I wanted (for well known and obvious reasons) to use DNS-servers which understand DNSSEC. I got their IPs from http://wiki.ipfire.org/en/dns/public-servers.

I use the net via a mobile connection.

Now I know in openSuSE for wired connections one has to edit /etc/sysconfig/network/config and change "NETCONFIG_DNS_STATIC_SERVERS", assigning the appropriate IPs like e.g. "194.150.168.168 8.8.8.8 178.63.73.246 204.117.214.10" for four alternatives. Did that and ran "netconfig update -f". Result: in /etc/reslov.conf appear the first three of them. Hmm.

Additionally for the mobile connedtion I entered the four IP-addresses in the networkmanager's menu named "additional DNS-Servers".

When I look at /var/log/messages I see lines like
Not what I hoped for.

Any suggestions how to get the desired DNS-servers into use?

if u use dhcp this could be the solution.

the way i choose dns servers is to edit /etc/dhcp/dhclient.conf (i am using dhcp). i add this line to it.
i use googles dns servers but i believe u could use ur servers, not sure if all four.

Well, if you try the way that you are doing at the moment, using the standard resolver (which I assume is what networkmanager does), you are probably always restricted to a maximum of three (used to be two...don't know exactly when it changed, but it must be some time ago) and you'll probably always be confused about what is going on (given a chance, the standard resolver swaps upstreams on you and then swaps them back when you look - ok, maybe its not that confusing, once you've caught on, but you'll be confused for a while).

And, adding several upstream resolvers is always a low-performance way of proceeding, if the first upstream isn't reasonable fast. It issues a request to the first, waits, waits some more, and then waits a bit for luck and then tries the second and repeats all the waiting stuff before trying the third. This is fine if you get an answer reasonably quickly from the first, but, otherwise is the opposite of fine. It is particularly the opposite of fine if you have to do half a dozen, or more, look ups to get one website page because the website has all sorts of analytics and advertising stuff hung on.

Now, you might think that this isn't much better than having fewer upstream resolvers and at least having it fail quickly and even wasn't why you were doing all of this messing about with multiple upstreams. And that would be a fair point.

The answer: DNSMASQ. Suse does a fair job of configuring it nearly 'automagically', so I can't see why you wouldn't, and recent versions are compatible with DNSSEC upstreams. Well, unless you were a masochist, and then you'd use BIND. But then, you'd regret it, at least by the time that you'd chrooted it. Although, if you want both DNSSEC and DNSCURVE, that might be more difficult.

I editet the dhclient.conf but my UMTS-stick will be available only monday, so please bear with me, I'll report back.

One question, though: the dhclient.conf also contains a statement like this:

Should I comment that out or are the servers needed to be superseeded? I don't really understand the results of a granted request here...

Might be it is still only two, since the log talks only about primary and secondary servers.

No, no, I'm confused right away .

Well, the first is geographically close, the second is google -- so I can't really see a problem here, but I will bear this in mind and use only these two.

Not really. I just wanted DNSSEC enabled servers.

I'll have to read up on that. Thanks for these pointers .

<edit> I googled for dnsmasq. I think that is more than I need. I just want my PC / netbook to use DNSSEC where possible (browsing, homebanking etc.). </edit>

@ //////: I tried your suggestion "supersede domain-name-servers 8.8.8.8, 8.8.4.4" in dhclient.conf, but it didn't produce the desired results. /var/log/messages still shows those DNS-servers of my provider . Any advice for my question re the "request domain-name-servers" statement?

Okay, it's solved. It has nothing to do with dhclient.conf.

One has to enter the IP-adresses of the dns-servers in the networkmanager applet twice. They go into the fields "DNS-Servers" and "Searchdomains" (? something like this. I use the German localization...). Additionally, on the "Routes"-tab one has to check "Ignore automatically received routes".

And you know what? "dmesg" or "/var/log/messages" do not log the changes. . Grrr. But "/etc/resolv.conf" as well as "nm-tool" show the new DNS-server's IP-adresses. Ah, well, at least I got it running the way I wanted it to. *sigh*