Mobile broadband ipv4 DNS setting ignored

Looking for some help on configuring the ipv4 DNS server IP on the Librem 5, so it is not routed through your mobile/cellular broadband data provider aka AT&T, or Deutsche Telekom, or Verizon DNS service, but instead is routed through a third party DNS server and provider of your liking say . The story is in absence of having VPN and just trying to get that little bit of extra peace feeling.

This will enhance your privacy, security and control since mobile broadband providers are known to sell your data to advertisers and they know exactly who you are which makes that data so valuable and sellable, also they know since it is unencrypted (in that sense even using Cloudflare DNS would be more secure).

What i have tried:

  1. set additional DNS server in the mobile/cellular broadband advanced network manager settings under ipv4 setting, however this is basically ignored and it just used your mobile/cellular broadband data provider.
  2. set primary and fallback DNS using the /etc/systemd/resolved.conf configuration file e.g. DNS=' , FallbackDNS= , after which you save the file and do sudo systemctl restart NetworkManager.service , however this is again ignored and the DNS resolving is still routed directly over the mobile/cellular provider.
  3. created dns.conf file in /etc/NetworkManager/conf.d/ based on feedback that does not work and does not resolve any DNS, changing the systemd-resolved=true allows DNS resolving, but goes back to the mobile/cellular provider DNS and ignores your IPs, changing DNS=none to DNS= as well still is ignored.
  4. based on you also have to change the DNS priority tells the system about the priority of DNS lookup, which i did changing the order the /etc/nsswitch.conf from looking at resolved.conf dns first before hosts, however again no cigar, fully ignored.
  5. followed instructions per to manually control DNS and again no cigar, also couldn’t create a /etc/resolv.conf file, it didn’t let me so i guess i am out of ideas

So how can the DNS be setup for mobile/broadband internet that actually respects the DNS setting and why is this so difficult? Obviously this seems to all work fine when using WiFi, why does it not work for cellular?

This bug in NetworkManager maybe related to it:

This is all a little odd to me because when using Open VPN it correctly routes DNS requests through the VPN DNS server and it works also on mobile/broadband connection, crying now…

Maybe all i can say at this point is, for Purism, please create a reliable and easy way to disable Auto DNS for mobile broadband connections, the Network Manager Advanced Settings can be used to change to the appropriate primary, and fallback DNS server by entering the respective IP and toggling the automatic method to automatic, addresses only but the user has to use a terminal command that is probably unknown to most to switch off auto-DNS.

In addition to the changes in resolved.conf additional config needs to be set so that the DNS server(s) specified in resolved.conf will be used.

Create the file `/etc/NetworkManager/conf.d/dns.conf’ with the following contents…


then reload for config to take…

sudo systemctl reload NetworkManager.service

I think what might be going wrong there is that there is a missing setting. When I look at that config window on my desktop, there is an on-off switch for “DNS automatic”.

With that “on”, I imagine that it takes DNS servers mentioned in the DHCP (or other) configuration response and then adds whatever you supply as “additional DNS servers” - or who knows maybe it just ignores the additional DNS servers. So unless you blackhole (firewall) the automatic DNS server(s), you are unlikely to achieve your goal.

With that “off”, I imagine that it ignores DNS servers mentioned in the DHCP (or other) configuration response and just uses whatever you supply as “DNS servers”. (So you can, for example, use DHCP to get an IP address but override the DNS servers that DHCP suggests.)

For IPv4, I believe that Google is and, and that is Cloudflare (which is probably less evil than Google).

I think for WIFI you are right, you can change it to MANUAL in the drop down and then it will use the DNS servers listed in additional DNS server IPs, the MANUAL option doesn’t exist for the mobile/cellular broadband network.

The only options are Automatic, Automatic, Addresses Only, Disabled

Maybe try that ⇑

tried that as well but then it does not appear to resolve DNS correctly. What desktop OS are you running that you have the DNS auto toggle?

Ubuntu. But as you say, that could be only on regular network connections (ethernet, WiFi).

That could be partial success then. It stopped using the MVNO’s spyDNSserver?

1 Like

I skimmed the OP and misread the requirements, I had thought you wanted the DNS to apply globally and had completely missed that you are looking for it to appy to the mobile connection only.

For a single connection only…

nmcli con mod <connection-name> ipv4.ignore-auto-dns yes ipv4.dns ""

then reload the connection…

nmcli con up <connection-name>

<connection-name> should be double checked, on the Librem 5 I have here it is “Handsets” while looking at the screengrab you have provided yours is “NXTGENPHONE”
so for your connection the actual terminal commands would be…

nmcli con mod NXTGENPHONE ipv4.ignore-auto-dns yes ipv4.dns ""

followed by…

nmcli con up NXTGENPHONE

EDIT: the IP address does not seem to be a valid DNS server which is likely to cause issues, cloadflare’s main DNS servers are and


You are the man Loki!! Thank you the magic here is that there is no disable auto dns toggle in the advanced networks settings for network manager UI. The command you suggested for **ipv4.ignore-auto-dns yes** does the same as that missing toggle would and it appears to persist across reboots! You wouldn’t happen to know which file this setting is saved in since Linux probably saves it in a text/conf file somewhere?

After adding the ipv4.dns the following shows in the settings ui:

Also this does not break using open vpn which when used will still use the appropriate open vpn DNS server automatically if configured to do so, not the .

I tried the same for my desktop with Ethernet connection “Wired connection 1”, however the change does not appear to take and it still uses automatically defined dns.

The config files are located in /etc/NetworkManager/system-connections/ one file per connection. I would however, recommend not editing those files directly in a text editor and instead use the tools either through the network settings GUI or nmcli from the command line.

Which desktop OS are you using?

Ubuntu 22.10 , it seems for WIFI and Mobile Broadband i have been able to setup the DNS servers, but for the LAN ethernet connection i have had a problem.

Assuming this would be similar:

Unfortunately I don’t know much about Ubuntu and the finer points of it’s ethernet/wired networking. What system manages DNS?

Is this an actual desktop machine (i.e. some sort of static machine always connected to the same network)? Or a laptop? If the former, would it be possible to set the desired DNS servers within the DHCP server config, or setup the interfaces as static?

Ah no worries, its a static connection on desktop between router and hub. I will investigate DHCP server config, its a shame that NetworkManager UI got rid of the DNS Automatic toggle. Not sure what got into them, i will file a bug report. I have tried the NetPlan route but that shortof got rid of all connections and didn’t recognize the lan device for some reason.


Note that @Loki told you above that one of the Cloudflare DNS server IP addresses that you are using is wrong. Ignoring that isn’t going to help!

1 Like

I think the change may have been logical.

With the previous UI they gave you two controls (IPv4 method menu & DNS automatic on/off), which makes it look as if these controls are orthogonal (independent) but they may not be. Unless you choose IPv4 method automatic, the DNS automatic on/off control may serve no purpose.

(That said, there may be some way to use DHCP to get local configuration information but without getting an IP address. I haven’t looked at the DHCP RFC recently.)

So instead they have rolled the DNS automatic options into the IPv4 method menu i.e automatic IP address with automatic DNS server IP addresses vs. automatic IP address but no automatic DNS server IP addresses (which they are confusingly calling “automatic, addresses only”).

I am still on Ubuntu 22.04 LTS and hence the DNS automatic toggle has not gone away (yet).

So I wouldn’t file a bug report.

Personally I would have left the UI as it is but enabled/disabled (greyed out) the DNS automatic on/off control unless IPv4 method is automatic, if that is in essence the intention - because there are a truckload of other (potential) controls that you could put on the user interface when IPv4 method is automatic (DHCP) - and with more than one on/off control relating specifically to DHCP it isn’t going to be practical to roll the DHCP options into the IPv4 method.

Ok yes that confused me at first, i think thats exactly their intent. However, as i was trying to turn off auto DNS simply adding the addresses in the DNS input, and switching the dropdown to “automatic, addresses only” is actually not turning off Auto DNS based on my testing. You have to nmcli con mod ipv4.ignore-auto-dns yes to make it turn off. So something is either not implemented or they are missing one more option in the drop down, so it could still be a bug report ?

got it that was just a bad example on my part i’ll fix the story. I am using very different IP addresses.

By the way a nice executable bash script if found online that can be run on any active connection regardless:

nmcli -g name,type connection  show  --active | awk -F: '/ethernet|wireless/ { print $1 }' | while read      connection
  nmcli con mod "$connection" ipv6.ignore-auto-dns yes
  nmcli con mod "$connection" ipv4.ignore-auto-dns yes
  nmcli con mod "$connection" ipv4.dns ""
  nmcli con mod "$connection" ipv6.dns "number1 number2"
  nmcli con down "$connection" && nmcli con up "$connection"

this could be tweaked to include broadband i imagine and if ipv6 is disabled the script will still work and just skip setting ipv6