openresolv

There are two ways of configuring systemd-resolved.

This subscriber configures systemd-resolved just as any other DNS resolver, by writing out a global DNS config file and then a DNS delegate file per domain. As of writing, systemd does not support DNS delegation, but should do in the future. Once it supports DNS delegation, systemd-resolved should then support all the openresolv features.

systemd_resolved=YES

This subscriber configures systemd-resolved using resolvectl. This has the advantage that resolvectl will clearly show from which interface the DNS setup came from, but it has the disadvantage that resolvconf may have entries that cannot be tied to any interface. Also, there is an element of guesswork to match an interface exactly, especially for vlans, but it should still be accurate enough.

If any resolvconf entry for the interface is marked -p private or -pp nosearch then the whole interface is marked as such.

Lastly, because the addition and removal of a resolvconf entry can affect the exposed state of other entries to the resolver, this subscriber has to process every interface on each update. As such, it’s slow.

resolvectl=YES

It’s important to mention the libc subscriber here. systemd-resolved by default installs a symlink to /etc/resolv.conf from it’s stub resolv.conf which it maintains like resolvconf.

You can stop openresolv from writing to it like so:

# Don't write to /etc/resolv.conf
libc=NO

However, you then lose the deprecated entry feature and the priority of resolvconf entries which maybe important for some users. To regain these, don’t disable libc as above and ensure that /etc/resolv.conf is not a symlink to a systemd file.