How do I disable the DNS service in Core 18?

I am building a pihole appliance for a friend, the service runs on port 53.

Ubuntu Core 18 comes with systemd-resolved running, and I’m looking for a way to turn it off so that pihole’s dnsmasq can run on that port.

Things I’ve tried:

  • Setting DNSStubListener=no in /dev/systemd/resolved.conf results in the host unable to resolve DNS for itself.
    • Also tried setting a DNS= and FallbackDNS= entry here with no success
  • Can’t mess with the /etc/resolv.conf symlink because the fs is read only.
  • /run/systemd/resolve/stub-resolv.conf is where the resolv.conf symlink ends up. Chaning it here works but I am unsure how I can make this setting stick through a reboot.
  • Adding an entry in /etc/netplan/00-snapd-config.yaml and then generating/applying also doesn’t seem to work and survive reboots. Running console-conf manually doesn’t even ask me to set a DNS server.

Any tips/ideas? Thanks in advance!

looking at

it seems like the network-control interface offers you access to the dbus interface of systemd-resolved, perhaps you can create some wrapper service that utilizes it to set the right DNS entries on boot ?

1 Like

It seems you should be able to use busctl to access the DBus interface of systemd-resolved.

I came across a similar issue when trying to run Adguard on a Raspberry Pi3. I could connect to it online but listen udp 0.0.0.0:53: bind: address was already in use. Is there a way to disable onboard dns and allow Adguard to be the dns server?

1 Like

I doubt anything an interface provides could help here, no matter how you mangle the config, systemd-resolved would still listen on port 53 if you dont stop it somehow …

i guess that might have to become a snapd config option … i.e.:

snap set system service.resolved.disable=true

(which you could then set from a custom gadget.yaml entry)

@mvo or @pedronis might perhaps have better ideas though …

This blocks the ability for us to easily create and run a network appliance (think Pi-Hole) which does DNS using our stock core images. It would be great if we could indeed prevent certain services from running so an appliance / application can replace that functionality.

Turns out I may be incorrect. If you bind the snapped dns server onto the single IP address of the device, it works perfectly.

2 Likes

On the latest UC22, this problem is still around. There’s a built-in DNS server, that we can disable easily by setting DNSStubListener=no, but that breaks the machine as the local DNS settings still point to localhost.

I am unable to change /etc/resolv.conf symlink to point to the network interface /run/systemd/resolve/resolv.conf doesn’t work as the file system is readonly.

Any documented solution to this?

Thanks!