DNS – Second Nameserver in /etc/resolv.conf Not Picked Up by wget

domain-name-systemresolv.conf

My resolv.conf looks like this:

; generated by /sbin/dhclient-script
search mcdc
nameserver 10.0.4.48
nameserver 8.8.8.8

if I do nslookup www.google.com it works

nslookup www.google.com
;; Got SERVFAIL reply from 10.0.4.48, trying next server
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
www.google.com  canonical name = www.l.google.com.

but when I curl www.google.com, it cannot resolve the host.

I tried running curl under strace, and found curl was only using the first nameserver in resolv.conf, not the second. If I switch the two nameserver lines around, www.google.com resolves, but internal DNS names do not, so thats not a good workaround.

How can I fix resolv.conf to use both nameservers?

Best Answer

The default behavior for resolv.conf and the resolver is to try the servers in the order listed. The resolver will only try the next nameserver if the first nameserver times out. The resolv.conf manpage says:

nameserver Name server IP address

Internet address (in dot notation) of a name server that the resolver should query. Up to MAXNS (currently 3, see ) name servers may be listed, one per keyword. If there are multiple servers, the resolver library queries them in the order listed.

And:

(The algorithm used is to try a name server, and if the query times out, try the next, until out of name servers, then repeat trying all the name servers until a maximum number of retries are made.)

Also see the resolver(5) manual page for more information.

You can alter the resolver's behavior using rotate, which will query the Nameservers in a round-robin order:

rotate sets RES_ROTATE in _res.options, which causes round robin selection of nameservers from among those listed. This has the effect of spreading the query load among all listed servers, rather than having all clients try the first listed server first every time.

However, nslookup will use the second nameserver if it receives a SERVFAIL from the first nameserver. From the nslookup manpage:

[no]fail Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response.

(Default = nofail)

Related Solutions

Nslookup Failure

QUERY What could be going wrong here?

A couple of things are conspiring against you. :-(

The file /etc/resolv.conf could be a problem; its domain line gets set to an inappropriate value when I reboot.

How is your /etc/resolv.conf being created/populated?

My guess is that your IP address is being assigned by a DHCP server. As part of the IP address assignment, your DHCP client is rewriting /etc/resolv.conf with the domain and nameserver assigned by the DHCP server. Hence, the "inappropriate" value after you reboot.

NSLOOKUP OUTPUT nslookup gives the SERVER address of the default name server, but says "can't find workshop: NX domain."

This is because your default DNS server is not your local DNS server -- it is one of the DNS servers assigned to you by the DHCP server. This "other" DNS server does not know about your domain.

But nslookup still doesn't work after I edit the line to "domain example.net" and restart bind9.

That's because you need to add your local DNS server to the list of nameservers in /etc/resolv.conf. Immediately before any other nameserver entry, add ...

nameserver 127.0.0.1

Now, when you use nslookup, your local DNS server should be your default DNS server. nslookup should now be able to resolve "workshop".

UPDATE Here is the output of dig: Command: dig A @workshop workshop.example.net

This confirms that you have your domain correctly configured on your local bind DNS server.

As you've already experienced, your changes to /etc/resolv.conf will be overwritten the next time you reboot. You have two options:

Reconfigure your machine to use a static IP. /etc/resolv.conf won't be overwritten anymore, so your changes will persist after a reboot.
Reconfigure your DHCP client so that it does not overwrite /etc/resolv.conf. This thread should point you in the right direction.

DNS resolution problems; dig SERVFAIL error

I'd start with verifying, that your server runs:

netstat -an | grep ^udp | grep 53

It should show a line similar to

udp        0      0 0.0.0.0:53                0.0.0.0:*

If named doesn't run, then stop it (just to clean up), then start and see what it writes to log files (/var/log/messages, /var/named/data/named.run). There may be some typo that prevents the daemon from starting successfully.

Then I'd strip as much as I could from the named.conf. Minimal, basic config should be easier to troubleshoot. Then I'd add entries bit by bit, to see, which entry causes the server to balk.

Also try separately to resolve things locally from the server, and from a client outside. I hope you'll find what's wrong.

Best Answer

Related Solutions

Nslookup Failure

DNS resolution problems; dig SERVFAIL error

Related Topic