Open in app

Sign in

Write

Sign in

Why the subsequent or other name servers in /etc/resolv.conf are not communicated when the first name server can’t answer

Ramesh Sahoo
2 min readMar 7, 2022

It is our blind expectation is that all other name servers in resolv.conf file must be communicated when the query from the first DNS server fails with a NXDOMAIN response. It can’t be the case because for a certain kind of DNS response(nxdomain) for which the glibc resolver assumes that the response from the first DNS server is valid therefore it decides not to communicate other DNS servers in ordered list. The following are the scenarios that explains situations we face.

NXDOMAIN scenarios

  • Can subsequent name servers defined in /etc/resolv.conf be queried if the previous name server can not answer?
  • Can other name servers defined in /etc/resolv.conf be queried if the previous name server can not answer?
  • Why other or next DNS servers in /etc/resolv.conf are not communicated when the first server doesn’t answer?
  • Is there a way to tell glibc to communicate to other DNS servers if the query fails from the first DNS server?

As per man 5 resolv.conf:
The algorithm used to communicate name servers in /etc/resolv.conf file is to try a name server, and if the query times out, try the next, until out of name servers, then repeat trying all the name servers until a maximum number of retries are made.

Generally, the NXDOMAIN response from the DNS server is not exactly a failure response. It’s a valid information that the domain name or the DNS query you asked for does not exist on the DNS server. After receiving such response(NXDOMAIN), glibc/nslookup/dig the local resolver stops communicating the other DNS servers in the list as this is the default design.

How to overcome such issues?

Make sure that all DNS servers present in the /etc/resolv.conf file must be redundant or equal DNS servers like primary or secondary. They can’t be treated like internal(Only resolves internal DNS query) or external(Only resolves external DNS query) DNS servers. All DNS servers in /etc/resolv.conf file, must be able to resolve any name you might need resolved.

For some reason, if all DNS server in /etc/resolv.conf file can’t be redundant, configure DNS forwarders in the DNS server to forward the DNS query to a valid DNS server that can answer the DNS query.

Linux
Linux Tutorial
DNS
Https
Ubuntu

--

--

Ramesh Sahoo

Written by Ramesh Sahoo

35 Followers

I describe myself as a troubleshooter, problem solver, techie, quick learner, and good mentor. I have 11+ years of IT industry experience in many MNCs.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams