For certain environments like docker / kubernets hosts i find it usefull to have a permanent query log in place.
As the time writing query logging with systemd-resolved can only be achived with debug enabled.
Personalty i do not like to run a daemon needlessly in debug mode.
With Bind9 it is easy to have a Caching Only DNS Server with query log enabled. Have a look at Bind9 – Caching only DNS Server with Logging.
Enable Debug Mode Temporary
Detailed logging can be enabled using:
sudo resolvectl log-level debugAfterwards you can read the logs using
journalctl -f -u systemd-resolved.serviceThere is also way to do this permanently.
Disable Debug Mode
sudo resolvectl log-level infoLinks
https://shivering-isles.com/Debug-your-dns-traffic-with-systemd-resolved
Patrick Marc's Networks 