My resolv.conf looks like this:
; generated by /sbin/dhclient-script
search mcdc
nameserver 10.0.4.48
nameserver 8.8.8.8
if I do nslookup www.google.com
it works
nslookup www.google.com
;; Got SERVFAIL reply from 10.0.4.48, trying next server
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
but when I curl www.google.com, it cannot resolve the host.
I tried running curl under strace, and found curl was only using the first nameserver in resolv.conf, not the second. If I switch the two nameserver lines around, www.google.com resolves, but internal DNS names do not, so thats not a good workaround.
How can I fix resolv.conf to use both nameservers?
The default behavior for resolv.conf and the resolver is to try the servers in the order listed. The resolver will only try the next nameserver if the first nameserver times out. The resolv.conf manpage says:
And:
Also see the resolver(5) manual page for more information.
You can alter the resolver's behavior using
rotate
, which will query the Nameservers in a round-robin order:However, nslookup will use the second nameserver if it receives a
SERVFAIL
from the first nameserver. From the nslookup manpage:yes you could use "rotate" and timeout setting to improve DNS lookups, below is the example,
Ex:
So to make it work as expected install dnsmasq or other lightweight DNS repeater (or a full blown DNS server). See Comparison of DNS server software.
For dnsmasq configuration is as simple as:
You can also specify which DNS should be used for which domain . E.g.:
This will make dnsmasq look for
*.mcdc
in10.0.4.48
DNS server and any other in8.8.8.8
.In
/etc/resolv.conf
you just use your local DNS:For more details on dnsmasq setup see my answer here: https://unix.stackexchange.com/questions/55090/change-default-dns-on-openvpn-connect/545591#545591.
Is 10.0.4.48 a recursive dns server aka resolver?
Or is it only an authoritative server for your internal zones?
You should set up an internal resolver that might also be holding your authoritative data.
adding the below command in starting of resolv conf worked in ubuntu 18.04 LTS
If you can, I would configure it in this fashion.