System Services and systemd: What does systemd-resolved do and how is it different from the old resolv.conf?

Dr Chris Paton

Frequently Asked Question

What does systemd-resolved do and how is it different from the old resolv.conf?

systemd-resolved is a local DNS resolver. It runs as a service, exposes a stub listener on 127.0.0.53, and provides name resolution to the rest of the system via that address, a /etc/resolv.conf symlink, a glibc NSS module (nss-resolve), and a D-Bus API. Its main features are caching, per-link DNS servers (different DNS for different network interfaces, useful when on a VPN), DNSSEC validation, DNS-over-TLS, and support for split-horizon "search domains".

The traditional Unix approach was a static /etc/resolv.conf parsed directly by every program through glibc's resolver. That worked fine on a server with a fixed network, but it was awkward on laptops that constantly change networks and on VPNs that want a private DNS just for their domain. systemd-resolved centralises that logic so each program gets consistent answers, but it does add a layer: querying systemd-resolved's configured upstream and current state needs resolvectl rather than cat /etc/resolv. conf.

What does systemd-resolved do and how is it different from the old resolv.conf?

Further reading and video