ChadDavis wrote: > > Why are you overriding the nameserver? If you control the dhcp server > > then the better option is to have it provide the desired information > > there instead of having clients override it. > > I don't want to override it. I want to add additional nameservers that > "know" about a domain that I need to resolve.
It doesn't work that way. Nameservers listed in /etc/resolv.conf are tried in order. The first one that can be contacted is the one used. If a contacted nameserver does not know about a name then it is a negative response. No other nameservers are contacted. The reason for listing up to three nameservers is that if one is offline then it will fall through to the next one. But when the first one answers then the answer it provides will be authoritative. See 'man resolv.conf' for detalis. man resolv.conf Basically if you need your nameserver to resolve names on your netowrk then it should be the only nameserver. Not an additional one. If it is an additional one then there is the chance that it won't be used even if it is listed first. Also, although it makes some sense to have multiple nameservers in resolv.conf if the first one is down there is a relatively long delay in falling through to the next one. You wouldn't want to operate that way all of the time. It is just an emergency backup. > My networking knowledge is kind of thin, but I suspect that this > requirement for the other nameservers has something to do with the > details of intranet segregation in our corporation . . . does that > make sense? Probably you have a VPN and therefore need to use the private nameserver in order to use the VPN? Just guessing. But that is one of the valid reasons. > So, I only want to add them as additional lookup sources, coming > after the nameservers that the DHCP client discovers as the ones > suitable for my own host. Because of the algorithm it uses above you will find that it won't work. It needs to be the first one. And in that case it really should be the only one. > Feel free to point out areas that seem that I really completely > don't know what I'm talking about ;) :-) > > The dhclient negotiates with the dhcp server for host configuration > > information including the nameserver. It then writes this information > > into /etc/resolv.conf where the libc resolver library reads it and > > uses it. Because daemons only read /etc/resolv.conf once when they > > start if that file changes then any daemon that needs names must be > > restarted in order to read the new contents of the file. This is why > > running a local caching nameserver is nice because it provides one > > individual location for this and avoids needing to restart other > > randon daemons. > > So, just out of curiosity, what is the daemon that is consulted when my > browser resolves a name? I was talking about daemons such as the Postix mail transport agent, cron, sshd, apache, any other long running daemon. Your web browser is similar. It will read the /etc/resolv.conf upon startup and maybe never consult it again. However web browsers these days are smarter about mobile devices and I think that they do re-read the file when it changes now. But the browser doesn't consult a daemon. It effectively is the long running daemon. Bob
signature.asc
Description: Digital signature
