Local DNS resolver
Contents |
Introduction
A local DNS resolver is standard piece of software installed on the server performing DNS lookups that can lookup the Fully Qualified Domain Name (FQDN) for any IP address. This software is available from the OS vendors of all OSes supported with ASL and is normally installed on most systems, and by all known control panels. If you are not sure if your system has a local resolver, please ask your OS or control panel vendor to confirm.
Examples
Examples of this include:
- Local caching DNS server
- Local installation of the Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
In both of these examples, the DNS servers need to be configured with the ability to lookup any zone on the Internet, and not just locally served zones. This is generally the standard configuration of a DNS server, however you should check to make sure this is the case. DNS servers that can only look up locally served zones are not resolvers, they rely on remote DNS servers sometimes referred to as forwarders to do resolution for them.
For example, if a server wants to know what the FQDN for 1.2.3.4 is, a local resolver would look this up via DNS by connecting directly to the root DNS servers to find the authoritative DNS server for that zone. A forwarder, which is not a local resolver, would only request the FQDN from another DNS server, and that server would connect to the root DNS servers. The use of remote resolvers adds multiple steps to the process, which causes the lookups to be considerably slower. This slowness is compounded when remote resolvers are shared by multiple systems as the remote resolver must handle other requests from other system. This will add additional delays as the remote resolver works to service requests from multiple systems. And finally, because this process occurs over the network, this adds additional delays to process.
Discussion
A Local resolver is different from a remote resolver in that:
- all the software necessary to perform the lookup and to manage and present the response is installed on the server performing the lookup
- the local resolver will "talk" directly to the Internets root DNS servers. This reduces the number of steps needed to do the lookup, which is orders of magnitude faster than remote resolvers
- the local resolver is only serving requests for its server, reducing the work load and decreasing response teimes
- the local resolver also has the advantage of caching responses locally. So if an address is resolved, remote queries are not necessary for that address until the answer expires from the cache. This causes future lookups to occur instantly.
How to tell if your system is setup with a local resolver
A quick way to see if you have a local resolver setup on your system is to run these two tests:
Step 1)
Run this command as root:
grep 127.0.0.1 /etc/resolv.conf
If you do not see a line like this in the first position:
nameserver 127.0.0.1
Then you do not have a local resolver setup on your system. Or if you do have this line listed after other DNS servers, then your system will not use the local resolver unless the remote resolver fails. This will results in very slow resolution and is not recommended. A local resolver should be in the first position.
Step 2) Check to make sure your local resolver is setup as your primary resolver
The file /etc/resolv.conf contains information your system uses to resolve domain and host names. Your OS, if configured correctly, will look at this file to get a list of DNS servers to query. It will query these servers in order, and if it doesnt get a response from the first DNS server, it will move on the the next, and the next in the /etc/resolv.conf file. For example, this file lists the local resolver first, and remote resolver last:
nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 192.168.1.251
The example below lists a remote resolver first, and the local resolver last.
nameserver 192.168.1.1 nameserver 192.168.1.251 nameserver 127.0.0.1
If your system is not configured with your local resolver first, then you should not use any DNS based rules.
Step 3) If you do have that line your /etc/resolv.conf file
Run this command as root:
nslookup www.atomicorp.com
If your system can actually use your local resolver, you will see your local resolver return the answer to the DNS query. For example, this system has a working local resolver:
Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: www.atomicorp.com canonical name = atomicorp.com. Name: atomicorp.com Address: 198.71.51.132
This system does not have a local working resolver:
Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: www.atomicorp.com canonical name = atomicorp.com. Name: atomicorp.com Address: 198.71.51.132
The key difference is that the 127.0.0.1 server is not returning the IP address for the www.atomicorp.com FQDN. Another non-local server is. This proves that the local resolver is not working correctly.