DNS Configuration on Ubuntu-Based Linux

Change, verify, prioritize, and reset DNS settings on Ubuntu 24.04-based desktops and servers using nmcli, Netplan, and systemd-resolved.

Beginner Curated Guidance Updated 12 min read Tested on Zorin OS 18.1 Pro (Ubuntu 24.04 Noble base) Hardware Lenovo ThinkPad L14 Gen 2

What This Guide Achieves

By the end of this guide you will know how to:

GoalStatus
See which DNS servers Ubuntu is currently usingCovered
Change DNS for one Wi-Fi or Ethernet profileCovered
Force a profile to ignore router-provided DNSCovered
Understand what happens when you move to another Wi-Fi networkCovered
Reset DNS back to automatic DHCP behaviorCovered
Use Netplan for server-style DNS configurationCovered
Understand when systemd-resolved global DNS is usefulCovered

The Problem

On Windows, DNS is usually hidden behind adapter settings or router settings. On Ubuntu-based Linux, DNS can come from several layers:

  • your Wi-Fi router through DHCP
  • your NetworkManager connection profile
  • Netplan configuration
  • systemd-resolved
  • a VPN or corporate network profile
  • browser-level DNS-over-HTTPS settings

That makes one question confusing:

“I added 8.8.8.8, so why is Ubuntu still using my router DNS first?”

The answer is usually that you added a manual DNS server, but you did not tell Ubuntu to ignore the automatic DNS servers from DHCP. In that case, both lists can exist at the same time, and the router DNS may still appear first.

Quick Recommendation

For most Ubuntu 24.04-based desktop users:

  • use nmcli
  • configure DNS per Wi-Fi or Ethernet profile
  • do not edit /etc/resolv.conf
  • do not use Netplan unless you are managing server-style networking

For Ubuntu servers or minimal installs:

  • use Netplan
  • apply changes with sudo netplan try before sudo netplan apply

For global resolver defaults:

  • use a systemd-resolved drop-in
  • understand that per-link DNS from NetworkManager or Netplan may still take precedence

DNS Providers You Can Use

There is no universal “best” DNS provider. Pick based on trust, reliability, privacy policy, and whether the network you are on requires internal DNS.

ProviderIPv4 DNSIPv6 DNSNotes
Cloudflare1.1.1.1 1.0.0.12606:4700:4700::1111 2606:4700:4700::1001Popular public resolver
Google8.8.8.8 8.8.4.42001:4860:4860::8888 2001:4860:4860::8844Common and easy to remember
Quad99.9.9.9 149.112.112.1122620:fe::fe 2620:fe::9Security-filtering public resolver
Router/ISP defaultassigned automaticallyassigned automaticallyOften best for local/captive/campus networks

If you are on a university, office, hotel, public Wi-Fi, VPN, or captive portal network, forcing public DNS can break login pages or internal hostnames.

Before You Change Anything

Find your active connection and device:

nmcli con show --active

Example output:

NAME    UUID                                  TYPE  DEVICE
BIGD-5  4d5b5bc8-77ae-4253-b4cf-a2141168dae9  wifi  wlp9s0

In this example:

  • connection profile name: BIGD-5
  • network device name: wlp9s0

List every saved profile:

nmcli con show

List every network device:

nmcli device status

Use the connection profile name for nmcli con mod. If the name contains spaces, always quote it.

Verify Current DNS

The most useful command on Ubuntu 24.04-based systems is:

resolvectl status

Look for the active link, usually your Wi-Fi device such as wlp9s0 or your Ethernet device such as enp0s31f6.

Example:

Link 3 (wlp9s0)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 202.84.32.2
       DNS Servers: 202.84.32.2 202.84.33.3 8.8.8.8

This means Ubuntu knows about 8.8.8.8, but the router-provided DNS servers are still first.

You can also ask NetworkManager what DNS it has for a device:

nmcli device show wlp9s0 | grep IP4.DNS

Replace wlp9s0 with your actual device name.

Method 1 - Set DNS for One Desktop Connection with nmcli

This is the best method for normal Ubuntu-based desktops using NetworkManager.

Step 1 - Set DNS Servers

Replace BIGD-5 with your connection profile name.

sudo nmcli con mod "BIGD-5" ipv4.dns "8.8.8.8 8.8.4.4"

This adds Google DNS to that specific saved Wi-Fi profile.

If you prefer Cloudflare:

sudo nmcli con mod "BIGD-5" ipv4.dns "1.1.1.1 1.0.0.1"

If you prefer Quad9:

sudo nmcli con mod "BIGD-5" ipv4.dns "9.9.9.9 149.112.112.112"

Step 2 - Decide Whether to Keep Router DNS

If you only run the previous command, your manual DNS may be added after your router or ISP DNS.

That is useful if you want a fallback, but it does not force Ubuntu to use your DNS first.

To use only your manual DNS and ignore DNS from the router:

sudo nmcli con mod "BIGD-5" ipv4.ignore-auto-dns yes

Step 3 - Prefer This Connection’s DNS

If you have multiple active connections, such as Wi-Fi plus VPN, DNS priority matters.

Lower numbers have higher priority. Negative values are stronger and can exclude DNS from profiles with higher numerical priority.

sudo nmcli con mod "BIGD-5" ipv4.dns-priority -1

For a normal laptop on one Wi-Fi network, this is often enough. Be careful on corporate VPNs, because VPN DNS may be required for internal work domains.

Step 4 - Apply the Change

Restart the connection profile:

sudo nmcli con up "BIGD-5"

This may briefly disconnect and reconnect your network.

If you are connected over SSH, do not restart the active network connection unless you have another way back in.

Step 5 - Verify

resolvectl status

Expected result after forcing manual DNS:

Link 3 (wlp9s0)
    Current Scopes: DNS
Current DNS Server: 8.8.8.8
       DNS Servers: 8.8.8.8 8.8.4.4

If you still see router DNS first, check that both of these are set:

nmcli con show "BIGD-5" | grep ipv4.dns

You should see:

ipv4.dns:              8.8.8.8,8.8.4.4
ipv4.ignore-auto-dns:  yes
ipv4.dns-priority:    -1

What Happens When You Go to Another Wi-Fi Network?

NetworkManager stores DNS settings per connection profile.

If you configured DNS for BIGD-5, that change belongs to BIGD-5.

When you go home and connect to a different Wi-Fi network, Ubuntu will use a different profile, such as:

Home_5G
Mohsin_5G
Office_WiFi

That home profile will use its own settings. By default, it will usually accept DNS from your home router.

To configure the home Wi-Fi too:

nmcli con show --active

Then repeat the DNS commands using the home connection name:

sudo nmcli con mod "Mohsin_5G" ipv4.dns "1.1.1.1 1.0.0.1"
sudo nmcli con mod "Mohsin_5G" ipv4.ignore-auto-dns yes
sudo nmcli con mod "Mohsin_5G" ipv4.dns-priority -1
sudo nmcli con up "Mohsin_5G"

This profile-based behavior is usually a good thing. It lets you force public DNS on one network while leaving another network automatic.

Add IPv6 DNS

Only do this if your network uses IPv6.

Check whether your active device has IPv6 addresses:

ip -6 addr show dev wlp9s0

Set Google IPv6 DNS:

sudo nmcli con mod "BIGD-5" ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
sudo nmcli con mod "BIGD-5" ipv6.ignore-auto-dns yes
sudo nmcli con up "BIGD-5"

Set Cloudflare IPv6 DNS:

sudo nmcli con mod "BIGD-5" ipv6.dns "2606:4700:4700::1111 2606:4700:4700::1001"
sudo nmcli con mod "BIGD-5" ipv6.ignore-auto-dns yes
sudo nmcli con up "BIGD-5"

Verify:

resolvectl status

If your network does not support IPv6, leave IPv6 DNS alone.

Add a Search Domain

A search domain lets short names resolve automatically.

Example:

  • you type server1
  • Ubuntu tries server1.example.local

This is useful on office, lab, or home networks with local hostnames.

Set a search domain:

sudo nmcli con mod "BIGD-5" ipv4.dns-search "example.local"
sudo nmcli con up "BIGD-5"

Verify:

resolvectl status

Do not add random search domains from the internet. Search domains are mainly for networks you control or trust.

Reset DNS Back to Automatic

If a custom DNS breaks something, restore the profile to normal DHCP DNS behavior.

sudo nmcli con mod "BIGD-5" ipv4.dns ""
sudo nmcli con mod "BIGD-5" ipv4.ignore-auto-dns no
sudo nmcli con mod "BIGD-5" ipv4.dns-priority 0
sudo nmcli con up "BIGD-5"

If you also changed IPv6 DNS:

sudo nmcli con mod "BIGD-5" ipv6.dns ""
sudo nmcli con mod "BIGD-5" ipv6.ignore-auto-dns no
sudo nmcli con up "BIGD-5"

Verify:

resolvectl status

You should see DNS servers from your router or network again.

Method 2 - Netplan for Server-Style DNS

Use Netplan when you are configuring Ubuntu Server, a minimal install, or a machine that is managed through YAML network configuration.

On most desktop installs, NetworkManager owns the active profiles, so nmcli is usually simpler and safer.

Step 1 - Find the Netplan File

ls /etc/netplan/

Common names include:

00-installer-config.yaml
01-network-manager-all.yaml
50-cloud-init.yaml

Open the file:

sudo nano /etc/netplan/00-installer-config.yaml

Use the actual filename from your system.

Step 2 - DHCP Address, Manual DNS

Example for a server using DHCP for the IP address but custom DNS:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s31f6:
      dhcp4: true
      dhcp4-overrides:
        use-dns: false
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]

The important parts:

  • dhcp4: true keeps automatic IP assignment
  • nameservers.addresses sets manual DNS
  • dhcp4-overrides.use-dns: false tells Netplan not to prefer DNS from DHCP

Step 3 - Static IP and Manual DNS

Example:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s31f6:
      dhcp4: false
      addresses: [192.168.1.50/24]
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]
        search: [home.lan]

Do not copy the IP addresses blindly. Replace them with values that match your network.

Step 4 - Test Before Applying

sudo netplan try

If the connection still works, accept the change.

Then apply permanently:

sudo netplan apply

Verify:

resolvectl status

Method 3 - Global DNS with systemd-resolved

Ubuntu-based systems commonly use systemd-resolved as the local resolver. You can see this in:

resolvectl status

And:

readlink -f /etc/resolv.conf

On many Ubuntu-based desktops, /etc/resolv.conf points to a systemd-resolved stub file. That is normal.

Do not manually edit /etc/resolv.conf. It is managed by the system and changes will be overwritten.

When Global DNS Helps

Use global DNS when you want a baseline resolver configuration for the system.

Do not assume it will override every connection. Per-link DNS from NetworkManager, Netplan, DHCP, or VPNs may still be more specific.

Create a Drop-In

Using a drop-in is cleaner than editing the main file directly.

sudo mkdir -p /etc/systemd/resolved.conf.d
sudo nano /etc/systemd/resolved.conf.d/90-custom-dns.conf

Add:

[Resolve]
DNS=1.1.1.1 8.8.8.8
FallbackDNS=9.9.9.9 8.8.4.4

Restart resolved:

sudo systemctl restart systemd-resolved

Verify:

resolvectl status

Remove the Global Override

sudo rm /etc/systemd/resolved.conf.d/90-custom-dns.conf
sudo systemctl restart systemd-resolved

Flush DNS Cache

If DNS was changed but lookups still behave oddly, flush the local cache:

sudo resolvectl flush-caches

Show resolver statistics:

resolvectl statistics

Install DNS testing tools if needed:

sudo apt install dnsutils

Test normal resolution:

dig ubuntu.com

Test a specific DNS server directly:

dig @1.1.1.1 ubuntu.com

This bypasses your system DNS settings for that one query and asks 1.1.1.1 directly.

Troubleshooting

Custom DNS Appears After Router DNS

Symptom:

DNS Servers: 202.84.32.2 202.84.33.3 8.8.8.8

Cause:

You added manual DNS but still accept automatic DNS from DHCP.

Fix:

sudo nmcli con mod "BIGD-5" ipv4.ignore-auto-dns yes
sudo nmcli con mod "BIGD-5" ipv4.dns-priority -1
sudo nmcli con up "BIGD-5"

DNS Works on One Wi-Fi but Not Another

Cause:

DNS settings are stored per NetworkManager connection profile.

Fix:

Connect to the other Wi-Fi and repeat:

nmcli con show --active

Then configure that active profile.

Captive Portal Does Not Open

Cause:

Some public or campus networks need their own DNS before the login page works.

Fix:

Temporarily restore automatic DNS:

sudo nmcli con mod "BIGD-5" ipv4.ignore-auto-dns no
sudo nmcli con mod "BIGD-5" ipv4.dns-priority 0
sudo nmcli con up "BIGD-5"

After logging in, you can try your custom DNS again.

Work or University Internal Sites Stop Working

Cause:

Internal names may require the organization’s DNS.

Fix:

Do not force public DNS on that profile. Use the network-provided DNS or ask the network administrator which DNS servers and search domains are required.

VPN DNS Stops Working

Cause:

The VPN may need higher DNS priority for private domains.

Fix:

Do not blindly set negative DNS priority on your normal Wi-Fi if your VPN depends on split DNS. Let the VPN profile control its own DNS, or configure priorities intentionally.

/etc/resolv.conf Keeps Changing

Cause:

That file is managed by systemd-resolved, NetworkManager, or another resolver integration.

Fix:

Do not edit it manually. Configure DNS through nmcli, Netplan, or systemd-resolved.

Quick Command Reference

Show active connections:

nmcli con show --active

Show all saved connections:

nmcli con show

Set DNS on one profile:

sudo nmcli con mod "BIGD-5" ipv4.dns "1.1.1.1 8.8.8.8"

Ignore router DNS:

sudo nmcli con mod "BIGD-5" ipv4.ignore-auto-dns yes

Prioritize the profile DNS:

sudo nmcli con mod "BIGD-5" ipv4.dns-priority -1

Apply profile:

sudo nmcli con up "BIGD-5"

Verify active resolver state:

resolvectl status

Verify DNS for a device:

nmcli device show wlp9s0 | grep IP4.DNS

Reset profile to automatic DNS:

sudo nmcli con mod "BIGD-5" ipv4.dns ""
sudo nmcli con mod "BIGD-5" ipv4.ignore-auto-dns no
sudo nmcli con mod "BIGD-5" ipv4.dns-priority 0
sudo nmcli con up "BIGD-5"

Flush resolver cache:

sudo resolvectl flush-caches

Summary Checklist

  • Use nmcli con show --active to find the active profile name
  • Set manual DNS with ipv4.dns
  • Use ipv4.ignore-auto-dns yes if you do not want router DNS
  • Use ipv4.dns-priority -1 only when you intentionally want this profile to win
  • Apply with sudo nmcli con up "ProfileName"
  • Verify with resolvectl status
  • Repeat per Wi-Fi profile if you want the same DNS on multiple networks
  • Use Netplan mainly for servers or networkd-managed systems
  • Do not manually edit /etc/resolv.conf

Official References

Discussion