DNS on Linux
Domain Name Resolution (DNS) on Linux is done in a very similar way to DNS on BSD. It is worth reiterating that DNS was invented for BSD.
Contents
Name resolution
Name Service Switch
The Name Service Switch (NSS) file (/etc/nsswitch.conf) defines the order of operations for various services, among them being name resolution.
A minimal configuration looks like...
hosts: files dns
This configuration will require a fully configured hosts file, as seen below.
Consider instead this configuration, which makes use of libraries and services from the systemd project. This will enable some omissions from the hosts file.
hosts: files mymachines myhostname dns
See here for more details on configuring /etc/nsswitch.
Hosts
The hosts file (/etc/hosts) is a list of addresses and names, especially for local hosts and machines. A basic hosts file looks like:
127.0.0.1 localhost
See here for more details on configuring /etc/hosts.
Resolver
The resolver configuration file (/etc/resolv.conf) is a list of nameservers to query for name resolution. The file is read sequentially for up to 3 nameservers for each lookup. As such, changes are effective immediately.
If the resolver file is being configured directly, then it should look like:
nameserver 8.8.8.8
See here for more details on configuring /etc/resolv.conf.
Multicast name resolution
Multicast domain name resolution (mDNS) is an expansion of the DNS protocol. An mDNS broadcaster makes use of port 5353 and resolves names in the .local domain.
Note that there is also partial/coincidental support for link-local multicast name resolution (LLMNR) in many of the Linux implementations of mDNS. LLMNR is a similar but deliberately incompatible protocol (using port 5355) and also with a limited scope for features.
Usage
Userland
A number of tools exist for debugging DNS on Linux:
drill(1), used as drill NAME @SERVER TYPE
dig(1) (see BIND) used as dig @SERVER NAME TYPE
resolvectl(1) (see systemd-resolved), used as resolvectl status
System
This is primarily a list of programs that are known to manipulate the resolver file.
openresolv
openresolv is an implementation of resolvconf(1). The purpose of this script is to manage all of the programs that want to overwrite the resolver file.
To disable openresolv, set resolveconf=NO in the configuration file.
See here for more details on configuring /etc/resolvconf.conf.
dhcpcd
dhcpcd(8) is primarily a DHCP client. It will try to send DHCP information to resolvconf(8) (see above), but as a backup it will itself overwrite /etc/resolv.conf.
To prevent dhcpcd(8) from overwriting the resolver file, update /etc/dhcpcd.conf with:
nohook resolv.conf
For most use cases, it is sufficient to provide a header file (/etc/resolv.conf.head) that dhcpcd will insert at the top of the new resolver file.
systemd-resolvconf
systemd-resolvconf is a compatibility layer between systemd-resolved (see below) and resolvconf(1) (see above).
systemd-resolved
See here.
NetworkManager
NetworkManager(8) is an end-all be-all networking service. It assumes that it has ownership of the resolver file.
To prevent NetworkManager(8) from overwriting the resolver file, consider one of the following options.
- Deactivate DNS features.
[main] dns=none
Configure the rc-manager setting.
[main] rc-manager=symlink
The rc-manager setting takes any of these values:
symlink or none means 'create /run/NetworkManager/resolv.conf and, if it is a normal file, /etc/resolv.conf'. If the resolver file is a link to any other file, it is left alone. This is the default setting.
file means 'create /etc/resolv.conf'.
resolvconf
netconfig
unmanaged
NetworkManager(8) configuration should be located in one of:
/etc/NetworkManager/NetworkManager.conf
/etc/NetworkManager/conf.d/