DNS Nameserver Query Order in resolv.conf: Behavior, Customization, and Distro-Specific Considerations


2 views

The resolv.conf file defines DNS resolution behavior in Unix-like systems. Nameservers are queried in strict sequential order as listed in the file. The resolver sends queries to the first nameserver and only proceeds to the next if:

  • The first server times out (default timeout: 5 seconds)
  • Returns SERVFAIL or REFUSED response
  • Doesn't provide a valid answer

On Debian-based systems (including Squeeze), you can influence the nameserver order through these methods:

1. Manual resolv.conf Editing

# /etc/resolv.conf
nameserver 8.8.8.8    # Primary
nameserver 1.1.1.1    # Secondary
options timeout:2 attempts:1

2. Using resolvconf Utility

# Install if not present
sudo apt-get install resolvconf

# Configure interface-specific DNS
echo "nameserver 208.67.222.222" | sudo tee -a /etc/resolvconf/resolv.conf.d/head
sudo resolvconf -u

3. NetworkManager Control

# For systems using NetworkManager
nmcli connection modify eth0 ipv4.dns "9.9.9.9 8.8.4.4"
nmcli connection up eth0

While the core resolver behavior follows POSIX standards, implementations vary:

Distribution Notable Behavior
Debian/Ubuntu Uses resolvconf for dynamic updates
RHEL/CentOS NetworkManager overwrites resolv.conf by default
Arch Linux Manual configuration or systemd-resolved

Setting Custom Timeouts

# /etc/resolv.conf
options timeout:1 attempts:2 rotate

Implementing Client-Side Load Balancing

# The 'rotate' option enables round-robin selection
options rotate timeout:1 attempts:1

nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1

Testing Configuration Changes

# Verify resolution order
dig example.com +stats | grep "SERVER:"

# Check response times
time dig @8.8.8.8 example.com
time dig @1.1.1.1 example.com

For Debian Squeeze specifically, note that newer versions may use systemd-resolved, but Squeeze's behavior follows the traditional resolver implementation.

The resolv.conf file specifies DNS nameservers in a specific order, and the system typically uses them sequentially:

nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 192.168.1.1

In this example, the system will first attempt resolution with 8.8.8.8 (Google DNS). Only if that fails will it try 1.1.1.1 (Cloudflare), and finally the local resolver at 192.168.1.1.

There are several ways to influence this behavior:

  • Manual ordering: Simply rearrange the entries in /etc/resolv.conf
  • Using options: The options directive can modify behavior:
options rotate
nameserver 8.8.8.8
nameserver 1.1.1.1

The rotate option enables round-robin selection instead of strict ordering.

Debian (including Squeeze) typically manages resolv.conf through:

  • The resolvconf package (if installed)
  • Network manager configurations

To manually override in Debian:

# Prevent automatic updates to resolv.conf
sudo chattr +i /etc/resolv.conf

Verify nameserver behavior with:

dig example.com | grep SERVER
# Or for multiple tests:
for ns in $(grep nameserver /etc/resolv.conf | awk '{print $2}'); do 
  echo "Testing $ns"; 
  dig @$ns example.com | grep "Query time"; 
done

For programmatic control, you might implement DNS selection in Python:

import socket
import dns.resolver

resolver = dns.resolver.Resolver()
resolver.nameservers = ['8.8.8.8', '1.1.1.1']  # Ordered list

try:
    answers = resolver.resolve('example.com')
    for rdata in answers:
        print(rdata.address)
except dns.resolver.NoNameservers:
    print("All nameservers failed")