How to configure DNS in Linux | Networking Basics Tutorial

How to Configure DNS in Linux DNS (Domain Name System) configuration is a fundamental aspect of Linux system administration that determines how your system resolves domain names to IP addresses. Whether you're setting up a server, troubleshooting network connectivity, or optimizing performance, understanding DNS configuration is essential for any Linux user. This comprehensive guide will walk you through various methods to configure DNS in Linux, covering everything from basic configuration files to advanced DNS management tools. We'll explore different approaches suitable for various Linux distributions and use cases. Understanding DNS in Linux Before diving into configuration methods, it's important to understand how DNS resolution works in Linux systems. When an application needs to resolve a domain name, it typically follows this hierarchy: 1. Local cache - Check if the domain is already cached 2. hosts file - Look for static entries in `/etc/hosts` 3. DNS resolver - Query configured DNS servers 4. System resolver libraries - Use system-specific resolution methods The DNS resolution process can vary depending on your Linux distribution and the DNS management tools installed on your system. Method 1: Configuring DNS Using /etc/resolv.conf The traditional method for configuring DNS in Linux involves editing the `/etc/resolv.conf` file directly. This file contains the DNS server information that your system uses for domain name resolution. Basic resolv.conf Configuration To configure DNS using `/etc/resolv.conf`, follow these steps: 1. Open the resolv.conf file with your preferred text editor: ```bash sudo nano /etc/resolv.conf ``` 2. Add your DNS servers using the `nameserver` directive: ```bash Primary DNS server (Google DNS) nameserver 8.8.8.8 Secondary DNS server (Google DNS) nameserver 8.8.4.4 Alternative: Cloudflare DNS nameserver 1.1.1.1 nameserver 1.0.0.1 Search domain for local network search example.com local Options for DNS resolution options timeout:2 attempts:3 ``` Understanding resolv.conf Directives Here are the key directives you can use in `/etc/resolv.conf`: - nameserver: Specifies the IP address of a DNS server (up to 3 servers) - search: Defines search domains for hostname resolution - domain: Sets the local domain name - options: Configures various resolver options Example resolv.conf Configuration ```bash Corporate DNS servers nameserver 192.168.1.1 nameserver 192.168.1.2 Fallback to public DNS nameserver 8.8.8.8 Search domains search corporate.local example.com Resolver options options timeout:5 attempts:2 rotate ``` Important Considerations for resolv.conf ⚠️ Warning: Many modern Linux distributions automatically manage `/etc/resolv.conf`. Direct edits may be overwritten by network management services like NetworkManager or systemd-resolved. Method 2: Using NetworkManager for DNS Configuration NetworkManager is the default network management tool on many modern Linux distributions, including Ubuntu, Fedora, and CentOS. It provides both command-line and graphical interfaces for DNS configuration. Configuring DNS via NetworkManager CLI 1. List available connections: ```bash nmcli connection show ``` 2. Modify DNS settings for a specific connection: ```bash Set primary and secondary DNS servers sudo nmcli connection modify "Your-Connection-Name" ipv4.dns "8.8.8.8,8.8.4.4" Set DNS search domains sudo nmcli connection modify "Your-Connection-Name" ipv4.dns-search "example.com,local" Apply changes sudo nmcli connection up "Your-Connection-Name" ``` 3. Set DNS method to manual: ```bash sudo nmcli connection modify "Your-Connection-Name" ipv4.method manual ``` Example NetworkManager DNS Configuration ```bash Configure Wi-Fi connection with custom DNS sudo nmcli connection modify "MyWiFi" ipv4.dns "1.1.1.1,1.0.0.1" sudo nmcli connection modify "MyWiFi" ipv4.dns-search "home.local" sudo nmcli connection modify "MyWiFi" ipv4.ignore-auto-dns yes sudo nmcli connection up "MyWiFi" ``` Using NetworkManager GUI For desktop users, NetworkManager provides a graphical interface: 1. Open Network Settings from your system settings 2. Select your network connection (Wi-Fi or Ethernet) 3. Navigate to the IPv4 tab 4. Set DNS servers in the DNS field 5. Apply changes and restart the connection Method 3: Configuring systemd-resolved Many modern Linux distributions use `systemd-resolved` as their DNS resolver. This service provides advanced DNS functionality including DNS caching and DNSSEC validation. Checking systemd-resolved Status First, verify if systemd-resolved is active on your system: ```bash Check service status systemctl status systemd-resolved View current DNS configuration resolvectl status ``` Configuring DNS with systemd-resolved 1. Edit the resolved.conf file: ```bash sudo nano /etc/systemd/resolved.conf ``` 2. Configure DNS settings: ```bash [Resolve] Global DNS servers DNS=8.8.8.8 8.8.4.4 1.1.1.1 Fallback DNS servers FallbackDNS=9.9.9.9 149.112.112.112 Search domains Domains=example.com local Enable DNS over TLS DNSSEC=yes DNSOverTLS=opportunistic Enable local DNS caching Cache=yes ``` 3. Restart systemd-resolved: ```bash sudo systemctl restart systemd-resolved ``` Per-Interface DNS Configuration You can also configure DNS settings for specific network interfaces: ```bash Set DNS for a specific interface sudo resolvectl dns eth0 8.8.8.8 8.8.4.4 Set search domain for interface sudo resolvectl domain eth0 example.com View interface-specific settings resolvectl status eth0 ``` Method 4: Distribution-Specific DNS Configuration Different Linux distributions may have unique approaches to DNS configuration. Here are some distribution-specific methods: Ubuntu/Debian with Netplan Modern Ubuntu versions use Netplan for network configuration: 1. Edit netplan configuration: ```bash sudo nano /etc/netplan/01-netcfg.yaml ``` 2. Configure DNS settings: ```yaml network: version: 2 ethernets: eth0: dhcp4: true nameservers: addresses: [8.8.8.8, 8.8.4.4, 1.1.1.1] search: [example.com, local] ``` 3. Apply configuration: ```bash sudo netplan apply ``` Red Hat/CentOS/Fedora For Red Hat-based systems, you can configure DNS through network scripts: 1. Edit interface configuration: ```bash sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0 ``` 2. Add DNS entries: ```bash DNS1=8.8.8.8 DNS2=8.8.4.4 DOMAIN="example.com local" ``` 3. Restart network service: ```bash sudo systemctl restart network ``` Advanced DNS Configuration Options Setting Up DNS Caching DNS caching can significantly improve resolution performance. Here's how to set up local DNS caching: Using dnsmasq 1. Install dnsmasq: ```bash Ubuntu/Debian sudo apt install dnsmasq Red Hat/CentOS/Fedora sudo dnf install dnsmasq ``` 2. Configure dnsmasq: ```bash sudo nano /etc/dnsmasq.conf ``` Add these configurations: ```bash Listen on localhost only listen-address=127.0.0.1 Upstream DNS servers server=8.8.8.8 server=8.8.4.4 Cache size cache-size=1000 Don't read /etc/hosts no-hosts ``` 3. Start dnsmasq service: ```bash sudo systemctl enable dnsmasq sudo systemctl start dnsmasq ``` Configuring DNS over HTTPS (DoH) For enhanced privacy and security, you can configure DNS over HTTPS: 1. Install cloudflared: ```bash wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 sudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflared sudo chmod +x /usr/local/bin/cloudflared ``` 2. Create systemd service: ```bash sudo nano /etc/systemd/system/cloudflared.service ``` ```ini [Unit] Description=DNS over HTTPS (DoH) proxy After=network.target [Service] ExecStart=/usr/local/bin/cloudflared proxy-dns --upstream https://1.1.1.1/dns-query --port 5353 --address 127.0.0.1 Restart=always User=nobody [Install] WantedBy=multi-user.target ``` 3. Configure system to use DoH proxy: ```bash Edit resolv.conf echo "nameserver 127.0.0.1:5353" | sudo tee /etc/resolv.conf ``` Testing and Verifying DNS Configuration After configuring DNS, it's important to test and verify that your configuration works correctly. Basic DNS Testing Commands 1. Test domain resolution: ```bash Using nslookup nslookup google.com Using dig dig google.com Using host host google.com ``` 2. Test specific DNS server: ```bash Test with specific DNS server nslookup google.com 8.8.8.8 dig @8.8.8.8 google.com ``` 3. Check current DNS configuration: ```bash View current resolvers cat /etc/resolv.conf Check systemd-resolved status resolvectl status View NetworkManager DNS settings nmcli device show | grep DNS ``` Advanced DNS Testing 1. Performance testing: ```bash Test DNS response time dig google.com | grep "Query time" Trace DNS resolution path dig +trace google.com ``` 2. Verify DNS over TLS/HTTPS: ```bash Check if DoT is working dig +tls @1.1.1.1 google.com Verify DNSSEC dig +dnssec google.com ``` Troubleshooting Common DNS Issues DNS Resolution Not Working If DNS resolution isn't working, try these troubleshooting steps: 1. Check network connectivity: ```bash Test basic connectivity ping 8.8.8.8 Check if DNS port is accessible telnet 8.8.8.8 53 ``` 2. Verify DNS configuration: ```bash Check resolv.conf cat /etc/resolv.conf Verify nameserver accessibility nslookup google.com 8.8.8.8 ``` 3. Restart network services: ```bash Restart NetworkManager sudo systemctl restart NetworkManager Restart systemd-resolved sudo systemctl restart systemd-resolved Flush DNS cache sudo systemctl flush-dns ``` Slow DNS Resolution To fix slow DNS resolution: 1. Configure faster DNS servers: ```bash Use fast public DNS servers nameserver 1.1.1.1 nameserver 1.0.0.1 ``` 2. Reduce timeout values: ```bash In /etc/resolv.conf options timeout:1 attempts:2 ``` 3. Enable DNS caching: ```bash Install and configure dnsmasq or use systemd-resolved caching sudo systemctl enable systemd-resolved ``` Configuration Being Overwritten If your DNS configuration keeps getting overwritten: 1. Disable automatic DNS management: ```bash For NetworkManager sudo nmcli connection modify "Your-Connection" ipv4.ignore-auto-dns yes ``` 2. Make resolv.conf immutable: ```bash Prevent modifications to resolv.conf sudo chattr +i /etc/resolv.conf ``` 3. Configure through the network manager: Instead of editing `/etc/resolv.conf` directly, use your distribution's network management tools. Best Practices for DNS Configuration Security Considerations 1. Use trusted DNS providers: Choose reputable DNS providers like Cloudflare (1.1.1.1), Google (8.8.8.8), or Quad9 (9.9.9.9) 2. Enable DNS security features: ```bash Enable DNSSEC in systemd-resolved DNSSEC=yes DNSOverTLS=yes ``` 3. Avoid open or untrusted DNS servers: Don't use DNS servers from unknown or untrusted sources Performance Optimization 1. Use geographically close DNS servers: Choose DNS servers that are physically close to your location 2. Configure DNS caching: Enable local DNS caching to reduce lookup times 3. Set appropriate timeout values: Balance between responsiveness and reliability ```bash Optimal timeout settings options timeout:2 attempts:3 rotate ``` Conclusion Configuring DNS in Linux is a fundamental skill that every system administrator and advanced user should master. Whether you're using traditional methods like `/etc/resolv.conf`, modern tools like NetworkManager and systemd-resolved, or advanced features like DNS over HTTPS, the key is understanding which method works best for your specific distribution and use case. Remember that DNS configuration approaches vary between Linux distributions, and many modern systems automatically manage DNS settings. Always test your configuration thoroughly and consider the security implications of your DNS choices. By following the methods and best practices outlined in this guide, you'll be able to configure DNS effectively on any Linux system, troubleshoot common issues, and optimize your network performance for better browsing and application performance. For ongoing DNS management, regularly monitor your configuration, keep your system updated, and stay informed about new DNS security features and best practices in the Linux community.