Delphi Cloud
Contact Us

Configuring a local caching DNS resolver

Written by
Updated at August 14, 2025

Do not use Delphi Cloud DNS directly for requesting external domain names.

Instead, install and configure a local caching DNS resolver, e.g., systemd-resolved, dnsmasq, or unbound. This will speed up the execution of public DNS queries, decrease their number, and reduce your expenses.

If your VM runs Ubuntu 18.04 LTS or higher, it already has the systemd-resolved service by default, and no additional installation and setup actions are required. For more information, see Test systemd-resolved performance.

If using an older version of Ubuntu, such as 16.04 LTS, you need to install a caching DNS resolver on your own. We recommend using dnsmasq or unbound. For more information, see Install an alternative resolver.

To configure a local caching DNS resolver:

  1. Get your cloud ready.
  2. Set up your infrastructure.
  3. Test systemd-resolved performance.
  4. Install an alternative resolver.
  5. Replace the resolver.

If you no longer need the resources you created, delete them.

Getting started

Sign up for Delphi Cloud and create a billing account:

  1. Navigate to the management console and log in to Delphi Cloud or create a new account.
  2. On the Delphi Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.

Learn more about clouds and folders here.

The infrastructure support costs include:

Set up your infrastructure

  1. Create a VM with an Ubuntu OS, e.g., Ubuntu 18.04 LTS.
  2. Assign a public IP address to the VM.

Test systemd-resolved performance

  1. Connect to the VM over SSH.

  2. Find out the status of the systemd-resolved caching DNS resolver. To do this in Ubuntu version 18.04 or above, run this command:

    systemd-resolve --status

    As the systemd-resolved utility was renamed to resolvectl, the command will be different for Ubuntu 22.04+:

    resolvectl status

    Result:

    <...>
Link 2 (eth0)
<...>
Current DNS Server: 192.168.6.2         
         DNS Servers: 192.168.6.2         
         DNS Domain: in-west.internal
                     auto.internal

    If the configuration is correct, the Current DNS Server: line in the command output will show the Delphi Cloud DNS server address, the second one in the virtual network. For example, it will be 192.168.6.2 for a VM in the 192.168.6.0/24 subnet.

  3. Make sure external DNS names are resolved successfully by the 127.0.0.53#53 DNS server. To do this, use the dig utility:

    dig example.com

    Result:

    <...>
;; Query time: 69 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
<...>

    All resolutions of an external DNS name, except for the very first one, are executed almost instantly.

Install an alternative resolver

Warning

Configuration settings are provided for the sake of exemplification. To learn how to set up a caching resolver based on the VM workload and your needs, see the documentation for the selected resolver.

dnsmasq is a lightweight caching DNS resolver with a small footprint.

  1. Install the dnsmasq and dnsutils packages:

    sudo apt-get update -y
sudo apt-get install dnsmasq dnsutils -y

  2. Edit the /etc/dnsmasq.conf configuration file by increasing the cache size to 1,000 and setting the caching resolver to only listen to local VM addresses.

    1. Open the file:

      sudo nano /etc/dnsmasq.conf

    2. Paste this text to the file:

      cache-size=1000
listen-address=127.0.0.1
interface=lo
bind-interfaces

  3. Restart dnsmasq to apply the new settings. Make sure dnsmasq has gotten the active (running) status and there is the Started dnsmasq.service line at the end of the service log:

    sudo systemctl restart dnsmasq.service
sudo systemctl status dnsmasq.service

    Result:

    ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) <...>
<...>
Oct 28 22:39:57 <...> systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Oct 28 22:39:57 <...> dnsmasq[<...>]: dnsmasq: syntax check OK.
Oct 28 22:39:57 <...> dnsmasq[<...>]: started, version 2.75 cachesize 150
<...>
Oct 28 22:39:58 <...> dnsmasq[<...>]: using nameserver 192.168.6.2#53
Oct 28 22:39:58 <...> systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.

    Note also the address in the using nameserver <...> line. The line should contain the Delphi Cloud DNS server address, the second one in the virtual network. For example, it will be 192.168.6.2 for a VM in the 192.168.6.0/24 subnet.

  4. Use dig to make sure external DNS names are successfully resolved:

    dig example.com @127.0.0.1 | grep -B3 Query

    Result:

    ;; ANSWER SECTION:
example.com.    65420   IN  A  93.184.216.34
;; Query time: 3 msec

unbound is a validating, recursive, and caching DNS resolver geared towards fast performance, efficient resource consumption, and compliance with modern open standards.

  1. Install the unbound and dnsutils packages:

    sudo apt-get update -y
sudo apt-get install unbound dnsutils -y

  2. Specify the server settings at the end of the /etc/unbound/unbound.conf global configuration file or in a separate configuration file named /etc/unbound/unbound.conf.d/<file_name>.conf.

    1. Open the file:

      sudo nano /etc/unbound/unbound.conf

    2. Paste this text at the end of the file:

      server:
      port: 53
      interface: 127.0.0.1
      access-control: 127.0.0.0/8 allow
      do-ip4: yes
      do-ip6: no
      do-udp: yes
      do-tcp: yes
      num-threads: 2
      num-queries-per-thread: 1024
      hide-identity: yes
      hide-version: yes
      prefetch: yes
      verbosity: 1

  3. Run unbound to apply the new settings. Make sure unbound has gotten the active (running) status and there is the Started unbound.service line at the end of the service log:

    sudo systemctl start unbound.service
sudo systemctl status unbound.service

    Result:

    ● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: active (running) <...>
<...>
Oct 29 00:21:06 <...> unbound[<...>]:  * Starting DNS server unbound
Oct 29 00:21:06 <...> unbound[<...>]: [<...>:0] info: start of service (unbound 1.5.8).
Oct 29 00:21:06 <...> unbound[<...>]:    ...done.
Oct 29 00:23:21 <...> systemd[1]: Started unbound.service.

  4. Use dig to make sure external DNS names are successfully resolved:

    dig example.com @127.0.0.1 | grep -B3 Query

    Result:

    ;; ANSWER SECTION:
example.com.    86400  IN  A  93.184.216.34
;; Query time: 611 msec

Replace the resolver

If you need to replace systemd-resolved with a different local caching DNS resolver:

  1. Follow the tutorial in Alternative resolvers to install one.

  2. Edit the /etc/systemd/resolved.conf file to disable the stub resolver and set 127.0.0.1 as the DNS server address:

    1. Open the file:

      sudo nano /etc/unbound/unbound.conf

    2. Paste the following text after the [Resolve] line:

      DNS=127.0.0.1
DNSStubListener=no

  3. Create a symlink:

    sudo ln -svi /run/systemd/resolve/resolv.conf /etc/resolv.conf

  4. Restart systemd-resolved:

    systemctl restart systemd-resolved

  5. Make sure dig now uses the 127.0.0.1#53 server instead of 127.0.0.53#53:

    dig example.com

    Result:

    <...>
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
<...>

How to delete the resources you created

To stop paying for the resources you created, delete your VM.

Previous
All tutorials
Next
Migrating DNS zones from Delphi 360
© 2026 SDSM Analytics Pvt Ltd