Knowing /etc/resolv.conf file

Why is resolv.conf required?

  • DNS client resolution
  • Used on all *nix based systems.
  • DNS client resolver lookup file.
  • Consulted by the DNS clients commands, like dig, nslookup, web broswers 
  • It can be auto configured, only if you are using DHCP – dhclient command.  It can be configured manually as well.
Exploring /etc/resolv.conf 

  ll   /etc/resolv.conf   size of file is 81 bytes when your system is acting as a dhcp client. In case you find the size bigger or smaller and your m/c is acting as a dhcp client,that means your file has been tampered in some way.

  • search
This is the domain name that will be automatically appended to client names if I am not using fqdn and using only the short names. 
e.g. if you use, ping station1, the dns client will rewrite it to

  • nameserver ipaddr
This is the ip address of the main dns server to consult. 
Some malwares are found to remove the original dns server and replace it with fake dns server ip. So, you will get undesired result. 
Some malwares are also found not to replace your dns server ip but they will append some fake dns server as primary dns server and make your dns server second choice. 


  • By default, except the browsers, all dns clients applications (dig, nslookup) will bypass the /etc/hosts file and use only the /etc/resolv.conf .i.e. only your web browsers will consult the /etc/hosts file.
  • Browsers always consult the order specified in /etc/nsswitch.conf

We can force dig command not to use the nameserver from resolv.conf (skip resolv.conf) but to use a particular specified dns server by: 

dig @   (public dns server-; google dns) 

SUGGESTED ORDER-  (how dns lookup should work, or in which order your queries should be resolved) 

DNS client >Internal dns server (nameserver ip from resolv.conf) > ISP dns server  > Public dns server  > root dns server


open source 310742317467471634

Post a comment



Recent Posts


Join Us