3

Note - I believe my title is the way it's meant to be...

I used dnsmasq on my server and it sets DNS (via DHCP) to clients as:

192.168.2.1 (local server) ISP DNS 1 ISP DNS 2

This at least works - in my Ubuntu client sudo nmcli dev list | grep DNS gives

IP4.DNS[1]: 192.168.2.1 (local) IP4.DNS[2]: 122.56.237.1 (ISP 1) IP4.DNS[3]: 210.55.111.1 (ISP 2)

However, if I execute ping mail.mydomain.org it returns the external internet address instead of the local network.

nslookup shows that Ubuntu's network manager is at work (matching nmcli above), and states the external IP for my domain is Non-Authoritative. When I change to server 192.168.2.1, the search just gives me the local IP.

My (client's) resolve.conf ends up with 

nameserver 172.20.1.153 nameserver 172.20.1.6 nameserver 127.0.1.1

Is the primary at the bottom? It's what nslookup seems to use...

So how can this happen? What should I do to fix it? (I certainly want to keep a secondary DNS). I've tried just having the local DNS server, but dnsmasq can't seem to forward anything no matter what config I change (the documentation isn't helpful either, since it seems that it should "just forward" by default).

And note that while my analysis is on Ubuntu, the same is happening on a Mac too.

Improve this question
5
  • I disabled the secondary and ternary DNS servers in my DHCP and got a strange result. DNS lookup took a second when only the Primary was available. Again, when I change nslookup to talk to the Primary directly it's 2ms. Commented Jan 20, 2015 at 9:17
  • What's in /etc/resolv.conf? Commented Jan 20, 2015 at 10:41
  • @garethTheRed Updated Commented Jan 20, 2015 at 11:00
  • Your resolv.conf should be the same as nmcli. Linux's resolver will be using resolv.conf as the authoritive list of resolvers, therefore the issue is why Network Manager isn't updating resolv.conf. Does resolv.conf have a remark to the effect that it was generated by NetworkManager? Commented Jan 20, 2015 at 11:13
  • @garethTheRed It most certainly does (I just omitted that because I thought it was what you wanted). The question is, where is network manager getting these 172.20 addresses from? They're in the private spaces, and really slow down my resolution :( Commented Jan 20, 2015 at 19:01

2 Answers 2

Reset to default
3

Neither DNS resolver lists nor NS record sets are intrinsically ordered, so there is no "primary". Clients are free to query whichever one they want in whichever order they want. For resolvers specifically, clients might default to using the servers in the same order as they were given to the client, but, as you've discovered, they also might not.

Improve this answer
2

The easiest way to do this, IMO, is to have your local resolver also do recursive lookups. You configure your local resolver with the IPs of your ISPs' resolvers, and then configure all your clients with only the local one. It'll respond with its own information if it has it, and the timing penalty for going via a server on the LAN is insignificant.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.