How to Configure Multiple DNS Servers in dhcpd.conf: Best Practices for Redundancy


4 views

In DHCP configurations, specifying multiple DNS servers provides crucial redundancy when the primary server becomes unavailable. The standard approach using two servers (like Google's 8.8.8.8 and Level3's 4.2.2.2) works well, but adding a third backup server can enhance reliability.

The ISC DHCP server fully supports specifying three or more DNS servers in dhcpd.conf:

option domain-name-servers 8.8.8.8, 4.2.2.2, 1.1.1.1;  # Primary, secondary, tertiary
option domain-name-servers 192.168.1.10, 192.168.1.11, 8.8.4.4;  # Local + cloud backup

When implementing tertiary DNS:

  • Client behavior varies - most OSes will try servers sequentially
  • Windows clients typically use all specified servers in round-robin
  • Linux clients usually try servers in order until one responds

Here's a complete subnet declaration with three DNS servers:

subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.100 192.168.1.200;
    option routers 192.168.1.1;
    option domain-name-servers 192.168.1.5, 192.168.1.6, 9.9.9.9;
    option domain-name "example.com";
}

For dynamic DNS server selection, you could implement a script-based solution:

#!/bin/bash
PRIMARY_DNS="192.168.1.5"
BACKUP1="192.168.1.6"
BACKUP2="9.9.9.9"

if nc -z -w 2 $PRIMARY_DNS 53; then
    echo "option domain-name-servers $PRIMARY_DNS, $BACKUP1;" > /etc/dhcp/dhcpd.conf.d/dns.conf
else
    echo "option domain-name-servers $BACKUP1, $BACKUP2;" > /etc/dhcp/dhcpd.conf.d/dns.conf
fi
systemctl reload dhcpd

After configuration, verify with:

dhcpd -t -cf /etc/dhcp/dhcpd.conf  # Test configuration
systemctl restart dhcpd
dhcp-lease-list  # Check leased clients

When configuring DHCP servers, the domain-name-servers option is fundamental for providing clients with DNS resolution capabilities. The standard syntax allows specifying multiple DNS servers separated by commas, as shown in this basic example:

option domain-name-servers 8.8.8.8, 4.2.2.2, 1.1.1.1;

The ISC DHCP server fully supports configuring three or more DNS servers. Here's a complete working example from a production environment:

subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.50 192.168.1.200;
    option routers 192.168.1.1;
    option domain-name "example.com";
    option domain-name-servers 192.168.1.10, 192.168.1.11, 8.8.8.8;
}

Most modern operating systems handle multiple DNS servers intelligently:

  • Windows: Tries servers sequentially until one responds
  • Linux (glibc): Uses the first server by default but can fail over
  • macOS: Implements a sophisticated rotation system

For environments requiring high availability, consider these enhancements:

# Health-check based DNS server selection
on commit {
    set dns_servers = "";
    if (can-resolve-host("internal-dns1.example.com")) {
        set dns_servers = concat(dns_servers, "192.168.1.10,");
    }
    if (can-resolve-host("internal-dns2.example.com")) {
        set dns_servers = concat(dns_servers, "192.168.1.11,");
    }
    option domain-name-servers = concat(dns_servers, "9.9.9.9");
}

While adding more DNS servers increases redundancy, it's important to:

  • Limit to 3-4 servers maximum to avoid client timeout issues
  • Place fastest/most reliable servers first in the list
  • Consider geographic distribution for remote workers
  • Monitor client DNS resolution times