最後更新: 2023-11-14

目錄

• Ubuntu
• Centos
• resolv.conf settings
• DNS Response Slow
• Forces TCP dns lookup
• host.conf
• Troubleshoot
• Other

---

Ubuntu

 

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

Config File

/etc/default/resolvconf

# resolvconf will print a message when resolv.conf is not "symbolic link"
REPORT_ABSENT_SYMLINK yes

在 /etc/resolvconf/resolv.conf.d/ 內有 4 個檔案

base  head  original tail

head:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

interface-order

/etc/resolvconf/interface-order

Determines the order in which nameserver information records are processed.

Resolvconf update scripts in /etc/resolvconf/update.d/ that consult this file

i.e.

# /etc/resolvconf/interface-order
# Use nameservers on the loopback interface first.
lo*
# Next use records for Ethernet interfaces
eth*
# Next use records for Wi-Fi interfaces
wlan*
# Next use records for PPP interfaces
ppp*
# Last use other interfaces
*

(-a) Overwrite (Add or overwrite the record IFACE.PROG)

# IFACE.PROG => "eth0.dhclient"

# br0.inet

cat FILE | resolvconf -a IFACE.PROG

FILE:

nameserver 192.168.123.1
search local

(-d) delete

Delete the record IFACE.PROG then run the update scripts if updating is enabled

 

# 更新 /etc/resolv.conf

• -u, just run the update scripts

resolvconf -u

err:

resolvconf: Error: /etc/resolv.conf isn't a symlink, not doing anything.

/etc/resolvconf/update.d/libc

# /etc/resolvconf/update.d/libc writes a new resolver configuration file to /run/resolvconf/resolv.conf

# 所以有一 symbolic link 去 link up 那兩個 file

ln -s /run/resolvconf/resolv.conf /etc/resolv.conf

** This link is never modified by resolvconf

P.S.

** resolv.conf gets rebuilt at every boot.

人手設定 DNS (dns-nameservers)

/etc/network/interfaces

# ifup 會用到它去設定 /etc/resolv.conf (resolvconf -u 不會用它)
# ifup push nameserver information to resolvconf when it configures an interface
# 注意 dns-nameservers 是有 's' 的
dns-nameservers 8.8.8.8 4.4.4.4
dns-search lan

enable 與 disable resolvconf auto update

# 建立了 /run/resolvconf/enable-updates

resolvconf --enable-updates

# remove 了 /run/resolvconf/enable-updates

resolvconf --disable-updates

當沒有這個檔時, resolvconf -u 之類不會建立 /run/resolvconf/resolv.conf (/etc/resolv.conf -> /run/resolvconf/resolv.conf)

 

---

Centos

 

Centos6 的 NetworkManager 會修改 resolv.conf

/etc/NetworkManager/NetworkManager.conf

cat /etc/resolv.conf

# Generated by NetworkManager

The NetworkManager will assume it has the rights to control /etc/resolv.conf,

if it finds a DNS related configuration in your interface configuration file.

(cat /etc/sysconfig/network-scripts/ifcfg-eth0)

#DNS1=8.8.8.8
#DNS2=8.8.4.4

 

---

resolv.conf Settings

 

search

The local domain name.

i.e.

dns-search local

timeout: n                                                                    # Default: 3

wait for a response from a remote name server

before retrying the query via a different name server

attempts: n

sets the number of times the resolver will send a query to its name servers

before giving up and returning an error to the calling application.

single-request

By default, glibc performs IPv4 and IPv6 lookups in parallel

This option disables the behavior and makes glibc perform the IPv6 and IPv4 requests sequentiall

rotate

round-robin selection of name servers from among those listed.
(Default: first listed server first every time.)

single-request-reopen

The resolver uses the same socket for the A and AAAA requests.
Some hardware mistakenly sends back only one reply.
When that happens the client system will sit and wait for the second reply.

Enable: open a new one before sending the second request.

應用: 使用此設定可以解決 curl doman 名慢的問題

DNS Response Slow

use-vc

This option forces the use of TCP for DNS resolutions.

 

---

DNS Response Slow

 

情況

time curl -s http://DOMAIN/ip.php > /dev/null

real    0m5.025s
user    0m0.004s
sys     0m0.001s

 * 這裡的 5 秒係 "timeout: n" 的 default 值來

time curl -s http://n.n.n.n/ip.php > /dev/null

real    0m0.017s
user    0m0.001s
sys     0m0.002s

time dig DOMAIN > /dev/null

real    0m0.006s
user    0m0.000s
sys     0m0.005s

time curl -4 -s http://DOMAIN/ip.php > /dev/null

real    0m0.018s
user    0m0.002s
sys     0m0.002s

 

解決

options single-request-reopen

原因

Since glibc 2.9

The resolver uses the same socket for the A and AAAA requests.

Some hardware mistakenly only sends back one reply.

When that happens the client system will sit and wait for the second reply.

Enable: It will close the socket and open a new one before sending the second request.

 

---

Forces TCP dns lookup

 

# glibc >= 2.14

ldd --version

ldd (GNU libc) 2.3.2

Setting /etc/resolv.conf

options use-vc

 

---

host.conf

 

It controls your resolver setup

# the order in which the resolving services are tried

order hosts bind nis

# A host in /etc/hosts is allowed to have several IP addresses

# on: the resolv+ library will return all valid addresses for a host that appears in the /etc/hosts file
# (instead of only the  first)
multi   on

 

---

Troubleshoot

 

DNS lookup fail

# 要有 firewall setting, 否則 lookup 唔到

# DNS
iptables -A INPUT -m udp -p udp --sport 53  -j ACCEPT
iptables -A INPUT -m udp -p udp --sport 123 -j ACCEPT

Remark: TCP lookup

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

 

---

Other

 

• hostname