resolvectl Command
Intermediate Networking man(1)DNS resolution and systemd-resolved management
๐ 133 views
๐
Updated: Apr 30, 2026
SYNTAX
resolvectl [OPTIONS] COMMAND [ARGUMENTS]
What Does resolvectl Do?
The resolvectl command is the management tool for systemd-resolved, the DNS resolver service built into modern systemd-based Linux distributions. It provides DNS lookups, cache management, DNSSEC validation status, and per-interface DNS configuration.
resolvectl replaces the older systemd-resolve command and is the recommended way to interact with systemd-resolved on Ubuntu 18.04+, Fedora 30+, and other modern distributions. It works alongside traditional tools like dig and nslookup but offers additional features specific to systemd-resolved.
Key capabilities include querying DNS records of any type, viewing per-link DNS server configuration, flushing the DNS cache, checking DNSSEC status, managing DNS-over-TLS (DoT) settings, and monitoring DNS query statistics. For servers and workstations using systemd-resolved, resolvectl is the authoritative tool for DNS troubleshooting.
resolvectl replaces the older systemd-resolve command and is the recommended way to interact with systemd-resolved on Ubuntu 18.04+, Fedora 30+, and other modern distributions. It works alongside traditional tools like dig and nslookup but offers additional features specific to systemd-resolved.
Key capabilities include querying DNS records of any type, viewing per-link DNS server configuration, flushing the DNS cache, checking DNSSEC status, managing DNS-over-TLS (DoT) settings, and monitoring DNS query statistics. For servers and workstations using systemd-resolved, resolvectl is the authoritative tool for DNS troubleshooting.
Options & Flags
| Option | Description | Example |
|---|---|---|
| query HOSTNAME | Resolve a hostname to IP address(es) | resolvectl query example.com |
| status | Show current DNS configuration per interface | resolvectl status |
| statistics | Show DNS cache and query statistics | resolvectl statistics |
| flush-caches | Flush all DNS caches | sudo resolvectl flush-caches |
| dns INTERFACE SERVER | Set DNS server for an interface | sudo resolvectl dns eth0 1.1.1.1 8.8.8.8 |
| domain INTERFACE DOMAIN | Set search domain for an interface | sudo resolvectl domain eth0 example.com |
| dnssec INTERFACE MODE | Set DNSSEC mode (yes/no/allow-downgrade) | sudo resolvectl dnssec eth0 yes |
| monitor | Monitor DNS queries in real-time | resolvectl monitor |
Practical Examples
#1 Resolve a hostname
Resolve hostname showing IP addresses, DNSSEC status, and which interface/server handled the query.
$ resolvectl query example.com#2 View DNS configuration
Show DNS servers, search domains, and DNSSEC/DoT settings for each network interface.
$ resolvectl status#3 Flush DNS cache
Clear all cached DNS entries. Verify with statistics showing zero cache entries.
$ sudo resolvectl flush-caches && resolvectl statistics#4 Set DNS servers
Set Cloudflare DNS servers for eth0. Takes effect immediately.
$ sudo resolvectl dns eth0 1.1.1.1 1.0.0.1 && resolvectl status eth0#5 Monitor DNS queries
Watch DNS queries in real-time โ shows what hostnames the system is resolving and the results.
$ resolvectl monitor#6 Check DNSSEC status
Resolve with DNSSEC validation. The output shows whether the response was authenticated.
$ resolvectl query --type=A cloudflare.comTips & Best Practices
systemd-resolve is deprecated: The older systemd-resolve command is deprecated. Use resolvectl instead. On older systems, systemd-resolve still works as a symlink.
Check /etc/resolv.conf: On systemd-resolved systems, /etc/resolv.conf should be a symlink to /run/systemd/resolve/stub-resolv.conf. If not, DNS may not use systemd-resolved.
Per-interface settings are temporary: DNS servers set with resolvectl dns are lost on reboot. For persistent config, use NetworkManager (nmcli) or systemd-networkd .network files.
Enable DNS-over-TLS: Set DNSOverTLS=yes in /etc/systemd/resolved.conf to encrypt all DNS queries. Use Cloudflare (1.1.1.1) or Google (8.8.8.8) DNS which support DoT.
Frequently Asked Questions
How do I flush DNS cache in Linux?
On systemd-resolved systems: sudo resolvectl flush-caches. On other systems: sudo systemd-resolve --flush-caches, or restart the DNS caching service (nscd, dnsmasq, etc.).
How do I check what DNS server Linux is using?
Run resolvectl status to see DNS servers per interface. Or check /etc/resolv.conf. Or run resolvectl query example.com to see which server resolved the query.
What is the difference between resolvectl and dig?
resolvectl manages systemd-resolved (cache, settings, per-interface config). dig queries DNS servers directly without going through systemd-resolved. Use resolvectl for system DNS management, dig for detailed DNS troubleshooting.
How do I enable DNSSEC?
Set DNSSEC=yes in /etc/systemd/resolved.conf and restart: sudo systemctl restart systemd-resolved. Use resolvectl query to verify responses show "authenticated: yes".
Related Commands
More Networking Commands
Download Networking Cheat Sheet
View all 31 Linux command cheat sheets โMaster Linux with Professional eBooks
Curated IT eBooks covering Linux, DevOps, Cloud, and more
Browse Books โ