LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-19-2015, 09:36 AM   #1
linustalman
LQ Guru
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 12 Bookworm
Posts: 5,708

Rep: Reputation: 479Reputation: 479Reputation: 479Reputation: 479Reputation: 479
Question Questions on DNS setup in GNU/Linux.


Hi LQ.

I've got a few questions on setting up DNS in GNU/Linux.

Should I use 2 or 3 DNS servers like so:

194.125.133.11, 217.78.6.191, 37.235.55.46

or

127.0.0.1, 194.125.133.11, 217.78.6.191

or

192.168.1.1, 194.125.133.11, 217.78.6.191

---

Would using 3 DNS servers have a downside or would it be fine?

What happens if I use 127.0.0.1 or 192.168.1.1 (internal)? Would it use my default DNS on my router or from my ISP?

Thanks.
 
Old 09-20-2015, 06:25 AM   #2
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,564

Rep: Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684
What do you mean?

It reads as if you are setting up a DNS server (bind, dnsmasq, etc.)?
It is difficult to know what to advise, if we do not know what software you are talking about.

What does your documentation say about defining the forward servers? Do they provide examples? Does it have a man page for the configuration file involved?

In most cases, you do not define 127.0.0.1 in the software (it KNOWS itself already), but you DO set that in the client piece (/etc/resolv.conf or whatever is creating it on your distro). It is rare for it to be otherwise, but not unknown.

If you are only defining DNS servers on a client (nameservers) then three is the maximum most standard IP stacks will use. (You can define all you want, it only uses the first three.) 127.0.0.1 should be the first entry IF you are running a DNS cache locally and it forwards requests properly, not otherwise.

So why would you set three? If the first goes down or stops responding, your IP stack (or the NS server software) will automatically detect that timeout and request from the second. Think of it as an IP stack built-in high availability feature for name lookup.

As for the exact values, they should be your local name servers in order: closest, next in line, remote. I use my local DNSMASQ server, my ISP nameserver, and the closest google nameserver. At work we run a primary and a backup on each continent: I set the closest primary, closest backup, and nearest free public nameserver or the ISP server. (Depending upon which I trust more in that location.)

Last edited by wpeckham; 09-20-2015 at 06:32 AM.
 
Old 09-20-2015, 02:24 PM   #3
linustalman
LQ Guru
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 12 Bookworm
Posts: 5,708

Original Poster
Rep: Reputation: 479Reputation: 479Reputation: 479Reputation: 479Reputation: 479
Post

Hi wpeckham.

I initially did this many months ago. I followed this guide from somewhere.

Code:
sudo apt-get install dnsmasq
Network Connections
IPv4 settings
Select as method: Only automatic address (DHCP)
DNS servers 127.0.0.1, 8.8.8.8, 8.8.4.4
127.0.0.1 is for dnsmasq, and other two (8.8.8.8 and 8.8.4.4) are Google's DNS servers ~ I no longer use google dns - instead now using opennic

Code:
sudo service network-manager restart
Now that you've installed and configured, repeat previous test. That is, run following command few times:
dig madrid.salir.com | grep "Query time"
Now you'll have second gives 0. This is because address has been stored, and second time has not made query.

Last edited by linustalman; 09-20-2015 at 02:27 PM.
 
Old 09-20-2015, 04:23 PM   #4
brebs
Member
 
Registered: May 2013
Posts: 89

Rep: Reputation: Disabled
Quote:
Originally Posted by LinusStallman View Post
DNS servers 127.0.0.1, 8.8.8.8, 8.8.4.4
127.0.0.1 is for dnsmasq, and other two (8.8.8.8 and 8.8.4.4) are Google's DNS servers ~ I no longer use google dns - instead now using opennic
That looks like a slight misconfiguration, because it's pointless for dnsmasq to try to use itself as a nameserver - you're just adding a bit of delay while it tries itself, fails, and then moves on to trying a proper nameserver.

It's /etc/resolv.conf that should only be using 127.0.0.1
 
Old 09-21-2015, 05:13 AM   #5
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,564

Rep: Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684
resolv.conf

Agree totally: except --

I would set resolv.conf to three nameservers with 127.0.0.1 first. That way when dnsmasq is down or broken, you still get name resolution and can download packages.
 
Old 09-21-2015, 05:25 AM   #6
brebs
Member
 
Registered: May 2013
Posts: 89

Rep: Reputation: Disabled
When is dnsmasq "down or broken"?

Adding 2 additional, external nameservers in /etc/resolv.conf kinda defeats the object of *local caching*, and it's quite inappropriate when using e.g. a company VPN to resolve non-public DNS names such as server.internal.companyname.com - such a lookup can only waste time and fail.
 
Old 09-21-2015, 09:23 PM   #7
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,564

Rep: Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684
Brebs, if you have never had software fail, break under an upgrade or software change on the system, then I suspect you are either not very experienced, or have lived a charmed life. Perhaps you are both.
Software fails.
Hardware fails.
Nothing lasts forever, but we can fix some things and make the failures less fatal in others.
Making systems and networks able to continue to function even if one resource has failed is part of my job.
The second and third name-servers in resolv.conf will never be used as long as the first always responds. When it is down or does not respond, the second will receive requests. As long as it responds, the third will never be used.
If (when) dnsmasq has a problem, do you really want all of your name resolution to fail? I think not.
As for local network machines, it is normal to load the hosts file with the fixed addresses on your local network anyway. Dnsmasq will use them to pre-load those table entries. The will also allow the dnsmasq machine to continue to address them by name if dnsmasq is not working.
These things are not replaced by Dnsmasq, they are there to be used BY Dnsmasq, and by the local system as well.
Used properly, they result in a more reliable and efficient system.

Last edited by wpeckham; 09-21-2015 at 09:25 PM.
 
Old 09-22-2015, 01:18 AM   #8
brebs
Member
 
Registered: May 2013
Posts: 89

Rep: Reputation: Disabled
Rant excepted, thanks for the info that /etc/resolv.conf nameservers are tried in strict order - I wasn't sure if that was still true, with all the glibc tweaks over the years, and have just verified with a little experimentation (unless options rotate is used).

So yeah, adding public nameservers to the bottom of /etc/resolv.conf ain't such a bad idea - as long as your local caching nameserver is listed *first*.

Last edited by brebs; 09-22-2015 at 01:21 AM. Reason: Mention options rotate
 
Old 09-29-2015, 08:32 AM   #9
linustalman
LQ Guru
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 12 Bookworm
Posts: 5,708

Original Poster
Rep: Reputation: 479Reputation: 479Reputation: 479Reputation: 479Reputation: 479
@wpeckham & @brebs -- please don't fight. :-)

So to sum things up -- should I install dnsmasq and use 127.0.0.1 as my first DNS server and comma separated 1 or 2 other servers e.g. OpenNIC ones?
 
Old 10-01-2015, 07:36 PM   #10
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,564

Rep: Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684
Sure

I would.
 
Old 10-02-2015, 04:29 AM   #11
linustalman
LQ Guru
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 12 Bookworm
Posts: 5,708

Original Poster
Rep: Reputation: 479Reputation: 479Reputation: 479Reputation: 479Reputation: 479
Thumbs up

Quote:
Originally Posted by wpeckham View Post
I would.
Ok. ^_^
 
Old 10-10-2015, 08:49 PM   #12
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,564

Rep: Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684Reputation: 2684
Curiosity killed the... We are not cats.

So, have you any update for us about how that solution is working for you?
 
Old 10-11-2015, 10:02 AM   #13
linustalman
LQ Guru
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 12 Bookworm
Posts: 5,708

Original Poster
Rep: Reputation: 479Reputation: 479Reputation: 479Reputation: 479Reputation: 479
Thumbs up

Quote:
Originally Posted by wpeckham View Post
So, have you any update for us about how that solution is working for you?
Hello again wpeckham.

Yes, all is good.
 
  


Reply

Tags
dns


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Questions regarding DNS setup between multiple servers. jim.thornton Linux - Server 2 08-23-2012 07:30 AM
Asus Eee PC Gnu/Linux install questions Krautnribs Linux - General 2 08-26-2011 07:01 AM
IPv6 BIND DNS Setup Questions 0.o Linux - Server 3 01-16-2011 05:42 PM
LXer: Howto Setup Streaming Media Server in Ubuntu GNU/Linux LXer Syndicated Linux News 0 04-05-2007 02:46 PM
LXer: Basic setup of MySQL in GNU/Linux LXer Syndicated Linux News 4 02-16-2006 12:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration