After upgrading my 16.04-installation to 16.10, I have trouble with DNS.
First I got problems a couple of times when connected to WiFi, while it worked on ethernet. Now it seems to work on WiFi also. Not sure why, and if it is in any way related to the problem I face now:
When connecting to a VPN host with Cisco Anyconnect VPN, it adds a line in '/etc/resolv.conf'. I understand that Ubuntu is now using systemd-resolve, and the man page says that there are three different modes for handling /etc/resolv.conf. My /etc/resolv.conf is not a symlink, and does not list 127.0.0.53 as a DNS server, so as far as I understand systemd-resolved should "read it for DNS configuration data". However, it does not seem to care about it.
The strange thing (for me) is that
dig host.customer.tld, returns a nice answer with an ANSWER SECTION showing the ip of the requested host, and it refers to the dns server added to /etc/resolv.conf by vpn client as the SERVER. When vpn connection is disabled I get no answer. I.e. dig reads /etc/resolv.conf.
The browser, on the other side, does not get to /etc/resolv.conf, and is not able to resolve the host name. Neither is ping/curl, by the way.
I found a related post, and tried running
nmcli device show <interfacename> | grep IP4.DNS
but it lists no dns for the cscotun0 device. (It does not in 16.04 neither, though.) Also, nmcli lists my dhcp server (my router) as IP4.DNS host for my eth/wlan connections. Using
dig @192.168.0.1 xxx for any public domain works fine.
There are some other DNS servers listed in my /run/systemd/resolve/resolv.conf:
# Too many DNS servers configured, the following entries may be ignored.
These are not served by my DHCP server. the file /etc/systemd/resolved.conf contains only commented lines, except the section header:
#FallbackDNS=184.108.40.206 220.127.116.11 2001:4860:4860::8888 2001:4860:4860::8844
The man page for resolved.conf says that
A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers.
For compatibility reasons, if this setting is not specified, the DNS servers
listed in /etc/resolv.conf are used instead, if that file exists and any
servers are configured in it. This setting defaults to the empty list.
A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS
servers. Any per-link DNS servers obtained from systemd-networkd.service(8)
take precedence over this setting, as do any servers set via DNS= above or
/etc/resolv.conf. This setting is hence only used if no other DNS server
information is known. If this option is not given, a compiled-in list of DNS servers is used instead.
Seems like the fallback ends up in /run/systemd/resolve/resolv.conf in my case.
EDIT: I was not certain what was the problem, and to be honest I still don't know exactly how this works, but at least it turned out that the solution in my case was to disable the
systemd-resolved service. I thought that service was required, that it was the component that provided DNS service to all the local applications, but apparently there are something else in there doing that job.