LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-21-2014, 03:22 AM   #1
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,634

Rep: Reputation: Disabled
Setting addresses for alternate DNS-servers


I wanted (for well known and obvious reasons) to use DNS-servers which understand DNSSEC. I got their IPs from http://wiki.ipfire.org/en/dns/public-servers.

I use the net via a mobile connection.

Now I know in openSuSE for wired connections one has to edit /etc/sysconfig/network/config and change "NETCONFIG_DNS_STATIC_SERVERS", assigning the appropriate IPs like e.g. "194.150.168.168 8.8.8.8 178.63.73.246 204.117.214.10" for four alternatives. Did that and ran "netconfig update -f". Result: in /etc/reslov.conf appear the first three of them. Hmm.

Additionally for the mobile connedtion I entered the four IP-addresses in the networkmanager's menu named "additional DNS-Servers".

When I look at /var/log/messages I see lines like
Code:
netbook pppd[2575]: primary DNS address 193.189.244.225
netbook pppd[2575]: secondary DNS address 193.189.244.206
Not what I hoped for.

Any suggestions how to get the desired DNS-servers into use?
 
Old 08-21-2014, 11:37 AM   #2
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
if u use dhcp this could be the solution.

the way i choose dns servers is to edit /etc/dhcp/dhclient.conf (i am using dhcp). i add this line to it.
Quote:
supersede domain-name-servers 8.8.8.8, 8.8.4.4;
i use googles dns servers but i believe u could use ur servers, not sure if all four.
 
Old 08-21-2014, 05:12 PM   #3
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Quote:
Originally Posted by JZL240I-U View Post
I wanted (for well known and obvious reasons) to use DNS-servers which understand DNSSEC. I got their IPs from http://wiki.ipfire.org/en/dns/public-servers.

I use the net via a mobile connection.

Now I know in openSuSE for wired connections one has to edit /etc/sysconfig/network/config and change "NETCONFIG_DNS_STATIC_SERVERS", assigning the appropriate IPs like e.g. "194.150.168.168 8.8.8.8 178.63.73.246 204.117.214.10" for four alternatives. Did that and ran "netconfig update -f". Result: in /etc/reslov.conf appear the first three of them. Hmm.

Additionally for the mobile connedtion I entered the four IP-addresses in the networkmanager's menu named "additional DNS-Servers".

When I look at /var/log/messages I see lines like
Code:
netbook pppd[2575]: primary DNS address 193.189.244.225
netbook pppd[2575]: secondary DNS address 193.189.244.206
Not what I hoped for.

Any suggestions how to get the desired DNS-servers into use?
Well, if you try the way that you are doing at the moment, using the standard resolver (which I assume is what networkmanager does), you are probably always restricted to a maximum of three (used to be two...don't know exactly when it changed, but it must be some time ago) and you'll probably always be confused about what is going on (given a chance, the standard resolver swaps upstreams on you and then swaps them back when you look - ok, maybe its not that confusing, once you've caught on, but you'll be confused for a while).

And, adding several upstream resolvers is always a low-performance way of proceeding, if the first upstream isn't reasonable fast. It issues a request to the first, waits, waits some more, and then waits a bit for luck and then tries the second and repeats all the waiting stuff before trying the third. This is fine if you get an answer reasonably quickly from the first, but, otherwise is the opposite of fine. It is particularly the opposite of fine if you have to do half a dozen, or more, look ups to get one website page because the website has all sorts of analytics and advertising stuff hung on.

Now, you might think that this isn't much better than having fewer upstream resolvers and at least having it fail quickly and even wasn't why you were doing all of this messing about with multiple upstreams. And that would be a fair point.

The answer: DNSMASQ. Suse does a fair job of configuring it nearly 'automagically', so I can't see why you wouldn't, and recent versions are compatible with DNSSEC upstreams. Well, unless you were a masochist, and then you'd use BIND. But then, you'd regret it, at least by the time that you'd chrooted it. Although, if you want both DNSSEC and DNSCURVE, that might be more difficult.
 
Old 08-22-2014, 07:24 AM   #4
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,634

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ////// View Post
if u use dhcp this could be the solution...
I editet the dhclient.conf but my UMTS-stick will be available only monday, so please bear with me, I'll report back.

One question, though: the dhclient.conf also contains a statement like this:

Code:
request domain-name-servers
Should I comment that out or are the servers needed to be superseeded? I don't really understand the results of a granted request here...

Last edited by JZL240I-U; 08-22-2014 at 07:26 AM.
 
Old 08-22-2014, 07:34 AM   #5
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,634

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by salasi View Post
...Well, if you try the way that you are doing at the moment, using the standard resolver (which I assume is what networkmanager does), you are probably always restricted to a maximum of three (used to be two...don't know exactly when it changed, but it must be some time ago) ...
Might be it is still only two, since the log talks only about primary and secondary servers.

Quote:
Originally Posted by salasi View Post
...and you'll probably always be confused about what is going on (given a chance, the standard resolver swaps upstreams on you and then swaps them back when you look - ok, maybe its not that confusing, once you've caught on, but you'll be confused for a while)..
No, no, I'm confused right away .

Quote:
Originally Posted by salasi View Post
...And, adding several upstream resolvers is always a low-performance way of proceeding, if the first upstream isn't reasonable fast. It issues a request to the first, waits, waits some more, and then waits a bit for luck and then tries the second and repeats all the waiting stuff before trying the third. This is fine if you get an answer reasonably quickly from the first, but, otherwise is the opposite of fine. It is particularly the opposite of fine if you have to do half a dozen, or more, look ups to get one website page because the website has all sorts of analytics and advertising stuff hung on...
Well, the first is geographically close, the second is google -- so I can't really see a problem here, but I will bear this in mind and use only these two.

Quote:
Originally Posted by salasi View Post
...Now, you might think that this isn't much better than having fewer upstream resolvers and at least having it fail quickly and even wasn't why you were doing all of this messing about with multiple upstreams. And that would be a fair point..
Not really. I just wanted DNSSEC enabled servers.

Quote:
Originally Posted by salasi View Post
...The answer: DNSMASQ. Suse does a fair job of configuring it nearly 'automagically', so I can't see why you wouldn't, and recent versions are compatible with DNSSEC upstreams. Well, unless you were a masochist, and then you'd use BIND. But then, you'd regret it, at least by the time that you'd chrooted it. Although, if you want both DNSSEC and DNSCURVE, that might be more difficult.
I'll have to read up on that. Thanks for these pointers .

<edit> I googled for dnsmasq. I think that is more than I need. I just want my PC / netbook to use DNSSEC where possible (browsing, homebanking etc.). </edit>

Last edited by JZL240I-U; 08-22-2014 at 07:39 AM.
 
Old 08-26-2014, 09:23 AM   #6
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,634

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by JZL240I-U View Post
I editet the dhclient.conf but my UMTS-stick will be available only monday, so please bear with me, I'll report back.

One question, though: the dhclient.conf also contains a statement like this:

Code:
request domain-name-servers
Should I comment that out or are the servers needed to be superseeded? I don't really understand the results of a granted request here...
@ //////: I tried your suggestion "supersede domain-name-servers 8.8.8.8, 8.8.4.4" in dhclient.conf, but it didn't produce the desired results. /var/log/messages still shows those DNS-servers of my provider . Any advice for my question re the "request domain-name-servers" statement?
 
Old 09-02-2014, 11:07 AM   #7
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,634

Original Poster
Rep: Reputation: Disabled
Okay, it's solved. It has nothing to do with dhclient.conf.

One has to enter the IP-adresses of the dns-servers in the networkmanager applet twice. They go into the fields "DNS-Servers" and "Searchdomains" (? something like this. I use the German localization...). Additionally, on the "Routes"-tab one has to check "Ignore automatically received routes".

And you know what? "dmesg" or "/var/log/messages" do not log the changes. . Grrr. But "/etc/resolv.conf" as well as "nm-tool" show the new DNS-server's IP-adresses. Ah, well, at least I got it running the way I wanted it to. *sigh*

Last edited by JZL240I-U; 09-03-2014 at 06:50 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I determine the ip-addresses of ISP's DNS name servers? NorwegianBlue Linux - Networking 12 12-09-2008 12:49 PM
Setting up alternate IP addresses aescott Linux - Networking 1 03-31-2008 03:41 AM
Setting up DNS Servers properly? Swakoo Linux - Networking 36 02-21-2007 03:19 AM
Setting DNS ip addresses ombill Linux - Networking 3 02-27-2006 07:06 PM
Setting DNS servers Boudewijn Linux - Networking 1 12-25-2003 02:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration