Difference between revisions of "Local DNS resolver"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "A local DNS resolver is standard piece of software typically installed on the server performing the lookup that can lookup the Fully Qualified Domain Name (FQDN) for any IP ad...")
 
m (How to tell if your system is setup with a local resolver)
(13 intermediate revisions by one user not shown)
Line 1: Line 1:
A local DNS resolver is standard piece of software typically installed on the server performing the lookup that can lookup the Fully Qualified Domain Name (FQDN) for any IP address.  This software is available from the OS vendors of all OSes supported with [[ASL]].
+
= Introduction =
 +
 
 +
A local DNS resolver is standard piece of software installed on the server performing DNS lookups that can lookup the Fully Qualified Domain Name (FQDN) for any IP address.  This software is available from the OS vendors of all OSes supported with [[ASL]] and is normally installed on most systems, and by all known control panels.  If you are not sure if your system has a local resolver, please ask your OS or control panel vendor to confirm.
 +
 
 +
= Examples =
  
 
Examples of this include:
 
Examples of this include:
Line 6: Line 10:
 
# Local installation of the Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
 
# Local installation of the Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
  
In both of these examples, the DNS servers need to be configured with the ability to lookup any zone on the Internet, and not just locally served zones.  DNS servers that can only look up locally served zones are not local resolvers, they rely on remote DNS servers sometimes referred to as forwarders.
+
In both of these examples, the DNS servers need to be configured with the ability to lookup any zone on the Internet, and not just locally served zones.  This is generally the standard configuration of a DNS server, however you should check to make sure this is the case.  DNS servers that can only look up locally served zones are not resolvers, they rely on remote DNS servers sometimes referred to as forwarders to do resolution for them.
 +
 
 +
For example, if a server wants to know what the FQDN for 1.2.3.4 is, a local resolver would look this up via DNS by connecting '''directly''' to the root DNS servers to find the authoritative DNS server for that zone.  A forwarder, which is not a local resolver, would only request the FQDN from another DNS server, and that server would connect to the root DNS servers.  The use of remote resolvers adds multiple steps to the process, which causes the lookups to be considerably slower.  This slowness is compounded when remote resolvers are shared by multiple systems as the remote resolver must handle other requests from other system.  This will add additional delays as the remote resolver works to service requests from multiple systems.  And finally, because this process occurs over the network, this adds additional delays to process.
 +
 
 +
= Discussion =
 +
 
 +
A Local resolver is different from a remote resolver in that:
 +
 
 +
# all the software necessary to perform the lookup and to manage and present the response is installed on the server performing the lookup
 +
# the local resolver will "talk" directly to the Internets root DNS servers.  This reduces the number of steps needed to do the lookup, which is orders of magnitude faster than remote resolvers
 +
# the local resolver is only serving requests for its server, reducing the work load and decreasing response teimes
 +
# the local resolver also has the advantage of caching responses locally.  So if an address is resolved, remote queries are not necessary for that address until the answer expires from the cache.  This causes future lookups to occur instantly.
 +
# applications on the server are not adversely effected by network delays communicating with a remoter resolver as they only need to communicate with the local resolver on the same server
 +
 
 +
== How to tell if your system is setup with a local resolver ==
 +
 
 +
A quick way to see if you have a local resolver setup on your system is to run these two tests:
 +
 
 +
Step 1)
 +
 
 +
Run this command as root:
 +
 
 +
grep 127.0.0.1 /etc/resolv.conf
 +
 
 +
If you do not see a line like this in the first position:
 +
 
 +
nameserver 127.0.0.1
 +
 
 +
Then you do not have a local resolver setup on your system. 
 +
 
 +
Step 2)  Check to make sure your local resolver is setup as your primary resolver
 +
 
 +
The file /etc/resolv.conf contains information your system uses to resolve domain and host names.  Your OS, if configured correctly, will look at this file to get a list of DNS servers to query.  It will query these servers in order, and if it doesnt get a response from the first DNS server, it will move on the the next, and the next in the /etc/resolv.conf file. 
 +
 
 +
For example, this file lists the local resolver first, and remote resolver last.  This example does have a local DNS resolved configured for the system.
 +
 
 +
<pre>
 +
nameserver 127.0.0.1
 +
nameserver 192.168.1.1
 +
nameserver 192.168.1.251
 +
</pre>
 +
 
 +
The example below lists a remote resolver first, and the local resolver last.  '''This example does not have a local DNS resolver configured for the system.'''
 +
 
 +
<pre>
 +
nameserver 192.168.1.1
 +
nameserver 192.168.1.251
 +
nameserver 127.0.0.1
 +
</pre>
 +
 
 +
If your system is not configured with the 127.0.0.1 resolver first, then you should not use any DNS based rules.  Your system will not use the local resolver unless the remote resolver fails.  This will result in a very slow resolution and is not recommended.  A local resolver should always be in the first position.
 +
 
 +
Step 3) If you do have "nameserver 127.0.0.1" in the first line of your /etc/resolv.conf file
 +
 
 +
Run this command as root:
 +
 
 +
nslookup www.atomicorp.com
 +
 
 +
If your system can actually use your local resolver, you will see the 127.0.0.1 resolver return the answer to the DNS query.  For example, this system has a working local resolver:
 +
 
 +
<pre>
 +
Server: 127.0.0.1
 +
Address: 127.0.0.1#53
 +
 
 +
Non-authoritative answer:
 +
www.atomicorp.com canonical name = atomicorp.com.
 +
Name: atomicorp.com
 +
Address: 198.71.51.132
 +
</pre>
 +
 
 +
'''The system below does not have a local working resolver:'''
 +
 
 +
<pre>
 +
Server: 192.168.1.1
 +
Address: 192.168.1.1#53
 +
 
 +
Non-authoritative answer:
 +
www.atomicorp.com canonical name = atomicorp.com.
 +
Name: atomicorp.com
 +
Address: 198.71.51.132
 +
</pre>
 +
 
 +
The key difference is that the 127.0.0.1 server is not returning the IP address for the www.atomicorp.com FQDN.  Another non-local server is.  This proves that the local resolver is not working correctly.
  
For example, if a server wants to know what the FQDN for 1.2.3.4 is, it would look this up via DNS by connecting directly to the root servers to find the authoritative DNS server for that zone.  A forwarder, which is not a local resolver, would only request the FQDN from another DNS server.  This adds another step in the process, and causes the lookups to be considerably slower.
+
= Outside articles =
  
A Local resolver is different from a remote resolver in that all the software necessary to perform the lookup and to manage and present the response is installed on the server performing the lookup, and the local resolver will "talk" directly to the Internets root DNS servers. This reduces the number of steps needed to do the lookup, which is orders of magnitude faster than remote resolvers, and the local resolver also has the advantage of caching responses locally. So if an address is resolved, remote queries are not necessary for that address until the answer expires from the cache. This causes future lookups to occur instantly.
+
[http://www.faqs.org/docs/linux_network/x-087-2-resolv.howdnsworks.html How DNS works]

Revision as of 14:36, 13 February 2019

Contents

Introduction

A local DNS resolver is standard piece of software installed on the server performing DNS lookups that can lookup the Fully Qualified Domain Name (FQDN) for any IP address. This software is available from the OS vendors of all OSes supported with ASL and is normally installed on most systems, and by all known control panels. If you are not sure if your system has a local resolver, please ask your OS or control panel vendor to confirm.

Examples

Examples of this include:

  1. Local caching DNS server
  2. Local installation of the Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server

In both of these examples, the DNS servers need to be configured with the ability to lookup any zone on the Internet, and not just locally served zones. This is generally the standard configuration of a DNS server, however you should check to make sure this is the case. DNS servers that can only look up locally served zones are not resolvers, they rely on remote DNS servers sometimes referred to as forwarders to do resolution for them.

For example, if a server wants to know what the FQDN for 1.2.3.4 is, a local resolver would look this up via DNS by connecting directly to the root DNS servers to find the authoritative DNS server for that zone. A forwarder, which is not a local resolver, would only request the FQDN from another DNS server, and that server would connect to the root DNS servers. The use of remote resolvers adds multiple steps to the process, which causes the lookups to be considerably slower. This slowness is compounded when remote resolvers are shared by multiple systems as the remote resolver must handle other requests from other system. This will add additional delays as the remote resolver works to service requests from multiple systems. And finally, because this process occurs over the network, this adds additional delays to process.

Discussion

A Local resolver is different from a remote resolver in that:

  1. all the software necessary to perform the lookup and to manage and present the response is installed on the server performing the lookup
  2. the local resolver will "talk" directly to the Internets root DNS servers. This reduces the number of steps needed to do the lookup, which is orders of magnitude faster than remote resolvers
  3. the local resolver is only serving requests for its server, reducing the work load and decreasing response teimes
  4. the local resolver also has the advantage of caching responses locally. So if an address is resolved, remote queries are not necessary for that address until the answer expires from the cache. This causes future lookups to occur instantly.
  5. applications on the server are not adversely effected by network delays communicating with a remoter resolver as they only need to communicate with the local resolver on the same server

How to tell if your system is setup with a local resolver

A quick way to see if you have a local resolver setup on your system is to run these two tests:

Step 1)

Run this command as root:

grep 127.0.0.1 /etc/resolv.conf

If you do not see a line like this in the first position:

nameserver 127.0.0.1

Then you do not have a local resolver setup on your system.

Step 2) Check to make sure your local resolver is setup as your primary resolver

The file /etc/resolv.conf contains information your system uses to resolve domain and host names. Your OS, if configured correctly, will look at this file to get a list of DNS servers to query. It will query these servers in order, and if it doesnt get a response from the first DNS server, it will move on the the next, and the next in the /etc/resolv.conf file.

For example, this file lists the local resolver first, and remote resolver last. This example does have a local DNS resolved configured for the system.

nameserver 127.0.0.1
nameserver 192.168.1.1
nameserver 192.168.1.251

The example below lists a remote resolver first, and the local resolver last. This example does not have a local DNS resolver configured for the system.

nameserver 192.168.1.1
nameserver 192.168.1.251
nameserver 127.0.0.1

If your system is not configured with the 127.0.0.1 resolver first, then you should not use any DNS based rules. Your system will not use the local resolver unless the remote resolver fails. This will result in a very slow resolution and is not recommended. A local resolver should always be in the first position.

Step 3) If you do have "nameserver 127.0.0.1" in the first line of your /etc/resolv.conf file

Run this command as root:

nslookup www.atomicorp.com

If your system can actually use your local resolver, you will see the 127.0.0.1 resolver return the answer to the DNS query. For example, this system has a working local resolver:

Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
www.atomicorp.com	canonical name = atomicorp.com.
Name:	atomicorp.com
Address: 198.71.51.132

The system below does not have a local working resolver:

Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
www.atomicorp.com	canonical name = atomicorp.com.
Name:	atomicorp.com
Address: 198.71.51.132

The key difference is that the 127.0.0.1 server is not returning the IP address for the www.atomicorp.com FQDN. Another non-local server is. This proves that the local resolver is not working correctly.

Outside articles

How DNS works

Personal tools