109.4 Configure Client-Side DNS

Weight: 2

Goal: Configure how the local system resolves hostnames into IP addresses.

This is a small, focused objective — only a handful of files and commands. Some of this overlaps with 109.2 and 109.3; the focus here is purely on DNS resolution from the client side.

1. What “Client-Side DNS” Means

You are not setting up a DNS server. You are configuring how this machine asks name servers to translate names like www.example.com into IP addresses.

There are three pieces:

  1. A local hosts file for fixed, manual mappings.
  2. A list of DNS servers to consult, plus default search domains.
  3. A switch file that defines the order in which different sources are consulted.

2. /etc/hosts — Static Mappings

A plain text file that maps IP addresses to hostnames. The resolver consults it before going to DNS on virtually every Linux system (because of nsswitch.conf).

Format

# IP address      hostname(s)
127.0.0.1         localhost
127.0.1.1         myhost.localdomain myhost
192.168.1.50      fileserver fileserver.lan
::1               localhost ip6-localhost ip6-loopback

When to use it

Edits take effect immediately — there is no service to reload.

3. /etc/resolv.conf — DNS Servers and Search Domains

Tells the resolver which DNS servers to query for any name not found in /etc/hosts.

Format

nameserver 192.168.1.1
nameserver 8.8.8.8
nameserver 1.1.1.1
search example.com lan
domain example.com
options timeout:2 attempts:1
Keyword Meaning
nameserver IP A DNS server. List up to three; tried in order.
search dom1 dom2 ... Domain suffixes appended to single-label names. ping web will try web.dom1, then web.dom2.
domain NAME A single default domain. Mutually exclusive with search — the last one in the file wins.
options ... Tuning. Common: timeout:N, attempts:N, rotate, ndots:N.

search vs domain

You use one or the other, not both. search is more flexible (it accepts multiple domains). On most modern systems you’ll only see search.

Examples of search in action

With search example.com lan in /etc/resolv.conf:

ping web        →  tries  web.example.com  then  web.lan
ping web.       →  trailing dot = fully qualified, no search applied
ping web.foo    →  contains dots, treated as fully qualified

The ndots option controls when search expansion happens: ndots:1 (default) means “if the name has fewer than 1 dot, apply the search list.”

The big caveat: /etc/resolv.conf is often auto-generated

On modern systems, this file may be managed by another service:

Manager How it manages the file
NetworkManager Rewrites /etc/resolv.conf based on connection settings.
systemd-resolved /etc/resolv.conf is a symlink to /run/systemd/resolve/resolv.conf or /run/systemd/resolve/stub-resolv.conf (pointing at the local stub on 127.0.0.53).
resolvconf (package, Debian/Ubuntu) Generates the file from snippets supplied by clients (DHCP, openvpn, etc.).
DHCP client Some clients overwrite the file directly with DHCP-provided servers.

If your edits disappear, one of these is the cause. The correct fix depends on the manager:

4. /etc/nsswitch.conf — The Name Service Switch

This file controls the order in which sources are consulted for each kind of lookup. It’s not just for hostnames — it also covers users, groups, and other databases.

Format

passwd:    files
group:     files
shadow:    files

hosts:     files dns
networks:  files

services:  files
protocols: files

Each line has the form:

database: source1 source2 ...

For DNS client behavior, the line that matters is hosts:

hosts:    files dns

means: “look in /etc/hosts first (files), and if not found, query DNS.” This is why edits to /etc/hosts work without any service restart.

Other sources you might see on the hosts: line:

Source Meaning
files /etc/hosts.
dns DNS (/etc/resolv.conf).
mdns4 / mdns4_minimal Multicast DNS (e.g. .local names, Avahi/Bonjour).
resolve systemd-resolved lookups.
myhostname Built-in module that always resolves the local hostname.
nis NIS server.

A common modern line on systemd systems:

hosts:    files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns

Reads as: try local files, then mDNS for .local names, then systemd-resolved, finally falling back to plain DNS. The exam doesn’t quiz on the bracketed action codes — recognizing files and dns is enough.

5. Testing Client-Side Resolution

Three tools, three different scopes.

host — quick lookup, talks directly to DNS

host example.com
host example.com 8.8.8.8        # query a specific server
host -t MX example.com          # specific record type
host 93.184.216.34              # reverse lookup

dig — detailed lookup, talks directly to DNS

dig example.com
dig +short example.com
dig @8.8.8.8 example.com
dig example.com MX
dig -x 93.184.216.34            # reverse lookup

getent hosts — what the system actually returns

getent hosts example.com
getent ahosts example.com

getent goes through /etc/nsswitch.conf, so it sees /etc/hosts and any other configured source. If host and dig say one thing but getent says another, the answer is coming from /etc/hosts (or another non-DNS source).

This is the key debugging insight from this objective: host and dig test DNS; getent tests the system’s full resolution chain.

nslookup — legacy alternative

nslookup example.com
nslookup example.com 8.8.8.8

Still works; host and dig are preferred today but nslookup is on the exam.

6. Awareness: systemd-resolved

systemd-resolved is the DNS client service shipped with systemd. Where it is enabled:

resolvectl status              # show DNS servers, search domains, per-link config
resolvectl query example.com
resolvectl flush-caches        # clear the local DNS cache

You only need to recognize that this service exists for the exam, not configure it deeply.

7. Quick Reference for the Exam

Files:

Commands:

Concepts:

8. Likely Exam Questions (Self-Check)

  1. Which file holds static hostname-to-IP mappings on a Linux client? /etc/hosts.

  2. Which file lists the DNS servers used by the resolver? /etc/resolv.conf.

  3. What is the maximum number of nameserver entries that /etc/resolv.conf will use? Three.

  4. What is the difference between the domain and search directives in /etc/resolv.conf? domain sets a single default domain. search lists multiple suffixes to try. They are mutually exclusive — the last one in the file wins.

  5. What is the role of /etc/nsswitch.conf for hostname resolution? It defines the order in which the resolver consults different sources. The hosts: line typically reads files dns, meaning /etc/hosts is checked before DNS.

  6. You edit /etc/hosts to add a new mapping. Do you need to restart anything? No. The file is read on every lookup; changes take effect immediately.

  7. You edit /etc/resolv.conf and the changes vanish after a few minutes. Why? Something is auto-generating the file — typically NetworkManager, systemd-resolved, resolvconf, or a DHCP client. Configure DNS through that tool instead.

  8. Which tool tells you whether the answer is coming from /etc/hosts or from real DNS? getent hosts uses the full system resolver (and thus /etc/hosts), whereas host and dig go straight to DNS. Comparing the two reveals where the answer comes from.

  9. How do you query a specific DNS server for an A record using host? host example.com 8.8.8.8.

  10. How do you query a specific DNS server for an A record using dig? dig @8.8.8.8 example.com.

  11. What does the line hosts: files dns in /etc/nsswitch.conf mean? For host lookups, consult /etc/hosts first (files), then fall back to DNS.

  12. What does the search example.com lan directive cause when you run ping web? The resolver tries web.example.com first, then web.lan.

  13. What is the loopback address typically listed for localhost in /etc/hosts? 127.0.0.1 for IPv4 and ::1 for IPv6.

  14. What systemd service may make /etc/resolv.conf a symlink to a file under /run/systemd/resolve/? systemd-resolved.

  15. In /etc/hosts, a line is 192.168.1.50 fileserver fileserver.lan. Which name is the canonical name? fileserver — the first hostname on the line. fileserver.lan is an alias.