Setting Primary and Secondary Nameservers in Linux

While we've covered setting up a domain controller and also how create A records to give our servers easy names to use, rather than relying on referencing them by IP address, I've been limited to enjoying this luxury on only my domain connected Windows machines that use my domain controller for DNS. Tonight, I was intent on figuring out how I could integrate this setup with my linux machines, too, and will be showing you how I set my machine up to use my domain controller as a primary name server, while also leveraging a secondary nameserver.

To start, using a text editor of your choice, open up /etc/resolv.conf.  It will probably look something like this:

# Generated by NetworkManager
search localdomain
nameserver 127.0.0.53

We're going to edit our nameserver to now be the IP address of our domain controller. For my environment, my primary domain controller is at 10.10.30.201 so I'll be setting it to that.

# Generated by NetworkManager
search tcude.net
nameserver 10.10.30.201

Now this works great and I can now enter things like 'vcenter.tcude.net' to pull up my vCenter page but I'm going to run into problems once I'm off my home network since I won't have direct access to that domain controller to act as a nameserver. To combat this, we're going to add a secondary nameserver that our machine will fallback on if it realizes it can't utilize our domain controller. It should look something like this:

options rotate
options timeout:1
search tcude.net
nameserver 10.10.30.201
nameserver 9.9.9.9
I chose Quad9 DNS as my secondary DNS

With what I've shown above, my machine will first turn to my domain controller as a nameserver and, should it end up timing out, which it will if I'm not on my home network or VPN'd in, it will fall back on using Quad9 DNS.

One last thing, and this may be specific to my distro but I've noticed that after rebooting, NetworkManager seems to wipe out any changes I've made to /etc/resolv.conf. To stop this from happening, I've edited /etc/NetworkManager/NetworkManager.conf to have "dns=none" in the main section. It should look something like this:

[main]
plugins=ifupdown,keyfile
dns=none

[ifupdown]
managed=false

[device]
wifi.scan-rand-mac-address=no

With that extra line, we should now be able to have our changes to /etc/resolv.conf persist upon reboot.

This has been a fairly brief blog post but I found it interesting and had never messed with /etc/resolv.conf before, so I figured I'd pass along what I learned tonight.