linuxlab.io
Tutorials▾
  • Linux & networking
    File system, processes, TCP/IP, BGP and OSPF
    →
  • Terraform & IaC
    HCL, state, plan/apply on a LocalStack sandbox
    →
  • Git & GitHub
    Object model, plumbing, branching, GitHub Actions
    →
All tutorials →
PricingAboutSign inCreate account
/
  • Introduction
  • Lessons
  • How it works
  • Simulator
  • Knowledge base
  • Interview prep
Index
Categories
All entries
Footer
linuxlab-TutorialsPricingAboutPrivacy & cookies
Copyright © 2026 LinuxLab. All rights reserved.
home/linux/kb/Networking: L4 and above/dns-resolution

kb/network-l4 ── Networking: L4 and above ── intermediate

DNS: Resolution

Name-to-IP resolution goes through NSS: first `/etc/hosts`, then DNS via `/etc/resolv.conf`. The order is set in `/etc/nsswitch.conf`.

view as markdownaka: dns, name-resolution, etc-hosts, etc-resolv-conf

What DNS is

Domain Name System (RFC 1035) is a distributed hierarchical database that maps human-readable names to IP addresses (and back). A query goes over UDP/53 (or TCP/53 for large responses).

NSS: Name Service Switch

On Linux, the resolution process itself is a call to the libc function gethostbyname() / getaddrinfo(). That function queries sources through NSS plugins in the order defined in /etc/nsswitch.conf:

hosts: files dns
  • files - /etc/hosts
  • dns - a real DNS server
  • On systems with systemd-resolved: resolve [!UNAVAIL=return] files dns
  • With mDNS: mdns_minimal [NOTFOUND=return] files dns

So ping mysite.local checks /etc/hosts first. This lets you locally override any name without touching DNS.

/etc/hosts

The simplest resolver. Format: IP name [aliases...]:

127.0.0.1   localhost
::1         localhost ip6-localhost
192.168.1.5 nas.local nas

Common uses:

  • Pinning a name in dev environments (api.local to 127.0.0.1)
  • Blocking domains Pi-hole-style (0.0.0.0 ad-tracker.com)
  • Hostname tricks for migration tests

/etc/resolv.conf

DNS server list and its parameters:

nameserver 1.1.1.1
nameserver 8.8.8.8
search corp.example.com lab.example.com
options timeout:2 attempts:1
  • nameserver - DNS server IP; servers are tried in order
  • search - suffixes for short names: ping db1 tries db1.corp.example.com, then db1.lab.example.com, then db1.
  • options - timeouts, retry count, randomize, and so on

On systemd systems the file is often a symlink to /run/systemd/resolve/... and is configured through systemd-resolved (or NetworkManager).

getent vs dig

Two resolution commands with different semantics:

  • getent hosts name goes through NSS, sees /etc/hosts plus the cache plus DNS. This is the path a real application takes. Use it to answer "what will libc see."

  • dig name goes directly to the DNS server in resolv.conf, bypassing /etc/hosts. Use it specifically to debug the DNS server.

So dig mysite.local may return nothing while getent hosts mysite.local returns 127.0.0.1. That is not a bug; those are two different layers.

Record types

  • A - name to IPv4
  • AAAA - name to IPv6
  • CNAME - alias of one name to another
  • MX - mail exchanger
  • TXT - arbitrary text (SPF, DKIM, domain verification)
  • NS - which nameservers are authoritative for the zone
  • PTR - reverse: IP to name
  • SRV - service record (host and port for a specific service)

§ команды

bash
getent hosts example.com

Resolve through NSS, seeing /etc/hosts, caches, and DNS (the same path a real application uses)

bash
dig example.com

Query the DNS server from /etc/resolv.conf directly, bypassing /etc/hosts

bash
dig +short example.com

Show only the result, without the header

bash
dig MX gmail.com

Request a specific record type (MX is the mail exchanger)

bash
dig @1.1.1.1 example.com

Ask a specific nameserver (useful for comparing different DNS servers)

bash
dig -x 8.8.8.8

Reverse lookup: IP to name

bash
resolvectl status

On systems with systemd-resolved: show current DNS configuration and cache

§ см. также

  • udp-basicsUDP: User Datagram ProtocolUDP delivers datagrams without establishing a connection, without retransmits, and without ordering guarantees. Header is 8 bytes. Use it for DNS, DHCP, QUIC, VoIP, and any case where latency matters more than reliability.
  • dhcp-protocolDHCP: Dynamic Host Configuration ProtocolDHCP gives a host its IP address, subnet mask, gateway, and DNS via broadcast. 4 packets: DORA = Discover (client), Offer (server), Request (client), Ack (server). The lease renews at 50% of the TTL.
  • cmd-digdig: DNS queries with full detaildig queries DNS. Ask for any record type from any server. +short gives compact output. +trace follows resolution from the root. +dnssec shows DNSSEC signatures. It replaces nslookup for debugging.
  • smtp-mtaSMTP: MTA and Email DeliverySMTP is a text-based mail delivery protocol. Port 25/tcp is server-to-server, 587 is submission (client with auth), 465 is implicit-TLS legacy. MX record in DNS, STARTTLS+SPF+DKIM+DMARC is the standard stack.
  • systemd-resolvedsystemd-resolved: the local DNS stubsystemd-resolved is a DNS stub resolver. It listens on `127.0.0.53:53` and proxies queries to upstream DNS, aggregating data from NetworkManager, DHCP, and VPN. You drive it with `resolvectl`.

§ упоминается в уроках

  • ›intermediate-01-network-101
  • ›intermediate-04-dns
  • ›intermediate-12-bind-dns-server
Footer
linuxlab-
Copyright © 2026 LinuxLab. All rights reserved.
Tutorials
Pricing
About
Privacy & cookies