This discussion is archived
3 Replies Latest reply: Jan 17, 2013 4:47 PM by Avi Miller RSS

Understanding how the local DNS resover works.

Dude! Guru
Currently Being Moderated
Hello,

Some years ago I was troubleshooting a DNS lookup issue for mail exchangers (MX). It was not under Linux. However, the problem turned out that a DNS MX lookup did not query all the specified name servers until it found a match. Instead, as soon as the name server responded with the record or that it cannot resolve the query, the query was done and no other name servers were used.

DNS queries were performed in a round robin fashion, but due to the TTL (Time to Live) value of the DNS record, only every 10th or other query would succeed. It was just a matter of time and order of attempt for a query to contact the "good" name server. Apparently this was an expected behavior because the local DNS resolver was only supposed to fall-back to query another listed name server if the name servers being queried does not respond.

How does Enterprise Linux or perhaps Linux in general work when it is configured for search domains and several name servers. For instance, following /etc/resolv.conf:

serach example1.com example2.com example3.com
nameserver 192.168.10.1
nameserver 172.16.32.1
nameserver 10.0.0.1
nameserver 8.8.8.8

I do not see any option here, unlike in other OS's, that will allow me to configure the resolver that 192.168.10.1 should be queried for domain example1.com and 172.16.32.1 should be queried for example2.com, etc. Instead according to the man page of resolv.conf, name servers will be used in the order they appear, unless I configure round-robin.

So in other words, if I query, e.g. host1, without specifying a domain name, the local resolver will attempt to resolve host1.example1.com, host1.example2.com and host1.example3.com, but only querying 192.168.10.1 until it finds a match. I suppose the first successful query wins. But other name servers are not being queried, unless 192.168.10.1 is down. But even if it can be configured to contact specific name servers based on the domain name, how will this work with reverse IP lookup?

My current understanding is that the list of name servers in /etc/resolve.conf provides only a fall-back support in case a name server is down and does not respond. In order to partition a DNS lookup, every DNS server will have to be configured to forward queries accordingly.

Is this correct? Any thoughts please?

Thanks.
  • 1. Re: Understanding how the local DNS resover works.
    Avi Miller Guru
    Currently Being Moderated
    Dude wrote:
    I do not see any option here, unlike in other OS's, that will allow me to configure the resolver that 192.168.10.1 should be queried for domain example1.com and 172.16.32.1 should be queried for example2.com, etc.
    I've never seen an OS do this: which ones allow you to do this, and how? It's not how DNS is supposed to work.
    My current understanding is that the list of name servers in /etc/resolve.conf provides only a fall-back support in case a name server is down and does not respond. In order to partition a DNS lookup, every DNS server will have to be configured to forward queries accordingly.
    Correct. If you really want client-side DNS manipulation, you could probably run dnsmasq locally, point the client at itself and then use dnsmasq to route requests. However, this doesn't scale beyond about one server. Rather, you should be using decent upstream DNS servers that can handle all the requests you make from your clients.
  • 2. Re: Understanding how the local DNS resover works.
    Dude! Guru
    Currently Being Moderated
    Thank you very much! About the other OS's, please disregard, I was probably misunderstanding.
  • 3. Re: Understanding how the local DNS resover works.
    Avi Miller Guru
    Currently Being Moderated
    Dude wrote:
    Thank you very much! About the other OS's, please disregard, I was probably misunderstanding.
    No worries. If you're really interested in DNS manipulation, take a look at Split Horizon DNS: http://en.wikipedia.org/wiki/Split-horizon_DNS -- this will allow a single DNS server to return different results based on the source of the request. This is used extensively to provide internal/external views to the same DNS zone.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points