DNS (Domain Name System) configuration and the /etc/hosts file are fundamental to Linux name resolution. Understanding how these systems work together is crucial for network troubleshooting, local development, and system administration. This comprehensive guide covers traditional DNS configuration, modern systemd-resolved, static host entries, and advanced DNS troubleshooting techniques.
Linux Name Resolution Systems Comparison
| Resolution Method | Configuration File | Priority | Use Case | Persistence |
|---|---|---|---|---|
| /etc/hosts | /etc/hosts | First (usually) | Local overrides, development | Permanent |
| systemd-resolved | /etc/systemd/resolved.conf | Configurable | Modern Linux systems | Permanent |
| resolv.conf | /etc/resolv.conf | Traditional | Legacy systems | Often temporary |
| NetworkManager | Connection profiles | Dynamic | Desktop environments | Permanent |
| nsswitch.conf | /etc/nsswitch.conf | Control order | Resolution sequence | Permanent |
Quick Reference:
• Check current DNS:
• Test DNS resolution:
• Check resolution order:
• View systemd-resolved status:
• Flush DNS cache:
• Always backup configuration files before making changes
• Test DNS changes thoroughly before relying on them
• Check current DNS:
cat /etc/resolv.conf• Test DNS resolution:
nslookup google.com or dig google.com• Check resolution order:
cat /etc/nsswitch.conf | grep hosts• View systemd-resolved status:
systemd-resolve --status• Flush DNS cache:
sudo systemd-resolve --flush-caches• Always backup configuration files before making changes
• Test DNS changes thoroughly before relying on them
Name Resolution Workflow
Linux Name Resolution Process
Application Request
→
nsswitch.conf
→
/etc/hosts
→
DNS Cache
→
DNS Server
→
Response
Essential DNS Configuration Files
| Configuration File | Purpose | Syntax | Management Command | Restart Service |
|---|---|---|---|---|
| /etc/hosts | Static hostname mapping | IP hostname aliases | Manual edit | Immediate |
| /etc/resolv.conf | DNS server configuration | nameserver, search, options | Manual or dynamic | Immediate |
| /etc/nsswitch.conf | Name service switch order | Service: source [source...] | Manual edit | Immediate |
| /etc/systemd/resolved.conf | systemd DNS configuration | KEY=value pairs | systemd-resolve | systemctl restart systemd-resolved |
| /etc/hostname | System hostname | Plain text | hostnamectl | Reboot or hostnamectl |
/etc/hosts - Static Hostname Resolution
Basic /etc/hosts Configuration
Configure static hostname to IP address mappings.
/etc/hosts
File Format:
# Basic /etc/hosts structure
127.0.0.1 localhost localhost.localdomain
::1 localhost ip6-localhost ip6-loopback
# Static entries for local servers
192.168.1.100 server1.example.com server1
192.168.1.101 server2.example.com server2
192.168.1.102 database.example.com db
# Development environment
127.0.0.1 myapp.local api.myapp.local
127.0.0.1 admin.myapp.local
# Block unwanted domains (blackhole)
127.0.0.1 ads.example.com
127.0.0.1 tracking.example.comAdvanced /etc/hosts Usage
Advanced static host configuration scenarios.
/etc/hosts - Advanced Features
Advanced Configurations:
# Multiple IPs for same host (round-robin)
192.168.1.100 loadbalancer.example.com
192.168.1.101 loadbalancer.example.com
192.168.1.102 loadbalancer.example.com
# IPv6 addresses
2001:db8::1 server1.example.com
2001:db8::2 server2.example.com
# Network-specific entries
10.0.1.50 nas.local nas
10.0.1.51 printer.local printer
# Docker container access
172.17.0.2 mysql.container.local
172.17.0.3 redis.container.local
# Kubernetes development
127.0.0.1 myapp.k8s.local
127.0.0.1 api.k8s.local/etc/hosts Management
Manage and troubleshoot /etc/hosts file.
Management Commands
Common Operations:
sudo nano /etc/hosts- Edit hosts filegetent hosts google.com- Test hosts resolutionping server1- Test static entrysystemctl restart systemd-resolved- Refresh cache
Validation:
# Test hosts file entry
ping server1.example.com
# Check if hosts entry is used
getent hosts server1.example.com
# Test with different tools
nslookup server1.example.com
dig server1.example.com
# Clear local DNS cache
sudo systemd-resolve --flush-caches/etc/resolv.conf - DNS Configuration
Basic resolv.conf Configuration
Configure DNS servers and search domains.
/etc/resolv.conf
Common Configurations:
# Basic DNS configuration
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1
# With search domains
nameserver 192.168.1.1
search example.com local
options timeout:2
options attempts:3
# IPv6 DNS servers
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
# Local network with fallback
nameserver 192.168.1.1
nameserver 8.8.8.8
search local.example.comresolv.conf Options
Advanced DNS resolver options and parameters.
resolv.conf Options
Available Options:
# Complete resolv.conf example
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1
# Search domains
search example.com sub.example.com local
# Resolver options
options timeout:2
options attempts:3
options rotate
options ndots:2
options single-request
options single-request-reopen
# EDNS0 buffer size
options edns0
# DNS over TLS (if supported)
options use-vcresolv.conf Protection
Manage resolv.conf in modern systems.
resolv.conf Management
Modern Systems:
# Check if resolv.conf is managed
ls -la /etc/resolv.conf
# If it's a symlink to systemd
# /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
# Use systemd-resolve for configuration
sudo systemd-resolve --set-dns=8.8.8.8 --interface=eth0
sudo systemd-resolve --set-domain=example.com --interface=eth0
# For static configuration (if not managed)
sudo nano /etc/resolv.conf
# Make file immutable to prevent changes
sudo chattr +i /etc/resolv.conf
# Make mutable again
sudo chattr -i /etc/resolv.conf/etc/nsswitch.conf - Name Service Switch
nsswitch.conf Configuration
Control the order of name resolution sources.
/etc/nsswitch.conf
Key Configuration Lines:
# Host resolution order
hosts: files dns myhostname
# Common nsswitch.conf structure
passwd: files systemd
group: files systemd
shadow: files
gshadow: files
hosts: files dns myhostname
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files
aliases: filesResolution Order Scenarios
Configure resolution order for different use cases.
Resolution Order Examples
Different Scenarios:
# Development - hosts file first
hosts: files dns myhostname
# Production - DNS first for performance
hosts: dns files myhostname
# Isolated network - only hosts file
hosts: files
# Corporate environment with LDAP
hosts: files dns ldap myhostname
# With mDNS for local discovery
hosts: files mdns_minimal [NOTFOUND=return] dns myhostname
# Fallback configuration
hosts: files dns
# [SUCCESS=return] - stop if found
# [NOTFOUND=return] - stop if not foundnsswitch.conf Management
Test and troubleshoot nsswitch.conf configuration.
Testing Commands
Testing and Validation:
# Check current hosts resolution order
grep hosts /etc/nsswitch.conf
# Test name resolution with getent
getent hosts google.com
getent hosts localhost
getent hosts server1
# Check which service provided the answer
getent -s files hosts server1
getent -s dns hosts google.com
# Validate nsswitch.conf syntax
nsswitch-conf --validate
# Test specific service
getent ahosts google.com
getent ahostsv4 google.com
getent ahostsv6 google.comsystemd-resolved - Modern DNS Management
systemd-resolved Configuration
Configure DNS with systemd-resolved service.
/etc/systemd/resolved.conf
Main Configuration:
# /etc/systemd/resolved.conf
[Resolve]
# DNS servers
DNS=8.8.8.8 8.8.4.4 1.1.1.1
# Fallback DNS servers
FallbackDNS=1.0.0.1 9.9.9.9
# Search domains
Domains=example.com local
# DNSSEC settings
DNSSEC=allow-downgrade
# DNS over TLS
DNSOverTLS=opportunistic
# Cache settings
Cache=yes
# DNS stub listener
DNSStubListener=yessystemd-resolve Commands
Manage DNS with systemd-resolve command.
systemd-resolve [options]
Common Commands:
systemd-resolve --status- Show DNS statussystemd-resolve --flush-caches- Flush DNS cachesystemd-resolve --statistics- Show statisticssystemd-resolve google.com- Query specific domain
Examples:
# Show complete DNS status
systemd-resolve --status
# Flush DNS cache
sudo systemd-resolve --flush-caches
# Show DNS statistics
systemd-resolve --statistics
# Query specific domain
systemd-resolve google.com
# Query with specific type
systemd-resolve -t MX google.com
systemd-resolve -t NS google.com
# Reset DNS configuration per interface
sudo systemd-resolve --set-dns=8.8.8.8 --interface=eth0DNS-over-TLS Configuration
Configure encrypted DNS with DNS-over-TLS.
DNS-over-TLS Setup
Secure DNS Configuration:
# /etc/systemd/resolved.conf with DNS-over-TLS
[Resolve]
DNS=1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com
DNS=8.8.8.8#dns.google 8.8.4.4#dns.google
FallbackDNS=9.9.9.9#dns.quad9.net
DNSOverTLS=yes
Domains=~.
# For opportunistic DNS-over-TLS (encrypt if possible)
DNSOverTLS=opportunistic
# For strict DNS-over-TLS (fail if cannot encrypt)
DNSOverTLS=yes
# With specific DNS servers supporting TLS
DNS=1.1.1.1#cloudflare-dns.com
DNSOverTLS=yesName Resolution Methods Comparison
| Resolution Method | Configuration | Performance | Use Case | Persistence |
|---|---|---|---|---|
| /etc/hosts | Static file | Fastest | Local overrides, development | Permanent |
| DNS Server | /etc/resolv.conf | Fast (cached) | General purpose | Dynamic/Permanent |
| systemd-resolved | /etc/systemd/resolved.conf | Fast with cache | Modern systems | Permanent |
| mDNS | Avahi/service discovery | Medium | Local network discovery | Dynamic |
| LLMNR | Link-local multicast | Medium | Windows compatibility | Dynamic |
DNS Testing and Troubleshooting Commands
Basic DNS Testing
Test DNS resolution and configuration.
DNS Testing Commands
Basic Testing:
# Test with nslookup
nslookup google.com
nslookup 8.8.8.8
# Test with dig
dig google.com
dig google.com A
dig google.com MX
# Test with host
host google.com
host 8.8.8.8
# Test specific DNS server
nslookup google.com 8.8.8.8
dig @8.8.8.8 google.com
# Test reverse DNS
nslookup 8.8.8.8
dig -x 8.8.8.8DNS Troubleshooting
Diagnose and fix DNS issues.
Troubleshooting Commands
Diagnostic Commands:
# Check current DNS configuration
cat /etc/resolv.conf
systemd-resolve --status
# Check resolution order
cat /etc/nsswitch.conf | grep hosts
# Test hosts file
getent hosts google.com
# Check DNS cache
sudo systemd-resolve --statistics
# Flush DNS cache
sudo systemd-resolve --flush-caches
# Trace DNS resolution
dig +trace google.com
# Check DNS response time
time dig google.comAdvanced DNS Analysis
Advanced DNS debugging and analysis.
Advanced DNS Commands
Advanced Analysis:
# Show all DNS records for domain
dig google.com ANY
# Check DNSSEC validation
dig google.com +dnssec
# Test DNS over TCP
dig google.com +tcp
# Check DNS delegation
dig +nssearch google.com
# Monitor DNS queries in real-time
sudo tcpdump -i any -n port 53
# Check specific record types
dig google.com A
dig google.com AAAA
dig google.com MX
dig google.com TXT
dig google.com NS
dig google.com SOAPractical Configuration Examples
Real-World DNS and /etc/hosts Configuration Scenarios
# 1. Development Environment Setup
# /etc/hosts for local development
127.0.0.1 localhost
127.0.0.1 myapp.local
127.0.0.1 api.myapp.local
127.0.0.1 admin.myapp.local
127.0.0.1 db.myapp.local
127.0.0.1 cache.myapp.local
# /etc/resolv.conf for development
nameserver 127.0.0.1
nameserver 8.8.8.8
search local
# 2. Corporate Network Configuration
# /etc/hosts for internal servers
192.168.1.100 dc01.corp.local dc01
192.168.1.101 fs01.corp.local fs01
192.168.1.102 web01.corp.local web01
192.168.1.103 db01.corp.local db01
# /etc/resolv.conf for corporate network
nameserver 192.168.1.10
nameserver 192.168.1.11
search corp.local sub.corp.local
options timeout:2
options attempts:3
# 3. Docker Container DNS
# /etc/hosts in container
127.0.0.1 localhost
172.17.0.1 host.docker.internal
172.17.0.2 mysql
172.17.0.3 redis
# /etc/resolv.conf in container
nameserver 127.0.0.11
options ndots:0
# 4. Kubernetes Development
# /etc/hosts for k8s development
127.0.0.1 kubernetes.docker.internal
127.0.0.1 myapp.k8s.local
127.0.0.1 api.k8s.local
127.0.0.1 postgres.k8s.local
127.0.0.1 redis.k8s.local
# 5. Systemd-resolved Configuration
# /etc/systemd/resolved.conf
[Resolve]
DNS=8.8.8.8 8.8.4.4 1.1.1.1
FallbackDNS=1.0.0.1 9.9.9.9
Domains=example.com
DNSSEC=allow-downgrade
DNSOverTLS=opportunistic
Cache=yes
DNSStubListener=yes
# Enable and start
sudo systemctl enable systemd-resolved
sudo systemctl start systemd-resolved
# 6. NetworkManager DNS Configuration
# Set DNS via NetworkManager
sudo nmcli connection modify "eth0" ipv4.dns "8.8.8.8,8.8.4.4"
sudo nmcli connection modify "eth0" ipv4.dns-search "example.com"
sudo nmcli connection down "eth0"
sudo nmcli connection up "eth0"
# 7. Multiple DNS Servers with Priorities
# /etc/resolv.conf with multiple servers
nameserver 192.168.1.1 # Local DNS
nameserver 8.8.8.8 # Google DNS
nameserver 1.1.1.1 # Cloudflare DNS
nameserver 9.9.9.9 # Quad9 DNS
options timeout:1
options attempts:2
options rotate
# 8. DNS Configuration for VPN
# /etc/resolv.conf for VPN
nameserver 10.8.0.1 # VPN DNS
nameserver 8.8.8.8 # Fallback
search corp.vpn.local
options timeout:3
# 9. Secure DNS Configuration
# /etc/systemd/resolved.conf with DNS-over-TLS
[Resolve]
DNS=1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com
DNSOverTLS=yes
Domains=~.
Cache=yes
# 10. Local Network mDNS Configuration
# /etc/nsswitch.conf with mDNS
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
# 11. DNS Blackhole for Ads
# /etc/hosts for ad blocking
127.0.0.1 ads.example.com
127.0.0.1 tracking.example.com
127.0.0.1 analytics.example.com
127.0.0.1 doubleclick.net
127.0.0.1 googleadservices.com
# 12. Split DNS Configuration
# /etc/resolv.conf for split DNS
nameserver 192.168.1.1
nameserver 8.8.8.8
search internal.corp.local corp.local
options timeout:2
# Internal domains use internal DNS
domain internal.corp.local
nameserver 192.168.1.1
# 13. DNS Cache Configuration
# systemd-resolved with custom cache
[Resolve]
Cache=yes
CacheFromLocalhost=no
DNSCacheSize=1000
DNSTimeout=5s
# 14. DNS Resolution Testing Script
#!/bin/bash
# Test DNS resolution for multiple domains
DOMAINS=("google.com" "github.com" "stackoverflow.com")
for domain in "${DOMAINS[@]}"; do
echo "Testing $domain:"
nslookup $domain | grep "Address:" | head -1
echo "---"
done
# 15. Automated DNS Health Check
#!/bin/bash
# Check DNS health and performance
DNS_SERVERS=("8.8.8.8" "1.1.1.1" "9.9.9.9")
for server in "${DNS_SERVERS[@]}"; do
echo "Testing DNS server: $server"
time dig @$server google.com | grep "Query time"
echo "---"
doneCommon Use Cases
Development Environments
- Local Development: Map domains to localhost for testing
- Microservices: Local service discovery and communication
- Container Development: Access containers by hostname
- API Testing: Test different environments with domain mapping
Production Environments
- Server Communication: Static mapping for critical services
- Load Balancing: DNS-based load distribution
- Disaster Recovery: Quick DNS failover configuration
- Security: Internal service resolution without external DNS
Network Security
- Ad Blocking: Block unwanted domains via hosts file
- Phishing Protection: Redirect known malicious domains
- Content Filtering: Restrict access to specific domains
- DNS Monitoring: Track and log DNS queries
Advanced DNS Configuration
DNS Security (DNSSEC)
Configure DNSSEC validation for secure DNS.
DNSSEC Configuration
DNSSEC Settings:
# systemd-resolved with DNSSEC
[Resolve]
DNSSEC=yes
DNSOverTLS=yes
# Test DNSSEC validation
dig google.com +dnssec
dig sigfail.verteiltesysteme.net +dnssec
dig sigok.verteiltesysteme.net +dnssec
# DNSSEC validation levels:
# - yes: Require DNSSEC validation
# - no: No DNSSEC validation
# - allow-downgrade: Validate if possibleDNS-over-TLS
Configure encrypted DNS connections.
DNS-over-TLS Setup
Encrypted DNS:
# systemd-resolved with DNS-over-TLS
[Resolve]
DNS=1.1.1.1#cloudflare-dns.com
DNSOverTLS=yes
# Test DNS-over-TLS
dig @1.1.1.1 google.com +tcp
# DNS-over-TLS modes:
# - yes: Always use TLS
# - opportunistic: Use if available
# - no: No TLS encryption
# Supported DNS-over-TLS providers:
# - Cloudflare: 1.1.1.1, 1.0.0.1
# - Google: 8.8.8.8, 8.8.4.4
# - Quad9: 9.9.9.9DNS Performance Tuning
Optimize DNS performance and caching.
Performance Optimization
Performance Settings:
# Optimized systemd-resolved configuration
[Resolve]
Cache=yes
CacheFromLocalhost=no
DNSCacheSize=2000
DNSStubListener=yes
ReadEtcHosts=yes
# DNS server selection
DNSSEC=allow-downgrade
DNSOverTLS=opportunistic
# Timeout and retry settings
ResolveTimeout=5s
DNSStubListenerExtra=127.0.0.53
Important Considerations:
• Always backup DNS configuration files before making changes
• Test DNS changes thoroughly before deploying to production
• Be cautious with /etc/hosts overrides - they can break applications
• Understand that /etc/resolv.conf may be managed dynamically
• DNS cache can cause delays in seeing changes - flush when needed
• DNSSEC and DNS-over-TLS may break in restricted networks
• Keep DNS configurations in version control for reproducibility
• Monitor DNS performance and reliability in production
• Always backup DNS configuration files before making changes
• Test DNS changes thoroughly before deploying to production
• Be cautious with /etc/hosts overrides - they can break applications
• Understand that /etc/resolv.conf may be managed dynamically
• DNS cache can cause delays in seeing changes - flush when needed
• DNSSEC and DNS-over-TLS may break in restricted networks
• Keep DNS configurations in version control for reproducibility
• Monitor DNS performance and reliability in production
Pro Tips:
• Use
• Use
• Configure multiple DNS servers for redundancy
• Use search domains to simplify hostname resolution
• Monitor DNS response times for performance issues
• Use DNS-over-TLS for enhanced privacy and security
• Test both forward and reverse DNS resolution
• Keep /etc/hosts clean and well-documented
• Use
getent hosts instead of nslookup for testing hosts file• Use
systemd-resolve --status for comprehensive DNS status• Configure multiple DNS servers for redundancy
• Use search domains to simplify hostname resolution
• Monitor DNS response times for performance issues
• Use DNS-over-TLS for enhanced privacy and security
• Test both forward and reverse DNS resolution
• Keep /etc/hosts clean and well-documented
Key Takeaways
Mastering DNS configuration and /etc/hosts management is essential for Linux system administration, DevOps, and network engineering. Understanding the interaction between different resolution methods - from static hosts file entries to dynamic DNS servers and modern systemd-resolved - enables effective network troubleshooting and reliable service operation. Remember that DNS configuration involves multiple layers including local overrides, resolver configuration, caching, and security features like DNSSEC and DNS-over-TLS. Whether you're setting up a development environment or managing production infrastructure, these skills ensure reliable and efficient name resolution.
Next Step: Explore advanced DNS topics like running your own DNS server with BIND or dnsmasq, DNS-based load balancing, DNS monitoring and analytics, and DNS security best practices.