I saw CachyOS April 2026 Release — CachyOS which says
CachyOS-Welcome:
- Added DNS-over-HTTPS (DoH) support via
blocky- Added custom DNS server support and DHCP automatic indicator/reset
- DNS servers now display metadata (region, homepage, filtering) and support individual latency testing
I was wondering what the defaults are for dns resollution on your system if you ignore the welcome screen?
systemd-resolveddefaults to dns servers advertised by your network. You can check resolvectl to see dns servers currently in use. If you see local ip there it means that it’s forwarded to your router and your router is handling dns resolution.
You can check what your currently resolving with using the following command. Keep in mind that systemd-resolved has built-in default fallback DNS servers, so it may bypass your internal DNS if it becomes unreachable.
resolvectl
Edited to fix typos.
Close.
We probably mean resolvectl.
And sudo should not be needed.
And status is what it runs by default.
So really you just need;
resolvectl
In case it was not clear..
To answer the topic query - “How Does DNS Resolution work on Cachy?”;
Cachy uses systemd-resolved by default.
This is configured to get its DNS servers from the network (router).
There is also now a new option to enable and use blocky.
( It does not appear blocky is installed or enabled by default. )
Blocky is what will be automatically used if applying custom DNS through the welcome app.
None of which is required.
And custom DNS can very easily be applied directly to systemd-resolved configuration or NetworkManager.
We use system dns by default, there are no additional features applied on top of that like local dnssec validation or qname minimisation by default, are there?
With the default systemd-resolved configuration there should not be anything like DNSSEC by default.
You may see more here;
Or here;
Yeah, thats new with the last release, and as mentioned above specifically uses blocky to handle the DNS including DoH etc.
It was never required for DNS resolution before, nor is it required for configuring custom DNS providers.
It is also not clear whether it introduces unnecessary overhead because systemd-resolved is already caching DNS resolution (with support for DoT, though not DoH [yet] .. whether you prefer one or the other really depends).
Considering blocky labels itself as a “DNS Proxy” my guess is yes, it introduces extra turnaround time.
Its main use is also specifically for blocking using that proxy. So the idea of it being leveraged as a generic configurator for ‘custom DNS servers’ also seems a little misguided. Our users are not even making use of the main reason to use blocky - whether or not they are even aware of its purpose.
PS.
In case it was not clear and/or anyone wishes for guidance.. users can change DNS simply through NetworkManager GUI under the IPv4 tab and setting “Automatic (Only Addresses)” and applying the DNS Servers there.
Or for configuring through systemd-resolved itself at a lower level then you can apply it using something like;
/etc/systemd/resolved.conf.d/dns.conf
[Resolve]
DNS=x-hagezi-pro.freedns.controld.com#x-hagezi-pro.freedns.controld.com
Domains=~.
Cache=yes
CacheFromLocalhost=yes
Timeout=10s
PPS.
You may note that certain DNS providers have built-in features like adblock.
And other blocking can be configured through /etc/hosts as well as various tools , like hblock, for automatically shaping the same.
Neither of which would require an additional ‘proxy’.