Multiple External DNS servers

network
dns
v7

(Thorsten) #1

NethServer Version: 7
Module: Network / Configure DNS servers

Hi,

the page allows just two DNS servers. Is there any options to add more DNS servers? In my case I use several free / “non censored” DNS from

https://servers.opennic.org/

However some servers might by temprary down. I would like to enter a priorisation list in nethserver. Is there any option to do so? Would that work via

config show dns

If so, what would be the command?

THX
Thorsten


(Thorsten) #2

Would

db configuration setprop dns NameServers a.b.c.d,b.c.d.e,c.d.e.f,d.e.f.g,

work?
If I try so, the first two Server IPs are shown on the web interface. What ist the correct signal-eventcomment to restart the service?

I guess (and I hope) these settings are different from dhcp provided settings - here I want the dhcp clients to recieve the ip of Nethserver as the dns only

Thank you and best regards
Thorsten


(Rob Bosch) #3

It shoulld be possible since the DNS servers is just a comma separated list of IP addresses of those DNS servers. http://docs.nethserver.org/projects/nethserver-devel/en/v7/dns.html
Maybe the “e-smith db terminal guru’s” in this forum can give a hint?


(Markus Neuberger) #4

Yes, it works. You have to apply the new config with signal-event nethserver-dnsmasq-save.

You may check if the new config is used in /var/log/messages:

[root@myserver ~]# cat /var/log/messages | grep "dnsmasq"
...
Jul  1 11:11:42 myserver dnsmasq[5756]: using nameserver 1.1.1.1#53
Jul  1 11:11:42 myserver dnsmasq[5756]: using nameserver 8.8.4.4#53
Jul  1 11:11:42 myserver dnsmasq[5756]: using nameserver 8.8.8.8#53

Yes, they are:

http://docs.nethserver.org/en/v7/dhcp.html#advanced-options


(Thorsten) #5

WORKS, thank you


(Dan) #6

Orthogonal to this thread, but why doesn’t Neth act as its own DNS resolver? That’s how its ancestor behaved, and it should completely avoid the privacy issue some folks see with DNS.


(Markus Neuberger) #7

Like use 127.0.0.1 as DNS on Nethserver?

I think it’s because the nameservers under “Network/DNS servers” are used as upstream DNS servers in dnsmasq.

Is there a difference on a Nethserver in using the DNS server directly or dnsmasq forwarded?


(Dan) #8

I suppose that’s how it would be set.

SME (Neth’s ancestor) acts as its own DNS resolver, and provides DNS to its LAN clients. It resolves DNS queries by directly querying the authoritative DNS servers for the domains in question, caching the results according to their TTL. It doesn’t use your ISP’s DNS servers, or Google’s, or 9.9.9.9, or 1.1.1.1, or… It’s smart enough to not need them. This should be a recipe for robust DNS resolution (as you’re asking the servers who are in the best position to give accurate answers), and it should also avoid the privacy concerns that resulted in OP’s question (because your DNS queries aren’t going through a single point of logging).

This has been SME’s behavior since before it was SME, but Neth has changed it. I assume the change was deliberate, but wonder why the change was made. Edit: FWIW, pfSense also works this way.


(Markus Neuberger) #9

I found a feature request where unbound is recommended but it may be much effort to replace dnsmasq:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-unbound.html