Chapter 28. Using different DNS servers for different domains
By default, Red Hat Enterprise Linux (RHEL) sends all DNS requests to the first DNS server specified in the
/etc/resolv.conf file. If this server does not reply, RHEL uses the next server in this file.
In environments where one DNS server cannot resolve all domains, administrators can configure RHEL to send DNS requests for a specific domain to a selected DNS server. For example, you can configure one DNS server to resolve queries for
example.com and another DNS server to resolve queries for
example.net. For all other DNS requests, RHEL uses the DNS server configured in the connection with the default gateway.
28.1. Sending DNS requests for a specific domain to a selected DNS server
This section configures
systemd-resolved service and NetworkManager to send DNS queries for a specific domain to a selected DNS server.
If you complete the procedure in this section, RHEL uses the DNS service provided by
systemd-resolved in the
/etc/resolv.conf file. The
systemd-resolved service starts a DNS service that listens on port
53 IP address
127.0.0.53. The service dynamically routes DNS requests to the corresponding DNS servers specified in NetworkManager.
127.0.0.53 address is only reachable from the local system and not from the network.
- The system has multiple NetworkManager connections configured.
A DNS server and search domain are configured in the NetworkManager connections that are responsible for resolving a specific domain
For example, if the DNS server specified in a VPN connection should resolve queries for the
example.comdomain, the VPN connection profile must have:
Configured a DNS server that can resolve
Configured the search domain to
- Configured a DNS server that can resolve
Start and enable the
# systemctl --now enable systemd-resolved
/etc/NetworkManager/NetworkManager.conffile, and set the following entry in the
# systemctl reload NetworkManager
Verify that the
nameserverentry in the
/etc/resolv.conffile refers to
# cat /etc/resolv.conf nameserver 127.0.0.53
Verify that the
systemd-resolvedservice listens on port
53on the local IP address
# netstat -tulpn | grep "127.0.0.53:53" tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 1050/systemd-resolv udp 0 0 127.0.0.53:53 0.0.0.0:* 1050/systemd-resolv
For further details, see the description of the
dnsparameter in the