Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 18. Configuring the order of DNS servers

The getaddrinfo() function of the glibc library sends all DNS requests to the first DNS server specified in the /etc/resolv.conf file. If this server does not reply, RHEL tries all other name servers. You can configure NetworkManager to influence the DNS server order in /etc/resolv.conf.

NetworkManager orders DNS servers in the /etc/resolv.conf file by applying a specific set of rules.

The ordering depends on the following conditions:

  • If only one connection profile exists, NetworkManager uses the order of IPv4 and IPv6 DNS server specified in that connection.

  • If multiple connection profiles are activated, NetworkManager orders DNS servers based on a DNS priority value. If you set DNS priorities, the behavior of NetworkManager depends on the value set in the dns parameter. You can set this parameter in the [main] section in the /etc/NetworkManager/NetworkManager.conf file:

    • dns=default or if the dns parameter is not set:

      NetworkManager orders the DNS servers from different connections based on the ipv4.dns-priority and ipv6.dns-priority parameters in each connection.

      If you set no value or you set ipv4.dns-priority and ipv6.dns-priority to 0, NetworkManager uses the global default value.

    • dns=dnsmasq or dns=systemd-resolved:

      When you use one of these settings, NetworkManager sets either 127.0.0.1 for dnsmasq or 127.0.0.53 as nameserver entry in the /etc/resolv.conf file.

      Both the dnsmasq and systemd-resolved services forward queries for the search domain set in a NetworkManager connection to the DNS server specified in that connection, and forwards queries to other domains to the connection with the default route. When multiple connections have the same search domain set, dnsmasq and systemd-resolved forward queries for this domain to the DNS server set in the connection with the lowest priority value.

NetworkManager uses the following default values for connections:

  • 50 for VPN connections
  • 100 for other connections

You can set both the global default and connection-specific ipv4.dns-priority and ipv6.dns-priority parameters to a value between -2147483647 and 2147483647.

  • A lower value has a higher priority.
  • Negative values have the special effect of excluding other configurations with a greater value. For example, if at least one connection with a negative priority value exists, NetworkManager uses only the DNS servers specified in the connection profile with the lowest priority.

  • If multiple connections have the same DNS priority, NetworkManager prioritizes the DNS in the following order:

    1. VPN connections
    2. Connection with an active default route. The active default route is the default route with the lowest metric.

You can override NetworkManager’s system-wide DNS server priority default values to set custom defaults for IPv4 and IPv6 DNS servers.

The default values are as follows:

  • 50 for VPN connections
  • 100 for other connections

Procedure

  1. Edit the /etc/NetworkManager/NetworkManager.conf file:

    1. Add the [connection] section, if it does not exist: 

      [connection]

    2. Add the custom default values to the [connection] section. For example, to set the new default for both IPv4 and IPv6 to 200, add: 

      ipv4.dns-priority=200
ipv6.dns-priority=200

      You can set the parameters to a value between -2147483647 and 2147483647. Note that setting the parameters to 0 enables the built-in defaults (50 for VPN connections and 100 for other connections).

  2. Reload the NetworkManager service: 

    # systemctl reload NetworkManager

If you require a specific order of DNS servers you can set priority values in connection profiles. NetworkManager uses these values to order the servers when the service creates or updates the /etc/resolv.conf file.

Note that setting DNS priorities makes only sense if you have multiple connections with different DNS servers configured. If you have only one connection with multiple DNS servers configured, manually set the DNS servers in the preferred order in the connection profile.

Prerequisites

  • The system has multiple NetworkManager connections configured.
  • The system either has no dns parameter set in the /etc/NetworkManager/NetworkManager.conf file or the parameter is set to default.

Procedure

  1. Optional: Display the available connections: 

    # nmcli connection show
NAME           UUID                                  TYPE      DEVICE
Example_con_1  d17ee488-4665-4de2-b28a-48befab0cd43  ethernet  enp1s0
Example_con_2  916e4f67-7145-3ffa-9f7b-e7cada8f6bf7  ethernet  enp7s0
...

  2. Set the ipv4.dns-priority and ipv6.dns-priority parameters. For example, to set both parameters to 10, enter: 

    # nmcli connection modify <connection_name> ipv4.dns-priority 10 ipv6.dns-priority 10
  3. Optional: Repeat the previous step for other connections.

  4. Re-activate the connection you updated: 

    # nmcli connection up <connection_name>

Verification

  • Display the contents of the /etc/resolv.conf file to verify that the DNS server order is correct: 

    # cat /etc/resolv.conf

NetworkManager can configure the systemd-resolved, dnsmasq, and dnsconf DNS backends. To avoid DNS resolution issues on multi-interface systems, NetworkManager can automatically create dedicated routes for DNS servers tied to specific network interfaces.

Each DNS server mentioned in a connection profile is associated with a specific network interface. The DNS backend services systemd-resolved and dnsmasq ensure that each DNS name server remains accessible only through the correct network interface. However, other backend services do not support this feature. In this regard, NetworkManager has a feature that automatically adds a dedicated route so that each name server is reached only through the correct interface. You can set up the ipv4.routed-dns and ipv6.routed-dns properties to use this feature.

Example scenario:

  • Connection profile 1 <example-connection-1> :

    • Default gateway: 192.0.2.254
    • DNS server: 10.0.0.1
    • Search domain: example-domain.com

  • Connection profile 2 <example-connection-2> :

    • Default gateway: 198.51.100.254 (this gateway has no access to the 10.0.0.0/24 network)
    • DNS server: 203.0.113.1

In this example, you have two connection profiles: <example-connection-1> and <example-connection-2> that are connected through enp1s0 and enp7s0 network interfaces. If the <example-connection-2> second profile was connected first, the default gateway 198.51.100.254 of this connection has a lower metric and takes precedence over the first profile. Consequently, RHEL uses the default gateway of the second connection while connecting to the DNS server 10.0.0.1 of the first profile. As a result, the DNS resolution fails. To solve this problem, enable the ipv4.routed-dns setting for both connection profiles so that NetworkManager creates a dedicated route for the 10.0.0.1 DNS server through the correct interface, in this case, enp1s0.

Prerequisites

  • The connection profiles already exist.

Procedure

  1. Modify the connection profile to enable the creation of routes to the name server:

    1. For connection profile 1, enter: 

      # nmcli connection modify <example-connection-1> ipv4.routed-dns yes

    2. For connection profile 2, enter: 

      # nmcli connection modify <example-connection-2> ipv4.routed-dns yes

  2. Re-activate the connections: 

    # nmcli connection up <example-connection-1>

# nmcli connection up <example-connection-2>

Verification

  • Display the route to reach an IP address: 

    # ip route get 203.0.113.1
203.0.113.1  dev  enp1s0  table  20053  src  10.0.0.1  uid  0

    This command verifies if the name server is reached through the correct interface and uses the policy routing method that places all the routes for DNS servers in the special routing table 20053.

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top