In this article

Some Linux distributions, including Ubuntu, run the systemd-resolved service by default. This service can interfere with the DNS Relay in binary deployments by binding to port 53 before the Relay starts. Use this article to disable the DNS stub listener and configure the system resolver manually to allow the Relay to bind to port 53.

Complete these steps before starting the Relay. If the Relay is already running, stop it first using relay-manager stop.

1. Open /etc/systemd/resolved.conf and set DNSStubListener=no to free up port 53:

   sudo nano /etc/systemd/resolved.conf

2. Remove the existing symlink pointing to the systemd-resolved stub resolver:

   sudo rm /etc/resolv.conf

3. Stop the systemd-resolved service:

   sudo systemctl stop systemd-resolved

4. Disable systemd-resolved to prevent it from starting on reboot:

   sudo systemctl disable systemd-resolved

5. Create a new /etc/resolv.conf file and add public DNS resolvers for the Relay to use upstream:

   sudo nano /etc/resolv.conf

   Add the following:

   nameserver 8.8.8.8
   nameserver 1.1.1.1

6. Lock the file as immutable to prevent NetworkManager or DHCP from overwriting it:

   sudo chattr +i /etc/resolv.conf

7. Start the DNS Relay:

   sudo relay-manager start

The Relay will now bind to port 53 without conflicts from systemd-resolved.