Slow DNS and Quad9 Discovery

For longer than I'd like to admit (since I've had this Linux laptop from Tuxedo Computers), I've noticed that pages take a few beats longer than they do on any other device in my home. I remember looking into this briefly a while back but I didn't really get a fix or dig too deep into it. Suspecting that it was a DNS issue I started poking around and looked at /etc/resolv.conf and saw an odd nameserver entry in there:

nameserver 127.0.0.53
nameserver 8.8.8.8

The top of the file says that /etc/resolv.conf is dynamically generated so I eventually found out that systemd-resolved is a systemd service that controls the file via this helpful StackExchange answer:

Stack Exchange answer

And then on arch linux I found this helpful bit:

The resolver can be configured by editing /etc/systemd/resolved.conf and/or drop-in .conf files in /etc/systemd/resolved.conf.d/. 
See resolved.conf(5).

To use systemd-resolved start and enable systemd-resolved.service. 

Arch Linux Wiki (Systemd-resolved)

Which lead me to editing /etc/systemd/resolved.conf... which mentioned something about alternative DNS servers in the commments. Seeing how I'm a privacy nerd, I saw the one for quad9 down near the bottom of the comments

So I start looking into quad9 and it looks like a sweet and free DNS resolver. Based on the website, this part (among the other services it provides) hooked me:

The system uses threat intelligence from more than a dozen of the industry’s leading cybersecurity companies to give a real-time perspective on what websites are safe and what sites are known to include malware or other threats.

So back to my slow DNS issue. It turns out that when I was ran:

dig google.com

nameserver 127.0.0.53 was failing 3 times, which was what was causing the slowdown. The solution (from somewhere else on the internet) was to disable the DNSStubListener in the /etc/systemd/resolved.conf:

DNSStubListener=no

and restart the service

sudo systemctl restart systemd-resolved

I know that I can configure my router / DHCP server to use quad9, but I wanted to figure out how to do it this way, so I can fix my gemini server to use the same. So here are the settins I use in /etc/systemd/resolved.conf:

DNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
#FallbackDNS=
#Domains=
DNSSEC=yes
DNSOverTLS=yes
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

I did another restart, ran "dig google.com" and saw that 9.9.9.9 was my DNS!

Happy day.

-----

2024-01-22

Tags: DNS, quad9

Gritty

Replies

Gemini Mention this log

Submit a response URL

Send replies to:

gritty@smallweb.space

Gemlog Index

Capsule Home