Local DNS resolver

From Atomicorp Wiki
Revision as of 16:30, 6 October 2022 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Introduction

A local DNS resolver is standard piece of software installed on the server performing DNS lookups that can lookup the Fully Qualified Domain Name (FQDN) for any IP address. This software is available from the OS vendors of all OSes supported with our products and is normally installed on most Linux systems, and by all known control panels. If you are not sure if your system has a local resolver, please ask your OS or control panel vendor to confirm.

Examples

Examples of this include:

  1. Local caching DNS server
  2. Local installation of the Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server

In both of these examples, the DNS servers need to be configured with the ability to lookup any zone on the Internet, and not just locally served zones. This is generally the standard configuration of a DNS server, however you should check to make sure this is the case. DNS servers that can only look up locally served zones are not resolvers, they rely on remote DNS servers sometimes referred to as forwarders to do resolution for them.

For example, if a server wants to know what the FQDN for 1.2.3.4 is, a local resolver would look this up via DNS by connecting directly to the root DNS servers to find the authoritative DNS server for that zone. A forwarder, which is not a local resolver, would only request the FQDN from another DNS server, and that server would connect to the root DNS servers. The use of remote resolvers adds multiple steps to the process, which causes the lookups to take longer, which causes the lookups to be considerably slower than a local resolver. This slowness is compounded when remote resolvers are shared by multiple systems as the remote resolver must handle other requests from other systems simutaneously. This will add additional delays as the remote resolver works to service these other requests. And finally, because this process occurs entirely over the network (even for requests that could be cached locally, but are not because the DNS server is remote and local), this adds even more delays to process.

Discussion

A Local resolver is different from a remote resolver in that:

  1. all the software necessary to perform the lookup and to manage and present the response is installed on the server requesting the lookup
  2. the local resolver will "talk" directly to the Internets root DNS servers. This reduces the number of steps needed to do the lookup, which is orders of magnitude faster than remote resolvers
  3. the local resolver is only serving requests for itself, which will have less of a work backlog than a shared DNS server which decreases response times
  4. the local resolver also has the advantage of caching responses locally. Once an address is resolved once, remote queries are not necessary for that address (until the answer expires from the cache). Which means the second and subsequent request occurs instantly.
  5. applications on the server are not adversely effected by network delays communicating with a remoter resolver as they only need to communicate with the local resolver on the same server, which occurs effectively instantly

How to tell if your system is setup with a local resolver

A quick way to see if you have a local resolver setup on your system is to run these two tests:

Step 1)

Run this command as root:

grep 127.0.0.1 /etc/resolv.conf

If you do not see a line like this in the first position:

nameserver 127.0.0.1

Then you do not have a local resolver setup on your system.

Step 2) Check to make sure your local resolver is setup as your primary resolver

The file /etc/resolv.conf contains information your system uses to resolve domain and host names. Your OS, if configured correctly, will look at this file to get a list of DNS servers to query. It will query these servers in order, and if it doesnt get a response from the first DNS server, it will move on the the next, and the next in the /etc/resolv.conf file.

For example, this file lists the local resolver first, and remote resolver last. This example does have a local DNS resolved configured for the system.

nameserver 127.0.0.1
nameserver 192.168.1.1
nameserver 192.168.1.251

The example below lists a remote resolver first, and the local resolver last. This example does not have a local DNS resolver configured for the system.

nameserver 192.168.1.1
nameserver 192.168.1.251
nameserver 127.0.0.1

If your system is not configured with the 127.0.0.1 resolver first, then you should not use any DNS based rules. Your system will not use the local resolver unless the remote resolver fails. This will result in a very slow resolution and is not recommended. A local resolver should always be in the first position.

Step 3) If you do have "nameserver 127.0.0.1" in the first line of your /etc/resolv.conf file

Run this command as root:

nslookup www.atomicorp.com

If your system can actually use your local resolver, you will see the 127.0.0.1 resolver return the answer to the DNS query. For example, this system has a working local resolver:

Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
www.atomicorp.com	canonical name = atomicorp.com.
Name:	atomicorp.com
Address: 198.71.51.132

The system below does not have a local working resolver:

Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
www.atomicorp.com	canonical name = atomicorp.com.
Name:	atomicorp.com
Address: 198.71.51.132

The key difference is that the 127.0.0.1 server is not returning the IP address for the www.atomicorp.com FQDN. Another non-local server is. This proves that the local resolver is not working correctly.

Outside articles

How DNS works

Personal tools