Chapter 34. Using different DNS servers for different domains
By default, Red Hat Enterprise Linux (RHEL) sends all DNS requests to the first DNS server specified in the /etc/resolv.conf
file. If this server does not reply, RHEL uses the next server in this file.
In environments where one DNS server cannot resolve all domains, administrators can configure RHEL to send DNS requests for a specific domain to a selected DNS server. For example, you can configure one DNS server to resolve queries for example.com
and another DNS server to resolve queries for example.net
. For all other DNS requests, RHEL uses the DNS server configured in the connection with the default gateway.
In RHEL 8, Red Hat provides systemd-resolved
as an unsupported Technology Preview.
34.1. Sending DNS requests for a specific domain to a selected DNS server
This section configures systemd-resolved
service and NetworkManager to send DNS queries for a specific domain to a selected DNS server.
If you complete the procedure in this section, RHEL uses the DNS service provided by systemd-resolved
in the /etc/resolv.conf
file. The systemd-resolved
service starts a DNS service that listens on port 53
IP address 127.0.0.53
. The service dynamically routes DNS requests to the corresponding DNS servers specified in NetworkManager.
The 127.0.0.53
address is only reachable from the local system and not from the network.
Prerequisites
- The system has multiple NetworkManager connections configured.
A DNS server and search domain are configured in the NetworkManager connections that are responsible for resolving a specific domain
For example, if the DNS server specified in a VPN connection should resolve queries for the
example.com
domain, the VPN connection profile must have:-
Configured a DNS server that can resolve
example.com
-
Configured the search domain to
example.com
in theipv4.dns-search
andipv6.dns-search
parameters
-
Configured a DNS server that can resolve
Procedure
Start and enable the
systemd-resolved
service:# systemctl --now enable systemd-resolved
Edit the
/etc/NetworkManager/NetworkManager.conf
file, and set the following entry in the[main]
section:dns=systemd-resolved
Reload the
NetworkManager
service:# systemctl reload NetworkManager
Verification steps
Verify that the
nameserver
entry in the/etc/resolv.conf
file refers to127.0.0.53
:# cat /etc/resolv.conf nameserver 127.0.0.53
Verify that the
systemd-resolved
service listens on port53
on the local IP address127.0.0.53
:# netstat -tulpn | grep "127.0.0.53:53" tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 1050/systemd-resolv udp 0 0 127.0.0.53:53 0.0.0.0:* 1050/systemd-resolv
Additional resources
-
For further details, see the description of the
dns
parameter in theNetworkManager.conf(5)
man page.