Configuring DNS on Linux (client)
The DNS - Domain Name System is used to resolve names to IP addresses and vice versa. In this article, we explain in a simple way how to configure DNS on Linux manually.
The implementation of the name resolution service is carried out by the BIND package or other DNS server packages. This package contains the files needed to configure the DNS and the service called named.
The DNS is structured on two basic points, the organization of the Internet into domains and the distribution of name servers on the network in the form of a hierarchy.
The organization of the Internet into domains avoids the use of the same name by more than one device and decentralizes the registration of networks and equipment.
Domains can be hierarchized by institutions and geographically.
The distribution of DNS servers is necessary because the centralization of a single database containing the information for the conversion of symbolic names into IP addresses would be unfeasible.
The Internet itself was born from a project called ARPANET, created by the American Department of Defense, which recommended a network without a central backbone and without centralized administration, making it virtually indestructible in the case of a computer, or piece of the network became inoperative.
On the Internet, there are several root servers geographically distributed and organized by suffixes. For example, the root servers for the suffix .br are hosted on Brazil.
There are 3 important configuration files for resolving names, already mentioned in the book:
- /etc/nsswitch.conf: This file has a line with the “hosts” command that determines the search order for name resolution. The “files” tag determines that /etc/hosts is consulted and the “dns” tag determines that the /etc/resolv.conf file is consulted to determine the IP of the DNS server.
- /etc/resolv.conf: This file has a line containing the nameserver command that determines the IP of the DNS server;
- /etc/hosts: This file may contain some name resolutions on IPs manually;
When accessing the Internet through a browser or any other network application, the Linux host follows the following sequence to identify the IP address of the desired Internet address name:
- Linux checks the /etc/nsswitch.conf file to determine the search order: whether it is in a file (/etc/hosts) or by DNS server (/etc/resolv.conf).
- If the order in /etc/nsswitch.conf is first “files “, the /etc/hosts file is consulted to try to determine the name resolution. If the occurrence is found, the IP address will be returned. If not found, the host will read the IP address of the DNS server in the /etc/resolv.conf file and query the DNS server to try to determine the IP address of the desired address. If the server returns an IP address, the name will be resolved. Otherwise, the application will receive a name resolution failure.
- If the order in /etc/nsswitch.conf is first “dns “, the /etc/resolv.conf file is consulted to obtain the IP address of the DNS server and a query will be made to the DNS server to try to determine the IP address of the desired address. If the DNS server finds the address, the application will receive the desired IP. Otherwise, the host will access the /etc/hosts file to try to determine the IP address of the desired address. If found, the IP will be returned. Otherwise, the application will receive a name resolution failure.
Example configuration for /etc/nsswitch.conf
Example of a basic configuration of the /etc/resolv.conf file:
Example of a basic configuration of the /etc/hosts file:
It is important that you understand how the name resolution process works, because the /etc/hosts, /etc/nsswitch.conf, /etc/resolv.conf files regulate the configuration of the DNS client.
It’s important to know that the name resolution order in the /etc/nsswitch.conf file affects how name resolution will behave. Once a name resolution issue is found, either on the DNS server or locally in the /etc/hosts file, the host is satisfied and does not use another service.
As a result, the following error cases may occur:
- There may be an address listed in /etc/hosts manually, which differs from the IP address that the DNS servers resolve. This may cause the host to connect to the wrong server, or even unable to connect because the IP address does not exist;
- a particular DNS server listed in /etc/resolv.conf is not active or the host is unable to connect to it, making it impossible to resolve names;