Beware the System Name Server Setting


There’s a fair amount of EdgeRouter guidance suggesting the System Name Server be configured, primarily in conjunction with set interfaces ethernet ethX dhcp-options name-server no-update in order to specify nameservers other than what the upstream ISP provides. OpenDNS, Google’s /, etc.

Whatever is entered here gets put at the top of /etc/resolv.conf. DNSmasq will pick up those entries as forwarders. The system itself, however, will use those entries directly for DNS resolution — bypassing DNSmasq and not performing any caching.

For many deployments this doesn’t matter — a typical configuration won’t have the router itself initiating many DNS lookups. There are several situations where this does matter:

  • Multi-WAN connectivity tests if you have not explicitly set an IP-based test target.
  • Dynamic DNS updates.
  • UNMS.

In each of these instances, DNS lookups are performed by the system at intervals of 1 minute or less. If your upstream DNS provides any DNS reporting the DNS lookups for those services will be at the top of your reports.

The way to minimize the number of local DNS lookups that get forwarded is to specify as the system nameserver, so they go through DNSmasq and are routed and cached the same as DNS requests from clients. To configure the upstream forwarders there are two options:

  1. Specify addition nameservers for this option. The local system will always attempt resolution starting with the first entry in /etc/resolv.conf, while DNSmasq will ignore and use the additional entries as forwarders.
  2. Explicitly configure DNSmasq forwarders using set service dns forwarding options server=DNS_Server_IP

I use the second method as it keeps the DNS forwarding options in one section of the config file instead of two.

Leave a Reply