Anyone who's worked with CentOS networking knows the frustration: you carefully configure your /etc/resolv.conf with optimized parameters like:
options rotate timeout:1 attempts:2 nameserver 8.8.8.8 nameserver 8.8.4.4 nameserver 1.1.1.1
Only to find it mysteriously reset after a reboot or network service restart. This happens because CentOS's network management stack (NetworkManager or legacy network scripts) regenerates this file.
The default DNS resolution behavior in Linux has several shortcomings:
- Serial querying (no rotation) of nameservers
- 5-second timeout per query
- Only 2 retries before failing
This creates a worst-case scenario where DNS resolution can take up to 10 seconds (2 retries × 5s timeout) before failing over to the next nameserver.
For modern CentOS systems using NetworkManager:
- Create or edit
/etc/NetworkManager/conf.d/dns.conf: - Set up a static
resolv.conf: - Alternative method - configure DNS options in NetworkManager:
[main] dns=none
# chattr +i /etc/resolv.conf
nmcli connection modify eth0 ipv4.dns-options "rotate timeout:1 attempts:2" nmcli connection modify eth0 ipv4.dns "8.8.8.8 8.8.4.4 1.1.1.1" nmcli connection up eth0
For systems using traditional network scripts:
# Add to /etc/sysconfig/network-scripts/ifcfg-eth0: DNS1=8.8.8.8 DNS2=8.8.4.4 DNS3=1.1.1.1 PEERDNS=no RES_OPTIONS="rotate timeout:1 attempts:2"
On newer CentOS versions with systemd-resolved:
# /etc/systemd/resolved.conf [Resolve] DNS=8.8.8.8 8.8.4.4 1.1.1.1 DNSOverTLS=opportunistic Cache=yes DNSStubListener=yes
Then enable and start the service:
systemctl enable systemd-resolved systemctl start systemd-resolved ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Test your DNS resolution behavior with:
dig example.com | grep "Query time"
Or for a more thorough test:
for i in {1..10}; do
time dig example.com @8.8.8.8 >/dev/null
done
Anyone who's worked with CentOS networking knows the frustration: you carefully configure /etc/resolv.conf with optimized DNS settings like rotate, timeout, and attempts, only to find your changes mysteriously wiped out after a reboot or network service restart.
# Typical resolv.conf optimizations that get lost
options timeout:2 attempts:3 rotate
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1
This behavior stems from CentOS's network manager services (NetworkManager or dhclient) which regenerate resolv.conf dynamically. The default settings are particularly problematic because:
- DNS queries use sequential rather than round-robin rotation
- 5-second timeout per query is too long for failover scenarios
- Only 2 retries before giving up
For CentOS/RHEL 7+ (Using NetworkManager)
Create or modify /etc/NetworkManager/conf.d/dns.conf:
[main]
dns=none
[connection]
dns=8.8.8.8,8.8.4.4,1.1.1.1
dns-options=rotate,timeout:2,attempts:3
Then apply changes:
systemctl restart NetworkManager
For Systems Using dhclient
Add to /etc/dhcp/dhclient.conf:
supersede domain-name-servers 8.8.8.8, 8.8.4.4;
supersede domain-search "example.com";
prepend domain-name-servers 1.1.1.1;
timeout 2;
retry 3;
After making changes, test with:
# Check current DNS servers
systemd-resolve --status
# Test query rotation
dig example.com | grep SERVER
# Run multiple times to see different servers responding
For complete control, you can make /etc/resolv.conf immutable:
chattr +i /etc/resolv.conf
Remember this may break DHCP client operations that expect to modify the file.
With these optimizations, DNS failover time improves dramatically:
| Setting | Default | Optimized |
|---|---|---|
| Timeout | 5s | 2s |
| Attempts | 2 | 3 |
| Worst-case failover | 10s | 6s |
The rotate option provides load balancing across all configured nameservers, not just failover.