Fedora now uses systemd-resolved for name resolution, but still uses NetworkManager instead of systemd-networkd.
The man page of systemd-resolved states how to configure a per-link setting for systemd-resolved if systemd-networkd is used (i.e. create a file in
/etc/systemd/network), but it does not specify how to configure a per-link setting when NetworkManager is used.
The DNS servers contacted are determined from the global settings in /etc/systemd/resolved.conf, the per-link static settings in /etc/systemd/network/*.network files (in case systemd-networkd.service(8) is used), the per-link dynamic settings received over
DHCP, information provided via resolvectl(1), and any DNS server information made available by other system services.
Without systemd-networkd, how can I configure systemd-resolved with
DNSSEC=yes for one specific link, but not for the others? My VPN DNS server does not support DNSSEC so specifying DNSSEC=yes at the global level (i.e. in
/etc/systemd/resolved.conf) breaks name resolution for my VPN. I’m not finding the relevant NetworkManager options nor DHCP options, if any.