In my /etc/network/interfaces I have multiple servers listed on dns-nameservers, one set of ubuntu servers has 3, another 4. We had no issues until we were forced to add yet 2 more to each, but we still could not successfully resolve using the new DNS servers. After some investigation, we found that only 3 DNS servers were copied into /etc/resolv.conf. We are able to resolve our immediate issue by putting the 3 primary servers in there and omitting the backup DNS servers, but I'd like to get keep all necessary DNS servers available.
As for why so many:
- 8.8.8.8 is used because it gets updated information faster than our internal ones
- Our internal network DNS
- Another DNS for a DB cluster
4 Answers
You can use dnsmasq to add any number of additional DNS servers. Here's how to do it.
First install dnsmasq:
sudo apt install dnsmasqEdit configuration file and add Your dns servers there (f.ex at the end of the file):
sudo nano /etc/dnsmasq.conf
server=8.8.8.8
server=8.8.4.4Save the file and now edit the file (and add 127.0.0.1 as a nameserver) :
sudo nano /etc/resolv.conf
nameserver 127.0.0.1Restart dnsmasq (or even better reboot PC):
sudo service dnsmasq restartVerify if dnsmasq responds to DNS queries (look for SERVER, should be 127.0.0.1):
dig google.pl
;; SERVER: 127.0.0.1#53(127.0.0.1)NOTE: Sometimes Network Manager can override the /etc/resolv.conf file so You can make it read-only:
sudo chmod -w /etc/resolv.confNOTE 2: It is possible that You will have to disable build-in dns
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolvedThis will sound like it's 'overkill' for what you need, but in fact this is probably the most 'stable' solution so far to handle routing of DNS requests based on what exactly you are requesting.
This can be deployed on an independent server or on the local server(s) itself.
Set up a bind9 DNS server set up as forwarders to properly route requests to the proper DNS servers based on requested domains.
This may sound like overkill, but this is actually a sane solution. But, we'll have to do some changes to make this work proper.
Step 0: As you are on 16.04, we need to bind the bind9 server to a separate localhost address on 127.0.2.1 for a local listener.
ONLY DO THIS STEP if you are running this on the server itself, and not as its own independent DNS server that your server will query to. If you are running this on a separate server so the server you were making the complaints about will send queries to this server, skip to step 1. OTHERWISE, do these changes on the server you are complaining about.
First, we need to add 127.0.2.1 to your system. This way, you can bind to the address properly.
Edit your /etc/network/interfaces file, and underneath the iface lo inet loopback line add this:
up ip -4 addr add 127.0.2.1/8 dev lo down ip -4 addr del 127.0.2.1/8 dev loYou can either reboot your system now to get this address added, or if you do NOT want to reboot, you can add this manually:
sudo ip -4 addr add 127.0.2.1/8 dev loOnce you verify this address is set up (ip -4 addr list will show 127.0.2.1 now), we can continue.
Step 1: Install bind9
First, install bind9.
sudo apt install bind9Next, once it's installed, we need to configure it. For the purposes of this answer, I am going to be using the following examples:
*.db.example.com is served by DNS server 10.3.2.1
*.internal.example.com is served by DNS server 10.2.3.4
Internet nameservers are serviced by 8.8.8.8 and 8.8.4.4 (Google)Step 2: Configure bind9
Edit the /etc/bind/named.conf.options file so it looks like this:
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See //======================================================================== dnssec-enable yes; dnssec-validation yes; minimal-responses yes; auth-nxdomain no; # conform to RFC1035 // If this bind9 instance is acting as a standalone server for // multiple systems to query to, then omit 127.0.2.1 here and // adjust 10.10.1.0 to be the server's actual IP address on network. // // If this bind9 instance is ONLY serving the local server you were // trying to get 5 Nameservers onto, then only use 127.0.2.1 here. listen-on { 127.0.2.1; 10.10.1.0; }; // If you don't have IPv6 set up, then leave this like this: listen-on-v6 { none; }; allow-query { 127.0.0.0/8; 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; }; allow-transfer { 127.0.0.0/8; 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; }; allow-recursion { 127.0.0.0/8; 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; };
};This will set up bind9 so that all otherwise unmatched requests will be forwarded to Google's nameservers on 8.8.8.8 and 8.8.4.4 in order.
Now, I mention "unmatched requests". We have to configure the other two internal forwarder zones for the aforementioned 'example' ranges.
Edit /etc/bind/named.conf.local. We'll need to add some things now.
At the end of the file, add this:
zone "db.example.com" { type forward; forwarders { 10.3.2.1; };
};
zone "internal.example.com" { type forward; forwarders { 10.2.3.4; };
};Then, once this is done, we need to restart the bind9 service.
sudo systemctl restart bind9Once this is restarted, we should see this listening on both its server's localhost and/or the system's IP address depending on the configurations above.
Step 3: Make sure the server resolves right.
Run some DNS queries against this server (you may need dnsutils installed for this). For "ADDRESS", use the IP address of the server running bind9 if it is standalone server, use the IP address of 127.0.2.1 if you are running bind9 on the same server as the server you were asking about.
dig @ADDRESS +short server.db.example.com
dig @ADDRESS +short system.internal.example.com
dig @ADDRESS +short google.comAll three of these queries should resolve properly. Use proper hostnames for your environments, though.
If all of this works, then continue on.
Step 4: Set your server to properly use this nameserver
If this nameserver is now set up on a separate server from the server you were initially talking about, then in place of the 5 nameservers you were using before, only use the IP address of the server running this bind9 instance instead.
If this nameserver is set up locally on the same server as the one you were asking about, then use 127.0.2.1 in place of the 5 IP addresses.
Then reboot. You should then have DNS working as you expect to, but using bind9 as the mechanism instead of trying to get resolvconf to be working properly.
This may seem a complex setup but actually works pretty darn well. I use a similar setup for 'multiple environment' setups, where I need to use internal DNS servers on VPNs for certain subnet ranges but Internet addresses for everything else while bypassing other DNS servers. It may seem like an overkill solution but works.
Good luck, and ask questions if you have them as comments on my answer!
1For Ubuntu Versions after 16.04:
Just edit the file /etc/systemd/resolved.conf
Uncomment DNS and domains, enter the IPs and searchdomains (blank seperated) and restart systemd-resolv or reboot your host.
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details
[Resolve]
DNS=<IP> <IP>
#FallbackDNS=
Domains=<domain> <domain>
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=no
#Cache=yes
#DNSStubListener=udpFor Ubuntu versions with 16.04 or earlier
Use resolvconf :
sudo apt-get install resolvconfedit /etc/resolvconf/resolv.conf.d/tail to include your DNS servers and domains
nameserver 8.8.8.8
nameserver 4.4.4.4
nameserver 192.168.1.1
search mydomain.com myotherdomain.com corporatedomain.localthen restart the service
/etc/init.d/resolvconf restart
and your /etc/resolv.conf should look like this
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
nameserver 8.8.8.8
nameserver 4.4.4.4
nameserver 192.168.1.1
search mydomain.com myotherdomain.com corporatedomain.localFor anyone following the steps from Michal Przybylowicz's answer and having trouble with NetworkManager rewriting the /etc/resolv.conf with 127.0.0.53 - add dns=dnsmasq to the section [main] in /etc/NetworkManager/NetworkManager.conf. Then execute:
systemctl restart NetworkManager
systemctl restart dnsmasq
