Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 36. Using different DNS servers for different domains

By default, Red Hat Enterprise Linux (RHEL) sends all DNS requests to the first DNS server specified in the /etc/resolv.conf file. If this server does not reply, RHEL uses the next server in this file.

In environments where one DNS server cannot resolve all domains, administrators can configure RHEL to send DNS requests for a specific domain to a selected DNS server. For example, you can configure one DNS server to resolve queries for example.com and another DNS server to resolve queries for example.net. For all other DNS requests, RHEL uses the DNS server configured in the connection with the default gateway.

Important

The systemd-resolved service is provided as a Technology Preview only. Technology Preview features are not supported with Red Hat production Service Level Agreements (SLAs), might not be functionally complete, and Red Hat does not recommend using them for production. These previews provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

See Technology Preview Features Support Scope on the Red Hat Customer Portal for information about the support scope for Technology Preview features.

36.1. Sending DNS requests for a specific domain to a selected DNS server

This section configures systemd-resolved service and NetworkManager to send DNS queries for a specific domain to a selected DNS server.

If you complete the procedure in this section, RHEL uses the DNS service provided by systemd-resolved in the /etc/resolv.conf file. The systemd-resolved service starts a DNS service that listens on port 53 IP address 127.0.0.53. The service dynamically routes DNS requests to the corresponding DNS servers specified in NetworkManager.

Note

The 127.0.0.53 address is only reachable from the local system and not from the network.

Prerequisites

  • The system has multiple NetworkManager connections configured.
  • A DNS server and search domain are configured in the NetworkManager connections that are responsible for resolving a specific domain

    For example, if the DNS server specified in a VPN connection should resolve queries for the example.com domain, the VPN connection profile must have:

    • Configured a DNS server that can resolve example.com
    • Configured the search domain to example.com in the ipv4.dns-search and ipv6.dns-search parameters

Procedure

  1. Start and enable the systemd-resolved service:

    # systemctl --now enable systemd-resolved
  2. Edit the /etc/NetworkManager/NetworkManager.conf file, and set the following entry in the [main] section:

    dns=systemd-resolved
  3. Reload the NetworkManager service:

    # systemctl reload NetworkManager

Verification steps

  1. Verify that the nameserver entry in the /etc/resolv.conf file refers to 127.0.0.53:

    # cat /etc/resolv.conf
    nameserver 127.0.0.53
  2. Verify that the systemd-resolved service listens on port 53 on the local IP address 127.0.0.53:

    # ss -tulpn | grep "127.0.0.53"
    udp  UNCONN 0  0      127.0.0.53%lo:53   0.0.0.0:*    users:(("systemd-resolve",pid=1050,fd=12))
    tcp  LISTEN 0  4096   127.0.0.53%lo:53   0.0.0.0:*    users:(("systemd-resolve",pid=1050,fd=13))

Additional resources

  • The dns parameter description in the NetworkManager.conf(5) man page