Modern browsers use their buit-in DNS settings which adds to the confusion.
There's no way of stopping any application sending DNS queries on its own unless you really want to lock down everything with a heavy hand (firewall, container, apparmor / selinux). As long as there's a toggle to turn it off, I'm okay with that.
How do you think it should be fixed?
The Tailscale folks speak of systemd-resolved positively and it works well for my own use case.
Right now I use both systemd-resolved & systemd-networkd on my laptop with a dnsproxy service to query outside DNS servers with DNS-over-HTTPS. systemd-resolved is responsible for handling queries from applications, caching and per-domain DNS routing (~home.arpa
for virtual machines and ~lan
for machines in my home network).
There is one little caveat: when I have to connect to a free Wi-Fi which requires authorizing via a captive portal implemented by traffic hijacking, I'll have to enable DNSDefaultRoute=
in the Wi-Fi network config file, tell systemd-networkd to reload, finish the authorization in a browser page, revert the previous change, reload systemd-networkd again. It's a lot of steps but I can automate most of them with a script for now.
Long term wise, hopefully systemd-resolved will support DNS-over-HTTPS (and DNS-over-QUIC) then I can stop running dnsproxy.
Edit: link to some blog post
It seems to me that you'll have to install the whole Bazzite distro to enjoy its goodies. If we're only talking about running Steam, I'd just go with Flatpak for an easy start.