Typcially the /etc/resolv.conf file is just used to figure out where to request glibc’s DNS queries, however the /etc/resolv.conf file has some options that can also provide to control a few things.
Most of the information below is pulled directly from the resolv.conf man pages, and it is recommended to review ‘man resolv.conf’ for better understanding of the various options used. I’m not going to cover every option, just the common ones.
nameserver:
We already discussed that the basic function is to define one or more nameservers to send queries to. It should be noted that there is a maximum limit of three (3) DNS servers that are allowed to be defined.
If they need to define more they would need to use a DNS service or application such as dnsmasq, bind, unbound, systemd-resolved, nscd, etc.
If there are multiple servers, the resolver library queries them in the order listed.
search/domain:
‘search’ is the currently used value and ‘domain’ is a now deprecated value that does the same thing as search.
What this does is it allows you to set a list of domains to append to the query to search the nameservers for.
Sometimes, companies will use shortnames in scripts, and configure their DNS to append the proper domain to those shortnames in order for DNS resolution to work.
Let’s say for example I have a company domain ‘somedomain.com’. I have 5 machines within this domain:
one
two
three
four
five
I have /etc/resolv.conf configured pointing to my BIND DNS server running as a local service:
nameserver 127.0.0.1This nameserver has all of my machines defined within the records for my domain somedomain.com
If I query:
# nslookup oneIt’s going to send the word ‘one’ to my nameserver, which is going to fail because there is no domain defined.
BUT
If I add to /etc/resolv.conf:
search somedomain.comIt then changes the query. Now when I do
# nslookup oneIt queries one.somedomain.com to my DNS server — and thus we get a valid record.
If my DNS server does not have a record for one.somedomain.com, then it tries the standard “one” query again without the search domain applied (which would still fail)
If I have multiple search domains defined:
somedomain.com someotherdomain.comIt will search my DNS server for those in order:
one.somedomain.com
one.someotherdomain.com
oneoptions:
Within the ‘options’ line we might see something like this:
options timeout:5 attempts:3 rotateThis tells the resolver:
(1) timeout the query attempt after 5 seconds,
(2) make 3 attempts total
(3) start from the second nameserver and wrap around
timeout:n
Sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. This may not be the total time taken by any resolver API call and there is no guarantee that a single resolver API call
maps to a single timeout. Measured in seconds, the default is RES_TIMEOUT (currently 5, see <resolv.h>). The value for this option is silently capped to 30.
attempts:n
Sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see <resolv.h>). The value for this option is silently capped to 5.
rotate Sets RES_ROTATE in _res.options, which causes round-robin selection of name servers from among those listed. This has the effect of spreading the query load among all listed servers, rather than having all clients try the first listed server first every time.Lastly, it’s important to note that /etc/resolv.conf can often be dynamically altered/controlled by different applications such as NetworkManager or systemd-resolved. We have a KCS article that covers how to make persistent/static changes to the /etc/resolv.conf file:
How to make persistent changes to the /etc/resolv.conf?
https://access.redhat.com/solutions/7412