Setting IPv4 and IPv6 DNS servers with NetworkManager, while keeping a certain order seems impossible

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • NetworkManager
  • DNS
  • IPv4 and IPv6

Issue

We would like to set up a NetworkManager connection profile to place DNS servers in the following order:

  • A DNS server that is assigned an IPv6 address.
  • Another DNS server that is assigned an IPv4 address.

By doing this, we wants the DNS clients to access DNS server with IPv6 address first. If it doesn't respond, then the client is expected to access another DNS server with IPv4 address.

We assumed that ipv4.dns-priority and ipv6.dns-priority are parameters that meet the requirements according to the following document(25.1. How NetworkManager orders DNS servers in /etc/resolv.conf).

However, as far as we tested, the value of ipv[46].dns-priority doesn't affect the order of these two DNS servers. It seems we have to configure /etc/resolv.conf manually.

  • Does Red Hat support the following DNS client configuration?

    • that specifies both IPv4 and IPv6 DNS servers, and
    • that provides a specific ordering between them.
  • Can NetworkManager set the priority order of DNS servers of IPv4 and IPv6 addresses, defined in a single connection profile.

    • If yes, please tell us how to do it.

Resolution

This DNS client configuration is supported, and it is possible to have IPv6 name servers at the top of resolv.conf by changing the value of the 'ipv6.dns-priority' property to a value lower than the value of ipv4.dns-priority.

For example, without changing the priority, the IPv4 name server is at the top:

 $ nmcli connection add type dummy ifname dummy1 \  
         ip4 192.168.122.1/24 ip6 fd01::/64 \
         ipv4.dns 192.168.122.2 ipv6.dns fd01::2
 Connection 'dummy-dummy1' (69e14c3c-174c-4997-a79d-8f85bea43e74) successfully added.

Note that you cannot use "nmcli device ..." here because such temporary changes will not be preserved in the connection profile and will be purged by "nmcli connection up..." in the next step.

 $ nmcli connection up dummy-dummy1
 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

 $ cat /etc/resolv.conf
 # Generated by NetworkManager
 nameserver 192.168.122.2
 nameserver fd01::2

Now, change the IPv6 DNS priority for the connection:

 $ nmcli connection modify dummy-dummy1 ipv6.dns-priority 50 ipv4.dns-priority 100

 $ nmcli connection up dummy-dummy1
 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)

 $ cat /etc/resolv.conf
 # Generated by NetworkManager
 nameserver fd01::2
 nameserver 192.168.122.2

You might also want to tweak the glibc resolver timeout using resolv.conf options (see 'man resolv.conf'). In that case, options should be added to the 'ipv6.dns-options' property of the connection profile.

  • To manually configure /etc/resolv.conf, the following should be done:

NetworkManager should be configured to not modify /etc/resolv.conf.

Please see the followings:
For RHEL7:
- How can I prevent NetworkManager from modifying the /etc/resolv.conf file in RHEL7?

For RHEL8:
- 28.1. Disabling DNS processing in the NetworkManager configuration

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments