resolv.conf and first nameserver lookup failures
in [Linux Networking]
|
From: Chris Davies on 5 Dec 2009 13:38 David Brown <david.brown(a)hesbynett.removethisbit.no> wrote: > Windows also seems to track DNS settings for each interface > individually, and it's possible that it will try the (primary) DNS > servers for each interface if it is getting NXDOMAIN. Empirically, I would tend to agree with you. I'm not sure about the NXDOMAIN, though: I'm pretty sure that Windows uses a particular DNS server for any given connection/domain. > I'd use a local dnsmasq server and specify different DNS servers for > different domains. This works really well. Chris
From: Moe Trin on 5 Dec 2009 15:17 On Fri, 04 Dec 2009, in the Usenet newsgroup comp.os.linux.networking, in article <hfbi2m$i6d$1(a)nnrp.linuxfan.it>, Alessandro wrote: >David Schwartz ha scritto: >> It looks like the resolver is doing the right thing. It tried the >> first resolver first, and the first resolver told it "that domain >> definitely does not exist". Now you claim the second nameserver >> would have said it did exist. Well, one or the other must be wrong. >The fact is that the second nameserver is authoritative for "domain2" >domain, so if the first nameserver is not authoritative (because it >is asked for a box in domain2 and it does not know about that domain, >ie is not authoritative) the query should be passed to the next NS. Does your name server know all of the hostnames of all of the systems on the Internet? How then does it resolve the names? The name server has been configured to refer to (or ask directly) the name server that is authoritative. This is not the job of the resolver. >Bear in mind that "domain1" and "domain2" are local domains, for >instance "mydomain1.loc" and "mydomain2.loc". And provided that in >all domains I have DHCP+DNS working together (so to have DDNS) >there is no way to add glue records to the first NS, unless I use >some weird tricks. No - you don't understand what glue records are. Glue records are pointers to the IP of the name server that is authoritative for a range. If your name servers have dynamic IP addresses and like to hide from everyone, the idiot who set up the networks needs to be shot. Repeatedly. The glue records tell the name server to ask a different (authoritative) name server for answer, so that it can respond to the resolver making the original query. It's not the job of the resolver to figure out which name server to ask or to ask every name server it can find. >So why do we have many NS in resolv.conf and why can we set many >search domains for the "search" option? You need to study the man page for resolver (man 5 resolver). Unless you have tweaked /usr/include/resolv.h, you are limited to three nameserver declarations. You also want to read the description of the 'search' (and 'domain') keywords in that page. They are used to help determine _what_ names to ask for, not _who_ to ask. Old guy
From: Chris Davies on 5 Dec 2009 17:00 Moe Trin <ibuprofin(a)painkiller.example.tld> wrote: > You also want to read the description of > the 'search' (and 'domain') keywords in that page. They are used to > help determine _what_ names to ask for, not _who_ to ask. The problem that the OP has described is a real world one, however. And as has been pointed out there is no easy way for a Linux client to cope with it. Chris
From: pk on 5 Dec 2009 18:07 Chris Davies wrote: > Moe Trin <ibuprofin(a)painkiller.example.tld> wrote: >> You also want to read the description of >> the 'search' (and 'domain') keywords in that page. They are used to >> help determine _what_ names to ask for, not _who_ to ask. > > The problem that the OP has described is a real world one, however. And > as has been pointed out there is no easy way for a Linux client to cope > with it. As other have said, dnsmasq can do that. I agree that it requires extra software and it's not something a linux client can do easily by default (or can do at all).
From: pk on 5 Dec 2009 18:10
pk wrote: > Chris Davies wrote: > >> The problem that the OP has described is a real world one, however. And >> as has been pointed out there is no easy way for a Linux client to cope >> with it. > > As other have said, dnsmasq can do that. I agree that it requires extra > software and it's not something a linux client can do easily by default > (or can do at all). Ops, I hadn't seen your other reply, sorry. |