Fj Graf

Force QUAD9 DNS

Written by

fjgraf

in

Network Configuration Summary: Dual-Interface DNS

1. The Strategy

  • Uniform DNS: Force Quad9 on both Wired and Wireless profiles to prevent DNS “Race Conditions.”
  • Predictable Routing: Use Route Metrics to ensure the Wired connection is always preferred over Wi-Fi when both are active.
  • Isolation: Ignore ISP-provided DNS settings entirely.

Verify from where NetworkManager is getting its DNS. Usually Netowrk Manager will get DNS configuration from DHCP server. If your secondary network adapter (in this case a wifi adapter connected to the ISP router) is getting ISP DNSs, that might conflict with the default configuration of the wired adapter and force it to use the ISP DNS. We dont want this as we want to use QUAD9 DNS.

sudo ls /var/lib/NetworkManager/

Verify current DNS configuration:

cat /etc/resolv.conf

2. Implementation Commands

A. Wired Connection (Primary)

Goal: Highest priority, direct Quad9 access.

# Set DNS and Ignore DHCP DNS
nmcli con mod "Wired connection 1" ipv4.dns "9.9.9.9, 149.112.112.112"
nmcli con mod "Wired connection 1" ipv4.ignore-auto-dns yes

# Set Metric to 100 (Lower = Higher Priority)
nmcli con mod "Wired connection 1" ipv4.route-metric 100

# Apply
nmcli con up "Wired connection 1"

B. Wireless Connection (Backup)

Secondary priority, still forced to Quad9.

# Set DNS and Ignore DHCP DNS
nmcli con mod "ISP_WiFi_Name" ipv4.dns "9.9.9.9, 149.112.112.112"
nmcli con mod "ISP_WiFi_Name" ipv4.ignore-auto-dns yes

# Set Metric to 600 (Higher = Lower Priority)
nmcli con mod "ISP_WiFi_Name" ipv4.route-metric 600

# Apply
nmcli con up "ISP_WiFi_Name"

3. Operational Behavior

ScenarioData PathDNS ProviderLatency
Only Wired ActiveOpenWRTQuad9Instant
Only Wireless ActiveISP RouterQuad9Instant
Both ActiveWired (via Metric 100)Quad9Instant

4. Troubleshooting & Verification

  • Check DNS Order: cat /etc/resolv.confIf both interfaces are up, you should see only Quad9 IPs. If you see the ISP router IP, ipv4.ignore-auto-dns was not set correctly.
  • Check Active Metrics: ip route show defaultLook for the metric value. The interface with the lowest number is your active internet path.
  • Force Refresh: If settings don’t seem to apply:Bashsudo systemctl restart NetworkManager

5. Key Parameters for Records

  • Quad9 Primary: 9.9.9.9
  • Quad9 Secondary: 149.112.112.112
  • Preferred Metric: 100 (Wired)
  • Failover Metric: 600 (Wireless)

Note: Always use the specific connection names found in nmcli con show when running these commands. If your SSID has spaces, wrap it in quotes: "My ISP WiFi".

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts