If you run dnsmasq and are having some trouble with occasional dns drops:
give this a try:
ls -alh /etc/resolv.conf you should record where that Systemd points to in the future... mine points to /run/resolvconf/resolv.conf If you cat that, you find: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1 search lan That does not include the lie of 8.8.8.8 and 8.8.4.4, so just remove that link rm /etc/resolv.conf b.t.w. that link lives in /etc/systemd/resolved.conf - silly D, tricks are for google... (what else is going on that is non-apparent in that seemingly PID 1 process?) And add back in the truth via a simple; nameserver 127.0.0.1 Of course if you believe in dnssec, you probably believe in not butter...
Not butter constitutional siginatures
https://www.iana.org/reports/2010/root-ksk-2010.pdf
Not sure how they would sign so everybody in the world would agree and trust it...
A keysigining party on that scale would be interesting...
Update
Looks like updates "fix" this change, and the pointer goes back to:
/var/run/dnsmasq/resolv.conf
Not sure yet how to fix this broken tool.