What are link "scopes" in systemd-resolved?

I had the same question.
resolvectl now is used instead of systemd-resolve.
resolvectl is the client for systemd-resolved daemon.
resolvectl gives the same output as systemd-resolve.
Okay as for "Current Scopes:" . It can have three words "DNS", "mDNS" "LLMNR".

"Current Scopes:" reside inside per-interface section.
"Current Scopes:" does not exist in Global section.

If we have "Current Scopes: mDNS" in section "Link 2 (enp3s0)" it means that systemd-resolved will accept mDNS traffic on interface enp0s3 and respond. To be specific the traffic is

 IP 224.0.0.251 UDP 5353 

Also it means systemd-resolved will make mDNS queries via interface enp0s3 to the network.

If we have "Current Scopes: DNS" it means we specified per-interface dns server(s) in this section. For instance

 Link 3 (wlp2s0) Current Scopes: DNS DNS Servers: 8.8.8.8 8.8.4.4 192.168.211.142 

What does it actually mean on practice? Its kind of tricky. To make explanation more simple and clear suppose we have only one interface on pc.
systemd-resolved always has General section and a section per every interface.

The word "DNS" in the line "Current Scopes:" has quite different meaning that the word "mDNS". First of all it doesnt mean that systemd-resolved will answer for DNS requests incoming to the interface enp0s3. The second one - systemd-resolved will make DNS queries via enp0s3 regardless if we have "DNS" in the line or not.

Okay. we can specify DNS server in General section (via /etc/systemd/resolved.conf or via /etc/systemd/resolved.conf.d/*.conf) for instance like this

$ cat /etc/systemd/resolved.conf/global.conf [Resolve] DNS=1.1.1.1 FallbackDNS=8.8.8.8 

It will give

Global Current DNS Server: 1.1.1.1 DNS Servers: 1.1.1.1 Fallback DNS Servers: 8.8.8.8 

Also we can specify dns server in per-interface section
via resolvectl utility (unfortunately its not possible to set per-interface dns IP via systemd-resolved config files, you can do that via systemd-networkd conf files but thats another story)

# resolvectl dns enp0s3 12.12.12.12 

it will give the output

Link 2 (enp0s3) Current Scopes: DNS DNS Servers: 12.12.12.12 

when we set per-interface dns we switch on "DNS" in the line "Current Scopes:"

So overall we have output ( i give truncated output to make less confusion)

Global ... Current DNS Server: 8.8.8.8 Link 2 (enp0s3) ... Current Scopes: DNS DNS Servers: 12.12.12.12 

what happens if we make dns query

# resolvectl query -y gmail.com 

Will it use 12.12.12.12 or 8.8.8.8 or may be both. Actualy it depends on three parameters:

• What is "DNS Domain" line in Global section?
• What is "DNS Domain" line in per-interface section?
• What is "DefaultRoute" word in per-interface section?

In this particular case

Global ... Current DNS Server: 8.8.8.8 DNS Domain ~. <====== Link 2 (enp0s3) ... Current Scopes: DNS Protocols: +DefaultRoute <====== Current DNS Server: 12.12.12.12 DNS Domain: co.uk <======== 

If the query is "bbc.co.uk" it will be resolved via 12.12.12.12
If the query is "bbc" it will be transformed to "bbc.co.uk" and resolved via 12.12.12.12
If the query is gogle.com it will be resolved via 8.8.8.8

If you change DNS Domain: to

 DNS Domain:"~." 

or

DNS Domain:"" 

in one of sections or change DefaultRoute to

-DefaultRoute 

the used dns server or servers will be quite different. I suggest
to change and check via

# tcpdump udp -n -i enp0s3 

Overall rule - the request will be sent to dns servers of every section (including Global section) where we have match "DNS Domain:" with request domain, if we dont have such match - the request will be send via dns server in Global section and to dns server in section with +DefaultRoute flag. "DNS Domain: ~." means "every domain"

I think systemd-resolved has clumsy, confusing logic of working and big but bad documentation.

As for the meaning "LLMNR" in Scopes. I havent done any investigation.

What are systemd link "Scopes"?

The systemd-resolve code and documentation unfortunately is inconsistent in the terms "Scope" and "Protocol", using them somewhat interchangeably even when the meaning is slightly different.

For the record, as at systemd 256, systemd-resolve --status reports the following for a link:

Link 4 (wlp2s0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 1.1.1.2 DNS Servers: 1.1.1.2 1.0.0.2 2606:4700:4700::1112 2606:4700:4700::1002 DNS Domain: home 

Going by the systemd-resolve --status from the OP, it appears at that time the "Protocols" config flags were reported separately vs. on one line.

The meaning of the "Current Scope" and "Protocols" lines is buried in the systemd-resolved resolve1 D-Bus interface doc:

The latter [Protocols] expose what is configured to be used on the interface, the former [Current Scopes] expose what is actually used on the interface, taking into account the abilities of the interface.

On the Scopes, it also notes that "any interface that is UP and has an IP address is suitable for DNS" and similarly LLMNR and mDNS when the interface supports multicast.

It would seem that the "Current Scopes" and "Protocols" lines would be better labelled as "Available Protocols" and "Protocol Configuration", respectively.

systemd-resolve HOSTNAME will report the 'scope' used, but calls it a protocol (resolvectl.c: print_source()), e.g.

% systemd-resolve google.com google.com: 2404:6800:4006:804::200e -- link: wlp2s0 142.250.204.14 -- link: wlp2s0 -- Information acquired via protocol DNS in 11.6ms. -- Data is authenticated: no; Data was acquired via local or encrypted transport: no -- Data from: network 

Why would one machine assign the "DNS" scope and the other not?

A link that is not reporting DNS in its list of "Current Scopes" will be either down or not have "an IP address is suitable for DNS". e.g. for a local Ethernet interface, not connected:

Link 2 (enp1s0f0) Current Scopes: none Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported 

systemd-resolve is a front end to the systemd-resolved service, which describes itself as a "Network Name Resolution manager". systemd-resolved.service is configured in /etc/systemd/resolved.conf. This file can contain the option DNS=, which should have as value a list of DNS server addresses. If this option is missing, /etc/resolv.conf is used instead.

/etc/resolv.conf in turn can be a symlink to /run/systemd/resolve/resolv.conf, which is maintained by systemd-resolved itself, or /etc/resolv.conf can be created by some other program independently of systemd-resolved.

My guess is that your Lubuntu machine does not have a DNS= entry in /etc/systemd/resolved.conf and /etc/resolv.conf is missing, or it does not contain DNS server entries.

LLMNR (RFC 4794) stands for "Link-Local Multicast Name Resolution", and is an alternative to DNS for resolving names. LLMNR does not have a central service, but each host responds with its own addresses when a query for a matching name is sent as a multicast datagram over the local LAN. As the name says, LLMNR is restricted to the local network; it has link-local scope. A competing protocol to LLMNR is Multicast DNS (RFC 6762).