1

I've recently setup a CoreDNS server on my "local" tailscale VPN network. Chrome, dig, nslookup, and everything else works with the correct DNS server being queried (I've double checked using wireshark), but for some reason Firefox queries 127.0.0.1 instead of the IP of the DNS server (let's call it 1.2.3.4).

I'm using Ubuntu 22.04 with Gnome and I've installed resolvconf.service with the following /etc/resolvconf/resolv.conf.d/resolv.conf contents:

nameserver 1.2.3.4
nameserver 1.1.1.1

What I've tried so far:

  1. Disabling DoH
  2. Clearing Firefox's DNS cache
  3. Updating and reinstalling Firefox

I'm not entirely sure why:

  1. Firefox queries 127.0.0.1 while other tools query 1.2.3.4
  2. Even if it queries 127.0.0.1, why systemd-resolved doesn't redirect/point the query to 1.2.3.4
parsley72
  • 1,034
  • 5
  • 17
  • 36
gmelodie
  • 111
  • 3

1 Answers1

0

TL;DR

You have to have these lines on your /etc/systemd/resolved.conf (where 1.2.3.4 is your own DNS server and 1.1.1.1 is a fallback)

[Resolve]
DNS=1.2.3.4 1.1.1.1
DNSStubListener=yes
DNSStubListenerExtra=udp:127.0.0.1:53

Explanation

Firefox (at least right now) queries 127.0.0.1:53 whereas systemd-resolved listens on 127.0.0.53:53. The DNSStubListenerExtra line on the config file above will make systemd-resolved also listen on 127.0.0.1:53.

You can also use iptables to redirect 127.0.0.1:53 to 127.0.0.53:53:

sudo iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.53:53
gmelodie
  • 111
  • 3