but I am unsure how I can make this setting stick through a reboot.
  • Adding an entry in /etc/netplan/00-snapd-config.yaml and then generating/applying also doesn’t seem to work and survive reboots. Running console-conf manually doesn’t even ask me to set a DNS server.

Any tips/ideas? Thanks in advance!

looking at

it seems like the network-control interface offers you access to the dbus interface of systemd-resolved, perhaps you can create some wrapper service that utilizes it to set the right DNS entries on boot ?

1 Like

It seems you should be able to use busctl to access the DBus interface of systemd-resolved.

I came across a similar issue when trying to run Adguard on a Raspberry Pi3. I could connect to it online but listen udp bind: address was already in use. Is there a way to disable onboard dns and allow Adguard to be the dns server?

1 Like

I doubt anything an interface provides could help here, no matter how you mangle the config, systemd-resolved would still listen on port 53 if you dont stop it somehow …

i guess that might have to become a snapd config option … i.e.:

snap set system service.resolved.disable=true

(which you could then set from a custom gadget.yaml entry)

@mvo or @pedronis might perhaps have better ideas though …

This blocks the ability for us to easily create and run a network appliance (think Pi-Hole) which does DNS using our stock core images. It would be great if we could indeed prevent certain services from running so an appliance / application can replace that functionality.

Turns out I may be incorrect. If you bind the snapped dns server onto the single IP address of the device, it works perfectly.


On the latest UC22, this problem is still around. There’s a built-in DNS server, that we can disable easily by setting DNSStubListener=no, but that breaks the machine as the local DNS settings still point to localhost.

I am unable to change /etc/resolv.conf symlink to point to the network interface /run/systemd/resolve/resolv.conf doesn’t work as the file system is readonly.

Any documented solution to this?