SUMMARY - Unexpected DNS resolution problem with unreachable nameserver in /etc/resolv.conf

Latest response

By pure accident, I think I uncovered an unexpected behaviour on RHEL 7 and 8 yesterday.

I added my comments at:

https://access.redhat.com/solutions/21420

Scenario: RHEL 7 and 8 servers were set up with DNSMASQ as primary service. As part of disaster recovery, I wanted to test how DNS operated when DNSMASQ was unavailable.

RHEL 7: kernel 3.10.0-1160.105.1.el7
RHEL 8: kernel 4.18.0-477.36.1.el8_8

Configuration file /etc/resolv.conf (domain name and IP addresses of name servers are changed to protect the "innocent"):

search mydomain.dom
options timeout:2 attempts:1          
nameserver 127.0.0.1
nameserver 192.168.77.22
nameserver 172.16.11.89

What I expected, when trying to resolve an unknown hostname (not registered in DNS or in local /etc/hosts file), was that lookup would fail quickly.

What was really happening was indefinite run of the lookup command, until it was interrupted by CTRL-C or similar.

$ nslookup www4
;; Got SERVFAIL reply from 192.168.77.22, trying next server
;; Got SERVFAIL reply from 172.16.11.89, trying next server
(runs indefinitely...)

The important note is that the first name server in /etc/resolv.conf was loopback interface (127.0.0.1).

If I remove entry for loopback interface in /etc/resolv.conf, then it worked as expected (quick response):

$ nslookup www4
;; Got SERVFAIL reply from 192.168.77.22, trying next server
Server:         172.16.11.89
Address:      172.16.11.89#53
** server can't find www4: SERVFAIL

The same issue was when I removed "options timeout:1 attempts:1" in /etc/resolv.conf.

It appears the problem is related to unreachable name server in /etc/resolv.conf (down or its IP address is wrong).

I would like to see if anyone else has experienced similar unusual behaviour. If it is a bug, I will open a case with Red Hat.

Regards,

Dusan Baljevic (amateur radio VK2COT)

Dusan Baljevic's picture

Responses