Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 23. Using different DNS servers for different domains

By default, Red Hat Enterprise Linux (RHEL) sends all DNS requests to the first DNS server specified in the /etc/resolv.conf file. If this server does not reply, RHEL tries the next server in this file until it finds a working one. In environments where one DNS server cannot resolve all domains, administrators can configure RHEL to send DNS requests for a specific domain to a selected DNS server.

For example, you connect a server to a Virtual Private Network (VPN), and hosts in the VPN use the example.com domain. In this case, you can configure RHEL to process DNS queries in the following way:

  • Send only DNS requests for example.com to the DNS server in the VPN network.
  • Send all other requests to the DNS server that is configured in the connection profile with the default gateway.

On hosts with multiple network interfaces and where one DNS server cannot resolve all domains, you can configure RHEL to send DNS requests for a specific domain to a selected DNS server.

You can configure NetworkManager to start an instance of dnsmasq. This DNS caching server then listens on port 53 on the loopback device. Consequently, this service is only reachable from the local system and not from the network.

With this configuration, NetworkManager adds the nameserver 127.0.0.1 entry to the /etc/resolv.conf file, and dnsmasq dynamically routes DNS requests to the corresponding DNS servers specified in the NetworkManager connection profiles.

Prerequisites

  • The system has multiple NetworkManager connections configured.

  • A DNS server and search domain are configured for the connection that is responsible for resolving a specific domain.

    For example, to ensure that the DNS server specified in a VPN connection resolves queries for the example.com domain, the following settings must be available:

    • A DNS server that can resolve example.com. A DHCP server can provide this information dynamically or you set the ipv4.dns and ipv6.dns parameters in the VPN connection profile.
    • A search domain set to example.com. A DHCP server can provide this information dynamically or you set the ipv4.dns-search and ipv6.dns-search parameters in the VPN connection profile.
  • The dnsmasq service is not running or configured to listen on a different interface than localhost.

Procedure

  1. Install the dnsmasq package: 

    # yum install dnsmasq
    Copy to Clipboard Toggle word wrap

  2. Edit the /etc/NetworkManager/NetworkManager.conf file, and set the following entry in the [main] section: 

    dns=dnsmasq
    Copy to Clipboard Toggle word wrap

  3. Reload the NetworkManager service: 

    # systemctl reload NetworkManager
    Copy to Clipboard Toggle word wrap

Verification

  1. Search in the systemd journal of the NetworkManager unit for which domains the service uses a different DNS server: 

    # journalctl -xeu NetworkManager
...
Jun 02 13:30:17 <client_hostname>_ dnsmasq[5298]: using nameserver 198.51.100.7#53 for domain example.com
...
    Copy to Clipboard Toggle word wrap

  2. Use the tcpdump packet sniffer to verify the correct route of DNS requests:

    1. Install the tcpdump package: 

      # yum install tcpdump
      Copy to Clipboard Toggle word wrap

    2. On one terminal, start tcpdump to capture DNS traffic on all interfaces: 

      # tcpdump -i any port 53
      Copy to Clipboard Toggle word wrap

    3. On a different terminal, resolve host names for a domain for which an exception exists and another domain, for example: 

      # host -t A www.example.com
# host -t A www.redhat.com
      Copy to Clipboard Toggle word wrap

    4. Verify in the tcpdump output that Red Hat Enterprise Linux sends only DNS queries for the example.com domain to the designated DNS server and through the corresponding interface: 

      ...
13:52:42.234533 IP server.43534 > 198.51.100.7.domain: 50121+ [1au] A? www.example.com. (33)
...
13:52:57.753235 IP server.40864 > 192.0.2.1.domain: 6906+ A? www.redhat.com. (33)
...
      Copy to Clipboard Toggle word wrap

      Red Hat Enterprise Linux sends the DNS query for www.example.com to the DNS server on 198.51.100.7 and the query for www.redhat.com to 192.0.2.1.

Troubleshooting

  1. Verify that the nameserver entry in the /etc/resolv.conf file refers to 127.0.0.1: 

    # cat /etc/resolv.conf
nameserver 127.0.0.1
    Copy to Clipboard Toggle word wrap

    If the entry is missing, check the dns parameter in the /etc/NetworkManager/NetworkManager.conf file.

  2. Verify that the dnsmasq service listens on port 53 on the loopback device: 

    # ss -tulpn | grep "127.0.0.1:53"
udp  UNCONN 0  0    127.0.0.1:53   0.0.0.0:*    users:(("dnsmasq",pid=7340,fd=18))
tcp  LISTEN 0  32   127.0.0.1:53   0.0.0.0:*    users:(("dnsmasq",pid=7340,fd=19))
    Copy to Clipboard Toggle word wrap

    If the service does not listen on 127.0.0.1:53, check the journal entries of the NetworkManager unit: 

    # journalctl -u NetworkManager
    Copy to Clipboard Toggle word wrap

On hosts with multiple network interfaces and where one DNS server cannot resolve all domains, you can configure RHEL to send DNS requests for a specific domain to a selected DNS server.

You can configure NetworkManager to start an instance of systemd-resolved. This DNS stub resolver then listens on port 53 on IP address 127.0.0.53. Consequently, this stub resolver is only reachable from the local system and not from the network.

With this configuration, NetworkManager adds the nameserver 127.0.0.53 entry to the /etc/resolv.conf file, and systemd-resolved dynamically routes DNS requests to the corresponding DNS servers specified in the NetworkManager connection profiles.

Important

The systemd-resolved service is provided as a Technology Preview only. Technology Preview features are not supported with Red Hat production Service Level Agreements (SLAs), might not be functionally complete, and Red Hat does not recommend using them for production. These previews provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

See Technology Preview Features Support Scope on the Red Hat Customer Portal for information about the support scope for Technology Preview features.

For a supported solution, see Using dnsmasq in NetworkManager to send DNS requests for a specific domain to a selected DNS server.

Prerequisites

  • The system has multiple NetworkManager connections configured.

  • A DNS server and search domain are configured for the connection that is responsible for resolving a specific domain.

    For example, to ensure that the DNS server specified in a VPN connection resolves queries for the example.com domain, the following settings must be available:

    • A DNS server that can resolve example.com. A DHCP server can provide this information dynamically or you set the ipv4.dns and ipv6.dns parameters in the VPN connection profile.
    • A search domain set to example.com. A DHCP server can provide this information dynamically or you set the ipv4.dns-search and ipv6.dns-search parameters in the VPN connection profile.

Procedure

  1. Install the systemd-resolved package: 

    # dnf install systemd-resolved
    Copy to Clipboard Toggle word wrap

  2. Enable and start the systemd-resolved service: 

    # systemctl --now enable systemd-resolved
    Copy to Clipboard Toggle word wrap

  3. Edit the /etc/NetworkManager/NetworkManager.conf file, and set the following entry in the [main] section: 

    dns=systemd-resolved
    Copy to Clipboard Toggle word wrap

  4. Reload the NetworkManager service: 

    # systemctl reload NetworkManager
    Copy to Clipboard Toggle word wrap

Verification

  1. Display the DNS servers systemd-resolved uses and for which domains the service uses a different DNS server: 

    # resolvectl
...
Link 2 (enp1s0)
    Current Scopes: DNS
         Protocols: +DefaultRoute ...
Current DNS Server: 192.0.2.1
       DNS Servers: 192.0.2.1

Link 3 (tun0)
    Current Scopes: DNS
         Protocols: -DefaultRoute ...
Current DNS Server: 198.51.100.7
       DNS Servers: 198.51.100.7 203.0.113.19
        DNS Domain: example.com
    Copy to Clipboard Toggle word wrap

    The output confirms that systemd-resolved uses different DNS servers for the example.com domain.

  2. Use the tcpdump packet sniffer to verify the correct route of DNS requests:

    1. Install the tcpdump package: 

      # yum install tcpdump
      Copy to Clipboard Toggle word wrap

    2. On one terminal, start tcpdump to capture DNS traffic on all interfaces: 

      # tcpdump -i any port 53
      Copy to Clipboard Toggle word wrap

    3. On a different terminal, resolve host names for a domain for which an exception exists and another domain, for example: 

      # host -t A www.example.com
# host -t A www.redhat.com
      Copy to Clipboard Toggle word wrap

    4. Verify in the tcpdump output that Red Hat Enterprise Linux sends only DNS queries for the example.com domain to the designated DNS server and through the corresponding interface: 

      ...
13:52:42.234533 IP server.43534 > 198.51.100.7.domain: 50121+ [1au] A? www.example.com. (33)
...
13:52:57.753235 IP server.40864 > 192.0.2.1.domain: 6906+ A? www.redhat.com. (33)
...
      Copy to Clipboard Toggle word wrap

      Red Hat Enterprise Linux sends the DNS query for www.example.com to the DNS server on 198.51.100.7 and the query for www.redhat.com to 192.0.2.1.

Troubleshooting

  1. Verify that the nameserver entry in the /etc/resolv.conf file refers to 127.0.0.53: 

    # cat /etc/resolv.conf
nameserver 127.0.0.53
    Copy to Clipboard Toggle word wrap

    If the entry is missing, check the dns parameter in the /etc/NetworkManager/NetworkManager.conf file.

  2. Verify that the systemd-resolved service listens on port 53 on the local IP address 127.0.0.53: 

    # ss -tulpn | grep "127.0.0.53"
udp  UNCONN 0  0      127.0.0.53%lo:53   0.0.0.0:*    users:(("systemd-resolve",pid=1050,fd=12))
tcp  LISTEN 0  4096   127.0.0.53%lo:53   0.0.0.0:*    users:(("systemd-resolve",pid=1050,fd=13))
    Copy to Clipboard Toggle word wrap

    If the service does not listen on 127.0.0.53:53, check if the systemd-resolved service is running.

Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat