1RESOLV.CONF(5) Linux Programmer's Manual RESOLV.CONF(5)
2
3
4
6 resolv.conf - resolver configuration file
7
9 /etc/resolv.conf
10
12 The resolver is a set of routines in the C library that provide access
13 to the Internet Domain Name System (DNS). The resolver configuration
14 file contains information that is read by the resolver routines the
15 first time they are invoked by a process. The file is designed to be
16 human readable and contains a list of keywords with values that provide
17 various types of resolver information.
18
19 On a normally configured system this file should not be necessary. The
20 only name server to be queried will be on the local machine; the domain
21 name is determined from the hostname and the domain search path is con‐
22 structed from the domain name.
23
24 The different configuration options are:
25
26 nameserver Name server IP address
27 Internet address (in dot notation) of a name server that the
28 resolver should query. Up to MAXNS (currently 3, see
29 <resolv.h>) name servers may be listed, one per keyword. If
30 there are multiple servers, the resolver library queries them in
31 the order listed. If no nameserver entries are present, the
32 default is to use the name server on the local machine. (The
33 algorithm used is to try a name server, and if the query times
34 out, try the next, until out of name servers, then repeat trying
35 all the name servers until a maximum number of retries are
36 made.)
37
38 domain Local domain name.
39 Most queries for names within this domain can use short names
40 relative to the local domain. If no domain entry is present,
41 the domain is determined from the local hostname returned by
42 gethostname(2); the domain part is taken to be everything after
43 the first '.'. Finally, if the hostname does not contain a
44 domain part, the root domain is assumed.
45
46 search Search list for host-name lookup.
47 The search list is normally determined from the local domain
48 name; by default, it contains only the local domain name. This
49 may be changed by listing the desired domain search path follow‐
50 ing the search keyword with spaces or tabs separating the names.
51 Resolver queries having fewer than ndots dots (default is 1) in
52 them will be attempted using each component of the search path
53 in turn until a match is found. For environments with multiple
54 subdomains please read options ndots:n below to avoid man-in-
55 the-middle attacks and unnecessary traffic for the root-dns-
56 servers. Note that this process may be slow and will generate a
57 lot of network traffic if the servers for the listed domains are
58 not local, and that queries will time out if no server is avail‐
59 able for one of the domains.
60
61 The search list is currently limited to six domains with a total
62 of 256 characters.
63
64 sortlist
65 This option allows addresses returned by gethostbyname(3) to be
66 sorted. A sortlist is specified by IP-address-netmask pairs.
67 The netmask is optional and defaults to the natural netmask of
68 the net. The IP address and optional network pairs are sepa‐
69 rated by slashes. Up to 10 pairs may be specified. Here is an
70 example:
71
72 sortlist 130.155.160.0/255.255.240.0 130.155.0.0
73
74 options
75 Options allows certain internal resolver variables to be modi‐
76 fied. The syntax is
77
78 options option ...
79
80 where option is one of the following:
81
82 debug sets RES_DEBUG in _res.options.
83
84 ndots:n
85 sets a threshold for the number of dots which must appear
86 in a name given to res_query(3) (see resolver(3)) before
87 an initial absolute query will be made. The default for
88 n is 1, meaning that if there are any dots in a name, the
89 name will be tried first as an absolute name before any
90 search list elements are appended to it. The maximum
91 value for this option is silently capped to 15.
92
93 timeout:n
94 sets the amount of time the resolver will wait for a
95 response from a remote name server before retrying the
96 query via a different name server. Measured in seconds,
97 the default is RES_TIMEOUT (currently 5, see <resolv.h>).
98 The maximum value for this option is silently capped to
99 30.
100
101 attempts:n
102 sets the number of times the resolver will send a query
103 to its name servers before giving up and returning an
104 error to the calling application. The default is
105 RES_DFLRETRY (currently 2, see <resolv.h>). The maximum
106 value for this option is silently capped to 5.
107
108 rotate sets RES_ROTATE in _res.options, which causes round robin
109 selection of nameservers from among those listed. This
110 has the effect of spreading the query load among all
111 listed servers, rather than having all clients try the
112 first listed server first every time.
113
114 no-check-names
115 sets RES_NOCHECKNAME in _res.options, which disables the
116 modern BIND checking of incoming hostnames and mail names
117 for invalid characters such as underscore (_), non-ASCII,
118 or control characters.
119
120 inet6 sets RES_USE_INET6 in _res.options. This has the effect
121 of trying a AAAA query before an A query inside the geth‐
122 ostbyname(3) function, and of mapping IPv4 responses in
123 IPv6 "tunneled form" if no AAAA records are found but an
124 A record set exists.
125
126 ip6-bytestring (since glibc 2.3.4)
127 sets RES_USE_BSTRING in _res.options. This causes
128 reverse IPv6 lookups to be made using the bit-label for‐
129 mat described in RFC 2673; if this option is not set,
130 then nibble format is used.
131
132 ip6-dotint/no-ip6-dotint (since glibc 2.3.4)
133 Clear/set RES_NOIP6DOTINT in _res.options. When this
134 option is clear (ip6-dotint), reverse IPv6 lookups are
135 made in the (deprecated) ip6.int zone; when this option
136 is set (no-ip6-dotint), reverse IPv6 lookups are made in
137 the ip6.arpa zone by default. This option is set by
138 default.
139
140 edns0 (since glibc 2.6)
141 sets RES_USE_EDNSO in _res.options. This enables support
142 for the DNS extensions described in RFC 2671.
143
144 single-request (since glibc 2.10)
145 sets RES_SNGLKUP in _res.options. By default, glibc per‐
146 forms IPv4 and IPv6 lookups in parallel since version
147 2.9. Some appliance DNS servers cannot handle these
148 queries properly and make the requests time out. This
149 option disables the behavior and makes glibc perform the
150 IPv6 and IPv4 requests sequentially (at the cost of some
151 slowdown of the resolving process).
152
153 single-request-reopen (since glibc 2.9)
154 The resolver uses the same socket for the A and AAAA
155 requests. Some hardware mistakenly only sends back one
156 reply. When that happens the client sytem will sit and
157 wait for the second reply. Turning this option on
158 changes this behavior so that if two requests from the
159 same port are not handled correctly it will close the
160 socket and open a new one before sending the second
161 request.
162
163 The domain and search keywords are mutually exclusive. If more than
164 one instance of these keywords is present, the last instance wins.
165
166 The search keyword of a system's resolv.conf file can be overridden on
167 a per-process basis by setting the environment variable LOCALDOMAIN to
168 a space-separated list of search domains.
169
170 The options keyword of a system's resolv.conf file can be amended on a
171 per-process basis by setting the environment variable RES_OPTIONS to a
172 space-separated list of resolver options as explained above under
173 options.
174
175 The keyword and value must appear on a single line, and the keyword
176 (e.g., nameserver) must start the line. The value follows the keyword,
177 separated by white space.
178
180 /etc/resolv.conf, <resolv.h>
181
183 gethostbyname(3), resolver(3), hostname(7), named(8)
184 Name Server Operations Guide for BIND
185
187 This page is part of release 3.22 of the Linux man-pages project. A
188 description of the project, and information about reporting bugs, can
189 be found at http://www.kernel.org/doc/man-pages/.
190
191
192
1934th Berkeley Distribution 2009-03-01 RESOLV.CONF(5)