UNIX System Administration Handbook - Evi Nemeth [247]
nameserver 128.138.204.4 ; piper
nameserver 128.138.240.1 ; anchor
Comments were never defined for the resolv.conf file. They are somewhat supported in that anything that is not recognized is ignored. It’s safe to put comments at the end of nameserver lines because the parser just looks for an IP address and ignores the rest of the line. Because the search line can contain multiple arguments, comments there could cause problems.
The search line lists the domains to query if a hostname is not fully qualified. If a user issues the command ssh foo, for example, the resolver completes the name with the first domain in the search list (in the resolv.conf above, cs.colorado.edu) and looks for foo.cs.colorado.edu. If no such name can be found, the resolver also tries foo.colorado.edu and foo.ee.colorado.edu.
Users in our cs subdomain can use simple hostnames for any local host, but users in the parent domain must use hostname.cs to reach a host in the subdomain. If you create new subdomains, you will also have to reconfigure (educate) your users.
A search directive in the resolv.conf files of machines in the parent domain could allow simple hostnames to be used in both directions:
search colorado.edu. cs.colorado.edu. ee.colorado.edu.
Of course, this configuration assumes that hostnames are unique across the three domains. A search directive can specify up to eight domains.
The servers listed in resolv.conf must be recursive (since the resolver does not understand referrals), and they should each have a cache. If you are using BIND 4 or BIND 8, the servers should not be authoritative for any zones. Their caches can grow quite large, and since versions 4 and 8 do not manage the cache properly, it can take over the entire memory of the machine. If you must mix cached and authoritative data, see the listen-on configuration option for a way to do it safely by running two separate servers on the same machine that listen to different ports.
The servers in nameserver lines are contacted in order; as long as the first one continues to answer queries, the others will be ignored. If a problem occurs, the query times out and the next name server is tried. Each server is tried in turn, up to four times. The timeout interval increases with every failure.
Most resolvers allow a maximum of three name servers to be listed. If more are provided, they are silently ignored. If a host is itself a name server, it should be listed first in its own resolv.conf file.
Earlier versions of BIND used the domain directive in resolv.conf instead of the search directive. It specified a single domain to add to names that were not fully qualified. We recommend replacing domain directives with search directives. The two directives are mutually exclusive, so only one should be present. If you have an older resolver and include both directives in the resolv.conf file, the last one listed is used.
The default behavior of today’s resolvers is a real hodgepodge. Some resolvers are more aggressive with default values than others. Some assume the local machine is a DNS server if no name servers are listed. Some deconstruct a local (fully qualified) hostname to come up with a search list. Some can operate with no /etc/resolv.conf file at all. Don’t count on any of these misfeatures. Just configure resolv.conf normally for each of your hosts.
DNS queries arriving from the outside world will come to your authoritative name servers. It’s a good idea to provide separate servers for resolving queries from inside your domain. Your internal servers should be caching-only and recursive. A large site should have several name servers running throughout the site and should customize the resolv.conf file to spread the load among the servers, minimize network traffic, and reduce the vulnerability of machines to a single point of failure. If name service is broken, your whole site grinds to a halt.
Forwarders are also a good way for a local site to optimize name service. Local name servers point to a forwarder that makes all the external queries