🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Home » Learn » Linux Commands » resolvectl

resolvectl Command

Intermediate Networking man(1)

DNS resolution and systemd-resolved management

📅 Updated: Mar 16, 2026
SYNTAX
resolvectl [OPTIONS] COMMAND [ARGUMENTS]

What Does resolvectl Do?

The resolvectl command is the management tool for systemd-resolved, the DNS resolver service built into modern systemd-based Linux distributions. It provides DNS lookups, cache management, DNSSEC validation status, and per-interface DNS configuration.

resolvectl replaces the older systemd-resolve command and is the recommended way to interact with systemd-resolved on Ubuntu 18.04+, Fedora 30+, and other modern distributions. It works alongside traditional tools like dig and nslookup but offers additional features specific to systemd-resolved.

Key capabilities include querying DNS records of any type, viewing per-link DNS server configuration, flushing the DNS cache, checking DNSSEC status, managing DNS-over-TLS (DoT) settings, and monitoring DNS query statistics. For servers and workstations using systemd-resolved, resolvectl is the authoritative tool for DNS troubleshooting.

Options & Flags

OptionDescriptionExample
query HOSTNAME Resolve a hostname to IP address(es) resolvectl query example.com
status Show current DNS configuration per interface resolvectl status
statistics Show DNS cache and query statistics resolvectl statistics
flush-caches Flush all DNS caches sudo resolvectl flush-caches
dns INTERFACE SERVER Set DNS server for an interface sudo resolvectl dns eth0 1.1.1.1 8.8.8.8
domain INTERFACE DOMAIN Set search domain for an interface sudo resolvectl domain eth0 example.com
dnssec INTERFACE MODE Set DNSSEC mode (yes/no/allow-downgrade) sudo resolvectl dnssec eth0 yes
monitor Monitor DNS queries in real-time resolvectl monitor

Practical Examples

#1 Resolve a hostname

Resolve hostname showing IP addresses, DNSSEC status, and which interface/server handled the query.
$ resolvectl query example.com

#2 View DNS configuration

Show DNS servers, search domains, and DNSSEC/DoT settings for each network interface.
$ resolvectl status

#3 Flush DNS cache

Clear all cached DNS entries. Verify with statistics showing zero cache entries.
$ sudo resolvectl flush-caches && resolvectl statistics

#4 Set DNS servers

Set Cloudflare DNS servers for eth0. Takes effect immediately.
$ sudo resolvectl dns eth0 1.1.1.1 1.0.0.1 && resolvectl status eth0

#5 Monitor DNS queries

Watch DNS queries in real-time — shows what hostnames the system is resolving and the results.
$ resolvectl monitor

#6 Check DNSSEC status

Resolve with DNSSEC validation. The output shows whether the response was authenticated.
$ resolvectl query --type=A cloudflare.com

Tips & Best Practices

systemd-resolve is deprecated: The older systemd-resolve command is deprecated. Use resolvectl instead. On older systems, systemd-resolve still works as a symlink.
Check /etc/resolv.conf: On systemd-resolved systems, /etc/resolv.conf should be a symlink to /run/systemd/resolve/stub-resolv.conf. If not, DNS may not use systemd-resolved.
Per-interface settings are temporary: DNS servers set with resolvectl dns are lost on reboot. For persistent config, use NetworkManager (nmcli) or systemd-networkd .network files.
Enable DNS-over-TLS: Set DNSOverTLS=yes in /etc/systemd/resolved.conf to encrypt all DNS queries. Use Cloudflare (1.1.1.1) or Google (8.8.8.8) DNS which support DoT.

Frequently Asked Questions

How do I flush DNS cache in Linux?
On systemd-resolved systems: sudo resolvectl flush-caches. On other systems: sudo systemd-resolve --flush-caches, or restart the DNS caching service (nscd, dnsmasq, etc.).
How do I check what DNS server Linux is using?
Run resolvectl status to see DNS servers per interface. Or check /etc/resolv.conf. Or run resolvectl query example.com to see which server resolved the query.
What is the difference between resolvectl and dig?
resolvectl manages systemd-resolved (cache, settings, per-interface config). dig queries DNS servers directly without going through systemd-resolved. Use resolvectl for system DNS management, dig for detailed DNS troubleshooting.
How do I enable DNSSEC?
Set DNSSEC=yes in /etc/systemd/resolved.conf and restart: sudo systemctl restart systemd-resolved. Use resolvectl query to verify responses show "authenticated: yes".

Related Commands

dig

DNS lookup utility for querying name servers

 host

DNS lookup utility (simple)

 ip

Show and manipulate network interfaces, routing, and tunnels

 nmcli

NetworkManager command-line client

 nslookup

Query DNS name servers interactively

More Networking Commands

arp

Manipulate the ARP cache

 bridge

Linux network bridge management

 curl

Transfer data from or to a server using various protocols

 dig

DNS lookup utility for querying name servers

 ethtool

Display or change ethernet device settings

 host

DNS lookup utility (simple)

 ifconfig

Configure or display network interface parameters (legacy)

 ip

Show and manipulate network interfaces, routing, and tunnels

 iperf3

Network bandwidth measurement tool

 ip route

Show and manipulate the routing table

 mtr

Combine ping and traceroute in a single network diagnostic t

 nc

Networking utility for reading/writing across network connec
renice Command 📋 All Commands rev Command →

Master Linux with Professional eBooks

Curated IT eBooks covering Linux, DevOps, Cloud, and more

Browse Books →