Re: DNS resolver issue
On Mon, Jan 24, 2022 at 07:05:27AM -0500, Henning Follmann wrote: > On Mon, Jan 24, 2022 at 10:14:23AM +, Bhasker C V wrote: > > I am running example.local domain on my interface(192.168.2.1) (bind9) > > The domain is resolving fine. However I want to use 1.1.1.1 public DNS > > server for looking up other domains (external domains) > > Hence I have put both servers in /etc/resolv.conf > > > > ``` nameserver 1.1.1.1 > > nameserver 192.168.2.1 > > search example.local``` This is fundamentally wrong. All of the nameservers are treated equally. It's not a "try one, and if that says no such domain, try another" thing. It only tries another one if the first one doesn't give any response at all. > If you already are using bind, wouldn't it be the simplest way > to put 1.1.1.1 as a forward in your configuration and > then just use 192.168.2.1 as your recursive resolver? This. You need to use *only* 192.168.2.1 as your nameserver, and you need to configure whatever software is running on that IP address to forward non-local requests out to the public DNS resolver(s) of your choice. That'll be configured within the DNS software, not in the /etc/resolv.conf file.
Re: DNS resolver issue
On Mon, Jan 24, 2022 at 10:14:23AM +, Bhasker C V wrote: > Hi all, > > Please could someone help me with what I am doing wrong ? > > I am running example.local domain on my interface(192.168.2.1) (bind9) > The domain is resolving fine. However I want to use 1.1.1.1 public DNS > server for looking up other domains (external domains) > Hence I have put both servers in /etc/resolv.conf > > ``` nameserver 1.1.1.1 > nameserver 192.168.2.1 > search example.local``` > [...] If you already are using bind, wouldn't it be the simplest way to put 1.1.1.1 as a forward in your configuration and then just use 192.168.2.1 as your recursive resolver? -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: DNS resolver issue
Hi. On Mon, Jan 24, 2022 at 10:14:23AM +, Bhasker C V wrote: > $ dig +short server.example.local > 192.168.2.2 Just in case, using ".local" domain that way violates RFC 6762. There are numerous ways to name your private domain, but ".local" is not a proper name for that. > Now, isnt the lookup supposed to fall back to next server if first one > doesnt have an answer ? Only if the first DNS is unreachable or returning SERVFAIL. Your is returning NXDOMAIN, so this behaviour is expected. > How does multiple DNS servers entry work in resolv.conf ? Barring "options rotate", always try first nameserver specified for any query, switch to the second if timeout (5 seconds by default, according to resolv.conf(5), 30 seconds in practice) is reached. Easiest way to solve your problem would be specify an public resolver (1.1.1.1) in your bind configuration for anything but your domain, and then use only 192.168.2.1 in your resolv.conf. Reco
