Client-Side DNS: resolv.conf, hosts, and getent
What You Will Achieve
- Read and write
nameserver/search/optionsin/etc/resolv.conf - Explain static resolution via
/etc/hostsand its priority over DNS - Control the lookup order (
files dns) in thehosts:line of/etc/nsswitch.conf - Query NSS databases across the board with
getent - Understand
systemd-resolved(resolvectland the stub resolver127.0.0.53) - Isolate name-resolution problems with
host/dig
This is the core of LPIC-1 objective 109.4 "Configuring client-side DNS". Once you understand which files are consulted and in what order, you can isolate most connectivity problems.
In What Order Does Client Resolution Happen?
Name resolution starts when an application calls the GNU C Library (glibc) getaddrinfo(), and the hosts: line in /etc/nsswitch.conf decides the sources and their order. If files (/etc/hosts) comes before dns, the hosts file takes priority over DNS.
| Stage | Source | Role |
|---|---|---|
| 1. Order | /etc/nsswitch.conf |
The hosts: line decides the files / dns order |
| 2. Static | /etc/hosts |
Manual IP↔hostname mapping (decisive if matched before DNS) |
| 3. DNS | /etc/resolv.conf |
The nameserver to query and the search domains |
So when "the result of getent hosts differs from DNS", the first things to suspect are the order in nsswitch.conf and the entries in /etc/hosts. The relationship of these three files is paramount on the exam and in practice.
getent hosts returns the result through nsswitch.conf (both hosts and DNS), while host / dig query the DNS server directly. When the two disagree, suspect involvement of /etc/hosts.
Configuring /etc/resolv.conf
/etc/resolv.conf is the resolver configuration file. Its main directives are nameserver (the IP to query), search (domains to append), and options.
nameserver / search / domain / options
cat /etc/resolv.conf
nameserver 192.168.1.1 nameserver 8.8.8.8 search example.com lan options timeout:2 attempts:3
The main directives, per man resolv.conf(5), are as follows.
| Directive | Meaning |
|---|---|
nameserver IP |
DNS server to query. Up to 3 (MAXNS), tried top to bottom |
search dom1 dom2 |
List of domains to append to short names (e.g. web → web.example.com) |
domain name |
Local domain name. Mutually exclusive with search; the last one wins |
options name |
Tune resolver behavior (timeout:n / attempts:n / rotate / ndots:n) |
If both search and domain are present, the last one to appear is used (man resolv.conf(5)). ndots:n is the threshold: names with fewer than n dots are treated as relative and have search applied.
On many distributions /etc/resolv.conf is automatically generated and overwritten by NetworkManager or systemd-resolved. Hand edits can disappear on reboot or connection changes. Make permanent settings at the generating source (described below).
/etc/hosts and /etc/nsswitch.conf
/etc/hosts maps IP addresses to hostnames statically. The hosts: line in /etc/nsswitch.conf decides whether this static definition or DNS is consulted first.
The /etc/hosts format
cat /etc/hosts
127.0.0.1 localhost ::1 localhost ip6-localhost 192.168.1.50 web.example.com web
Per man hosts(5), the format is "IP_address canonical_hostname aliases...". Each line lists an IP and its hostname plus aliases, separated by whitespace. Because it resolves immediately without DNS, it is heavily used to pin names for testing and local development.
The hosts: line of nsswitch.conf
grep hosts /etc/nsswitch.conf
hosts: files dns
The value of hosts: is the lookup order. This setting tries files (/etc/hosts) first, then dns (the servers in /etc/resolv.conf). Because files comes first, a match in /etc/hosts means DNS is not queried. On systemd systems you may see resolve (the systemd-resolved NSS module nss-resolve), as in files resolve [!UNAVAIL=return] dns.
Writing hosts: as dns files makes DNS take priority and stops /etc/hosts pins from working. Order is a classic source of unexpected behavior, so always check this line when troubleshooting.
Verifying with getent / host / dig
getent queries NSS databases (hosts / passwd / group, etc.) through nsswitch.conf. host / dig query the DNS server directly. Using both lets you isolate whether a problem is on the hosts side or the DNS side.
Look up NSS with getent
getent hosts web.example.com getent hosts 8.8.8.8
192.168.1.50 web.example.com web 8.8.8.8 dns.google
getent hosts NAME follows the hosts: line of nsswitch.conf and returns the final result combining /etc/hosts and DNS. getent can also query databases such as passwd / group / services (e.g. getent passwd root). This output is the closest to what an application actually resolves.
Query DNS directly with host / dig
host example.com dig example.com A +short
example.com has address 93.184.216.34 93.184.216.34
host NAME does a forward lookup and host IP does a reverse lookup. dig NAME A queries the A record, and +short extracts only the answer. With @server, as in dig @8.8.8.8 example.com, you can specify the server explicitly and query a specific server without going through /etc/resolv.conf.
The standard isolation pattern is this contrast. getent hosts X succeeds but dig X fails → it is being resolved by /etc/hosts. dig X succeeds but getent hosts X fails → an nsswitch.conf order or NSS module problem.
Configuring systemd-resolved
systemd-resolved is a system service that provides network name resolution. It listens as a stub resolver on 127.0.0.53, and /etc/resolv.conf is often generated to point at this address. Check state and configure with resolvectl.
Check state and resolution with resolvectl
resolvectl status resolvectl query example.com
Global
Protocols: -LLMNR +mDNS ...
Link 2 (eth0)
DNS Servers: 192.168.1.1
DNS Domain: example.com
example.com: 93.184.216.34
resolvectl status shows the current DNS servers and search domains per link. resolvectl query NAME resolves a name through resolved. Note that under systemd-resolved the nameserver in /etc/resolv.conf becomes 127.0.0.53 (the stub resolver), and the actual upstream servers are shown by resolvectl status.
The relationship between resolved.conf and resolv.conf
cat /etc/resolv.conf grep -v '^#' /etc/systemd/resolved.conf
nameserver 127.0.0.53 options edns0 trust-ad search example.com [Resolve] DNS=192.168.1.1 FallbackDNS=8.8.8.8
Specify the permanent upstream DNS in the [Resolve] section of /etc/systemd/resolved.conf (DNS= / FallbackDNS=) and apply it with systemctl restart systemd-resolved. The correct practice is to edit this generating file rather than /etc/resolv.conf directly.
Under systemd-resolved, rewriting 127.0.0.53 in /etc/resolv.conf to a real IP reverts on a service or network restart. Make upstream changes in resolved.conf. In some setups /etc/resolv.conf is a symbolic link to /run/systemd/resolve/stub-resolv.conf.
The Role of /etc/host.conf
/etc/host.conf is a legacy resolver configuration file; on current glibc only limited items (mainly multi) are meaningful. The center of the lookup order has moved to nsswitch.conf.
cat /etc/host.conf
multi on
Per man host.conf(5), glibc ignores the order line, and the lookup order is decided by /etc/nsswitch.conf. multi on tells it to return all IPs when a single host has multiple IPs in /etc/hosts. It is a file kept for historical reasons; just remember that lookup-order control today is done in nsswitch.conf.
Common Mistakes
Most name-resolution trouble stems from misunderstanding these configuration files. Here are five that appear frequently on the exam and in practice.
- resolv.conf edits disappear: NetworkManager / systemd-resolved regenerate the file, so hand edits are volatile. Change it at the source (
resolved.confor the NetworkManager connection). - Misunderstanding the nsswitch.conf order:
hosts: dns filesmakes DNS take priority and ignores/etc/hostspins. Putfilesfirst if you want/etc/hoststo take effect. - Confusing hosts vs. DNS priority: If
/etc/hostshas a match (andfilesis first), DNS is not queried. A stale line left in hosts is a common cause when you think you are querying DNS but are not. - Mistaking the systemd-resolved stub for upstream:
127.0.0.53in/etc/resolv.confis the stub, not the real upstream. Confirm upstream withresolvectl status. - Not understanding the getent vs. dig difference:
getent hostsincludes/etc/hostswhiledigis DNS only. A disagreement is normal and useful for isolation.
Troubleshooting
Symptom: Edited resolv.conf reverts immediately
Cause: NetworkManager or systemd-resolved auto-generates and overwrites /etc/resolv.conf
Check:
ls -l /etc/resolv.conf resolvectl status
Fix: Under systemd-resolved, edit DNS= in /etc/systemd/resolved.conf and run systemctl restart systemd-resolved. Under NetworkManager, set DNS in the connection profile.
Symptom: Only a specific host resolves to an old IP
Cause: A stale entry remains in /etc/hosts and, with files first, matches before DNS
Check:
getent hosts target.example.com grep target.example.com /etc/hosts dig target.example.com +short
Fix: Correct or delete the relevant line in /etc/hosts. The difference between getent and dig results is the evidence of hosts involvement.
Symptom: getent hosts works but dig fails
Cause: The name is resolved by /etc/hosts and is not registered in DNS
Check:
grep name /etc/hosts grep hosts /etc/nsswitch.conf
Fix: If this is by design, there is no problem. To resolve via DNS, remove the line in /etc/hosts and register a record in DNS.
Completion Checklist
- [ ] Checked nameserver / search with
cat /etc/resolv.conf - [ ] Checked the lookup order with
grep hosts /etc/nsswitch.conf - [ ] Checked the actual resolution result with
getent hosts NAME - [ ] Isolated by querying DNS directly with
host/dig - [ ] Under systemd-resolved, confirmed upstream with
resolvectl status
Summary
| Scenario | Command / File | Purpose |
|---|---|---|
| Check DNS servers | /etc/resolv.conf |
Check nameserver / search |
| Static resolution | /etc/hosts |
Pin IP↔hostname |
| Control the order | /etc/nsswitch.conf |
The hosts: files dns order |
| Check real result | getent hosts NAME |
Final result via NSS |
| Query DNS directly | host / dig |
Query the DNS server directly |
| Manage resolved | resolvectl / resolved.conf |
systemd-resolved state and config |
Client-side DNS is the basis of network operations. Once you grasp the relationship of the three files (resolv.conf / hosts / nsswitch.conf) and how to use getent / host / dig, you can reliably isolate name-resolution problems.