Size: 4624
Comment:
|
← Revision 14 as of 2023-06-22 20:45:42 ⇥
Size: 2200
Comment:
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
'''Domain Name Resolution''' ('''DNS''') on Linux is done in a very similar way to [[BSD/DNS|DNS on BSD]]. It is worth reiterating that [[BIND|DNS was invented for BSD]]. | '''Domain Name Resolution''' ('''DNS''') on Linux is done in a very similar way to [[BSD/DNS|DNS on BSD]]. It is worth reiterating that [[Bind|DNS was invented for BSD]]. |
Line 17: | Line 17: |
The '''Name Service Switch''' ('''NSS''') file (`/etc/nsswitch.conf`) defines the order of operations for various services, among them being name resolution. A minimal configuration looks like... |
The [[Linux/NsSwitchConf|Name Service Switch (NSS) configuration file]] (`/etc/nsswitch.conf`) defines the order of operations for various services, among them being name resolution. |
Line 24: | Line 22: |
This configuration will require a fully configured hosts file, as seen below. |
|
Line 33: | Line 29: |
See [[Linux/nsswitch.conf|here]] for more details on configuring `/etc/nsswitch`. |
|
Line 39: | Line 33: |
The '''hosts''' file (`/etc/hosts`) is a list of addresses and names, especially for local hosts and machines. A basic hosts file looks like: | The [[Linux/Hosts|hosts file]] (`/etc/hosts`) is a list of addresses and names, especially for local hosts and machines. |
Line 45: | Line 39: |
See [[Linux/hosts|here]] for more details on configuring `/etc/hosts`. |
|
Line 51: | Line 43: |
The '''resolver''' configuration file (`/etc/resolv.conf`) is a list of nameservers to query for name resolution. The file is read sequentially for up to 3 nameservers for each lookup. As such, changes are effective immediately. | The [[Linux/ResolvConf|resolver configuration file]] (`/etc/resolv.conf`) is a list of nameservers to query for name resolution. Changes are immediately effective. |
Line 59: | Line 51: |
See [[Linux/resolv.conf|here]] for more details on configuring `/etc/resolv.conf`. | Services that manipulate the resolver file include: * [[Linux/SystemdResolved|systemd-resolved(8)]] and it's userland utility `resolvectl(1)` * [[Linux/SystemdResolved#ResolveConf|systemd-resolveconf(8)]] * [[OpenResolv|openresolve]] with [[Linux/ResolvConfConf|resolveconf.conf(5)]] * [[Dhcpcd|dhcpcd(8)]] * [[NetworkManager|NetworkManager(8)]] === Utilities === * `drill(1)`, used as `drill NAME @SERVER TYPE` * [[Bind/Dig|dig(1)]] |
Line 71: | Line 76: |
---- == Usage == === Userland === A number of tools exist for debugging DNS on Linux: * `drill(1)`, used as `drill NAME @SERVER TYPE` * `dig(1)` (see [[BIND]]) used as `dig @SERVER NAME TYPE` * `resolvectl(1)` (see [[Linux/SystemdResolved|systemd-resolved]]), used as `resolvectl status` === System === This is primarily a list of programs that are known to manipulate the resolver file. ==== openresolv ==== `openresolv` is an implementation of `resolvconf(1)`. The purpose of this script is to manage all of the programs that want to overwrite the resolver file. To disable `openresolv`, set `resolveconf=NO` in the configuration file. See [[Linux/resolvconf.conf|here]] for more details on configuring `/etc/resolvconf.conf`. ==== dhcpcd ==== `dhcpcd(8)` is primarily a [[Protocols/DHCP|DHCP]] client. It will try to send DHCP information to `resolvconf(8)` (see above), but as a backup it will itself overwrite `/etc/resolv.conf`. To prevent `dhcpcd(8)` from overwriting the resolver file, update `/etc/dhcpcd.conf` with: {{{ nohook resolv.conf }}} For most use cases, it is sufficient to provide a header file (`/etc/resolv.conf.head`) that `dhcpcd` will insert at the top of the new resolver file. ==== systemd-resolvconf ==== `systemd-resolvconf` is a compatibility layer between [[Linux/SystemdResolved|systemd-resolved]] (see below) and `resolvconf(1)` (see above). ==== systemd-resolved ==== See [[Linux/SystemdResolved|here]]. ==== NetworkManager ==== `NetworkManager(8)` is an end-all be-all networking service. It assumes that it has ownership of the resolver file. To prevent `NetworkManager(8)` from overwriting the resolver file, consider one of the following options. 1. Deactivate DNS features. {{{ [main] dns=none }}} 2.#2 Configure the `rc-manager` setting. {{{ [main] rc-manager=symlink }}} The `rc-manager` setting takes any of these values: * `symlink` or `none` means 'create `/run/NetworkManager/resolv.conf` and, if it is a normal file, `/etc/resolv.conf`'. If the resolver file is a link to any other file, it is left alone. This is the default setting. * `file` means 'create `/etc/resolv.conf`'. * `resolvconf` * `netconfig` * `unmanaged` `NetworkManager(8)` configuration should be located in one of: * `/etc/NetworkManager/NetworkManager.conf` * `/etc/NetworkManager/conf.d/` |
DNS on Linux
Domain Name Resolution (DNS) on Linux is done in a very similar way to DNS on BSD. It is worth reiterating that DNS was invented for BSD.
Contents
Name resolution
Name Service Switch
The Name Service Switch (NSS) configuration file (/etc/nsswitch.conf) defines the order of operations for various services, among them being name resolution.
hosts: files dns
Consider instead this configuration, which makes use of libraries and services from the systemd project. This will enable some omissions from the hosts file.
hosts: files mymachines myhostname dns
Hosts
The hosts file (/etc/hosts) is a list of addresses and names, especially for local hosts and machines.
127.0.0.1 localhost
Resolver
The resolver configuration file (/etc/resolv.conf) is a list of nameservers to query for name resolution. Changes are immediately effective.
If the resolver file is being configured directly, then it should look like:
nameserver 8.8.8.8
Services that manipulate the resolver file include:
systemd-resolved(8) and it's userland utility resolvectl(1)
Utilities
drill(1), used as drill NAME @SERVER TYPE
Multicast name resolution
Multicast domain name resolution (mDNS) is an expansion of the DNS protocol. An mDNS broadcaster makes use of port 5353 and resolves names in the .local domain.
Note that there is also partial/coincidental support for link-local multicast name resolution (LLMNR) in many of the Linux implementations of mDNS. LLMNR is a similar but deliberately incompatible protocol (using port 5355) and also with a limited scope for features.