Re: DNS resolver issue

To: debian-user@lists.debian.org
Subject: Re: DNS resolver issue
From: Greg Wooledge <greg@wooledge.org>
Date: Mon, 24 Jan 2022 07:53:09 -0500
Message-id: <[🔎] Ye6hNaVi1q3lxsv2@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Ye6WB8ZvHNm5S1Kp@helium.itcfollmann.com>
References: <[🔎] CAPLCSGANqthB+wBnM7J4V18nm2pbeJbNWCD6C+5DV6X3LH=GyA@mail.gmail.com> <[🔎] Ye6WB8ZvHNm5S1Kp@helium.itcfollmann.com>

On Mon, Jan 24, 2022 at 07:05:27AM -0500, Henning Follmann wrote:
> On Mon, Jan 24, 2022 at 10:14:23AM +0000, Bhasker C V wrote:
> > I am running  example.local domain on my interface(192.168.2.1)  (bind9)
> > The domain is resolving fine. However I want to use 1.1.1.1 public DNS
> > server for looking up other domains (external domains)
> > Hence I have put both servers in /etc/resolv.conf
> > 
> > ``` nameserver 1.1.1.1
> > nameserver 192.168.2.1
> > search example.local```

This is fundamentally wrong.  All of the nameservers are treated equally.
It's not a "try one, and if that says no such domain, try another" thing.
It only tries another one if the first one doesn't give any response at
all.

> If you already are using bind, wouldn't it be the simplest way
> to put 1.1.1.1 as a forward in your configuration and
> then just use 192.168.2.1 as your recursive resolver?

This.  You need to use *only* 192.168.2.1 as your nameserver, and you
need to configure whatever software is running on that IP address to
forward non-local requests out to the public DNS resolver(s) of your
choice.  That'll be configured within the DNS software, not in the
/etc/resolv.conf file.

Reply to:

References:
- DNS resolver issue
  - From: Bhasker C V <bhasker@unixindia.com>
- Re: DNS resolver issue
  - From: Henning Follmann <hfollmann@itcfollmann.com>

Prev by Date: Re: I've been caught out
Next by Date: Re: hostname is being reset, killing net on reboot
Previous by thread: Re: DNS resolver issue
Next by thread: Need to manually start pulseaudio on reboot
Index(es):
- Date
- Thread