resolv.conf(5) File Formats Manual resolv.conf(5) resolv.conf - (resolver) /etc/resolv.conf The resolver is a set of routines in the C library that provide access to the Internet Domain Name System (DNS). The resolver configuration file contains information that is read by the resolver routines the first time they are invoked by a process. The file is designed to be human readable and contains a list of keywords with values that provide various types of resolver information. The configuration file is considered a trusted source of DNS information; see the trust-ad option below for details. If this file does not exist, only the name server on the local machine will be queried, and the search list contains the local domain name determined from the hostname. : nameserver IP- - , , IPv4 ( ), IPv6 (, , ), RFC 2373. MAXNS ( 3, . ) , . , . nameserver, . ( : . , , .. .) search By default, the search list contains one entry, the local domain name. It is determined from the local hostname returned by gethostname(2); the local domain name is taken to be everything after the first '.'. Finally, if the hostname does not contain a '.', the root domain is assumed as the local domain name. This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found. For environments with multiple subdomains please read options ndots:n below to avoid man-in-the-middle attacks and unnecessary traffic for the root-dns-servers. Note that this process may be slow and will generate a lot of network traffic if the servers for the listed domains are not local, and that queries will time out if no server is available for one of the domains. If there are multiple search directives, only the search list from the last instance is used. glibc 2.25 256 . glibc 2.26 . The domain directive is an obsolete name for the search directive that handles one search list entry only. sortlist , gethostbyname(3). IP-/ . -- . IP- . 10 . : sortlist 130.155.160.0/255.255.240.0 130.155.0.0 options . options ... : debug RES_DEBUG _res.options (, glibc ; resolver(3)). ndots:n , , res_query(3) (. resolver(3)) . n 1, , , . 15. timeout:n , . , , , . , RES_TIMEOUT ( 5, ). 30. attempts:n , . RES_DFLRETRY ( 2, . ). 5. rotate RES_ROTATE _res.options, . , . no-aaaa (since glibc 2.36) Sets RES_NOAAAA in _res.options, which suppresses AAAA queries made by the stub resolver, including AAAA lookups triggered by NSS-based interfaces such as getaddrinfo(3). Only DNS lookups are affected: IPv6 data in hosts(5) is still used, getaddrinfo(3) with AI_PASSIVE will still produce IPv6 addresses, and configured IPv6 name servers are still used. To produce correct Name Error (NXDOMAIN) results, AAAA queries are translated to A queries. This option is intended preliminary for diagnostic purposes, to rule out that AAAA DNS queries have adverse impact. It is incompatible with EDNS0 usage and DNSSEC validation by applications. no-check-names RES_NOCHECKNAME _res.options, BIND , (_), -ASCII . inet6 RES_USE_INET6 _res.options. AAAA A gethostbyname(3), IPv4 << >> IPv6, AAAA , A. glibc 2.25 ; getaddrinfo(3), gethostbyname(3). ip6-bytestring (since glibc 2.3.4 to glibc 2.24) RES_USE_BSTRING _res.options. IPv6 , RFC 2673; ( ), . glibc 2.25, DNS, . ip6-dotint/no-ip6-dotint (glibc 2.3.4 to glibc 2.24) Clear/set RES_NOIP6DOTINT in _res.options. When this option is clear (ip6-dotint), reverse IPv6 lookups are made in the (deprecated) ip6.int zone; when this option is set (no-ip6-dotint), reverse IPv6 lookups are made in the ip6.arpa zone by default. These options are available up to glibc 2.24, where no-ip6-dotint is the default. Since ip6-dotint support long ago ceased to be available on the Internet, these options were removed in glibc 2.25. edns0 ( glibc 2.6) RES_USE_EDNS0 _res.options. DNS, RFC 2671. single-request ( glibc 2.10) Sets RES_SNGLKUP in _res.options. By default, glibc performs IPv4 and IPv6 lookups in parallel since glibc 2.9. Some appliance DNS servers cannot handle these queries properly and make the requests time out. This option disables the behavior and makes glibc perform the IPv6 and IPv4 requests sequentially (at the cost of some slowdown of the resolving process). single-request-reopen ( glibc 2.9) RES_SNGLKUPREOP _res.options. A AAAA. . , . , , . no-tld-query ( glibc 2.14) RES_NOTLDQUERY _res.options. res_nsearch() . , <> TLD, localhost . , RES_DEFNAMES RES_DNSRCH. use-vc ( glibc 2.14) RES_USEVC _res.options. TCP DNS. no-reload ( glibc 2.26) RES_NORELOAD _res.options. . trust-ad ( glibc 2.31) Sets RES_TRUSTAD in _res.options. This option controls the AD bit behavior of the stub resolver. If a validating resolver sets the AD bit in a response, it indicates that the data in the response was verified according to the DNSSEC protocol. In order to rely on the AD bit, the local system has to trust both the DNSSEC-validating resolver and the network path to it, which is why an explicit opt-in is required. If the trust-ad option is active, the stub resolver sets the AD bit in outgoing DNS queries (to enable AD bit support), and preserves the AD bit in responses. Without this option, the AD bit is not set in queries, and it is always removed from responses before they are returned to the application. This means that applications can trust the AD bit in responses if the trust-ad option has been set correctly. In glibc 2.30 and earlier, the AD is not set automatically in queries, and is passed through unchanged to applications in responses. search resolv.conf LOCALDOMAIN , . options resolv.conf RES_OPTIONS options . , , (, nameserver), . . , (;) (#), . /etc/resolv.conf, . gethostbyname(3), resolver(3), host.conf(5), hosts(5), nsswitch.conf(5), hostname(7), named(8) BIND aereiae , Azamat Hackimov , Dmitriy S. Seregin , Katrin Kutepova , Lockal , Yuri Kozlov , ; GNU 3 , . . , , . 4th Berkeley Distribution 31 2023 . resolv.conf(5)