Configuring systemd-resolved for bind9 DNS Server on Ubuntu 20.04

Ubuntu 20.04 and newer versions use systemd-resolved for DNS resolution by default, which binds to port 53. If you plan to set up a bind9 DNS server on an Ubuntu 20.04 machine, you must configure systemd-resolved appropriately to avoid port conflicts. Here’s a step-by-step guide to doing so.

Why Does Ubuntu Take Over Port 53?

In Ubuntu 20.04 and above, systemd-resolved is responsible for network name resolution and listens on port 53, typically on the local loopback interface (127.0.0.53). This service provides several benefits, including:

• Centralized DNS resolution management.
• DNS caching to improve performance for frequently accessed domains.
• Dynamic DNS settings based on network configuration.
• Support for DNSSEC and DNS-over-TLS for secure DNS lookups.

However, if you are running a bind9 DNS server on the same machine, you need to either disable or reconfigure systemd-resolved to free up port 53 for bind9.

Steps to Configure systemd-resolved for bind9

1. Stop and Disable systemd-resolved

To avoid conflicts, you can stop and disable systemd-resolved:

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

2. Remove the /etc/resolv.conf Symlink

By default, systemd-resolved manages the /etc/resolv.conf file. You need to remove the symlink so that you can manually manage this file:

sudo unlink /etc/resolv.conf

3. Create a New /etc/resolv.conf File

Create a new /etc/resolv.conf file and specify a DNS server for the machine’s own DNS resolution. You can either use an external DNS server, such as Google’s:

nameserver 8.8.8.8

Or, if the machine will resolve DNS queries itself through bind9, use:

nameserver 127.0.0.1

4. Configure bind9 to Listen on Port 53

Ensure that bind9 is configured to listen on port 53. Edit the named.conf.options file, typically located at /etc/bind/named.conf.options, and verify that the following settings are in place:

options {
    listen-on { any; };   # Listen on all interfaces
    listen-on-v6 { any; }; # For IPv6 support
};

5. Enable and Start bind9

Once the configuration is complete, enable and start the bind9 service:

sudo systemctl enable bind9
sudo systemctl start bind9

6. Verify the DNS Server is Running

You can check the status of the bind9 service and ensure it’s listening on port 53:

sudo systemctl status bind9
sudo netstat -plntu | grep :53

Optional: Re-enable systemd-resolved for Local Caching

If you want to use systemd-resolved for local DNS caching while letting bind9 handle external DNS requests, you can configure it to avoid binding to port 53. Edit the /etc/systemd/resolved.conf file:

sudo nano /etc/systemd/resolved.conf

Then set:

DNSStubListener=no

Finally, restart the service:

sudo systemctl restart systemd-resolved

This allows systemd-resolved to provide local DNS resolution without conflicting with bind9.