How to set custom port for DNS in systemd-resolved

Question

I want to add local DNS server with port 8600 to systemd-resolved for request forwarding. I've tried to change /etc/systemd/resolved.conf like this

[Resolve]
DNS=127.0.0.1#8600

but this is not counts as a port (btw, : didn't works too)

Is there a way to do this?

score 1 · Answer 1 · answered Dec 26 '20 at 12:21

systemd-resolved is not really known for it's full-featured configuration options! But I think with a bit of iptables magic, you can get it to work with. First do something like this:

[Resolve]
DNS=127.0.0.52 #instead of 127.0.0.53 which is systemd-resolved itself.

You can of course choose any other number between 2-255. Just don't use 53 itself.

Then you have to redirect any packets headed for 127.0.0.1:53 to 127.0.0.52:53 with iptables. Here is my best untested attempt: (I don't have your environment to test this, correct me if I'm wrong)

iptables -t nat -I OUTPUT -d 127.0.0.1 --dport 53 -j REDIRECT --to-destination 127.0.0.52 --to-ports 53

and finally you should probably make this config persistent on reboots. iptables-persistent might help.

Some Helpful links:

I got this to work by changing the iptables rules a bit: ```iptables -t nat -A OUTPUT -d 127.0.0.52 -p udp -m udp --dport 53 -j REDIRECT --to-ports 8600``` and ```iptables -t nat -A OUTPUT -d 127.0.0.52 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 8600``` — David Tinker, May 21 '21 at 11:54

score 0 · Answer 2 · answered Jul 19 '22 at 12:31

0

you may simply specify the port(works with DoT at least):

[Resolve]
DNS=<ip>:<port>#<domain>
DNSOverTLS=yes

answered Jul 19 '22 at 12:31

raven

101
2

How to set custom port for DNS in systemd-resolved

2 Answers2