Randomize DNS Nameservers

domain-name-system resolv.conf

Is it possible to list multiple nameservers in /etc/resolv.conf on a Unix system and resolve dns queries using a random nameserver when making a dns query and not just the first one?


For Linux systems, I use the timeout and rotate options in /etc/resolv.conf... I usually lower the DNS timeout to 1 second.

timeout:n
    sets the amount of time the resolver will wait for a response from a remote name server
    before  retrying  the  query  via  a  different  name server.  Measured in seconds, the
    default is RES_TIMEOUT (currently 5, see  <resolv.h>).   The  maximum  value  for  this
    option is silently capped to 30.

and

rotate 
    sets RES_ROTATE in _res.options, which causes round robin selection of nameservers from
    among  those  listed.  This has the effect of spreading the query load among all listed
    servers, rather than having all clients try the first listed server first every time.

There are different kinds of randomization or pseudo-randomization of DNS resolving on Linux.

With libc resolver and /etc/resolv.conf

"options rotate" is a kind a client-side round-robin and as such can be considered as a poor-man randomization. However, libc resolver supports at most 3 different servers. Here is a sample /etc/resolv.conf that uses 3 popular and reliable public DNS servers.

options timeout:1
options rotate

# resolver1.level3.net
nameserver 209.244.0.3  

# resolver1.opendns.com
nameserver 208.67.222.222  

# google-public-dns-a.google.com
nameserver 8.8.8.8

With unbound

With unbound, one can also specify multiple resolvers (more than 3). The randomization is documented as follows:

The fastest server (randomly picked within a so-called RTT band of 400 msec) is selected when a query has to be sent out

https://www.unbound.net/documentation/info_timeout.html

In /etc/resolv.conf:

nameserver 127.0.0.1

In /etc/unbound/unbound.conf:

forward-zone:
    name: "."
    # google
    #forward-addr: 8.8.8.8 

    # fnd.org
    forward-addr: 80.67.169.12 

    # comodo
    forward-addr: 8.26.56.26

    # level 3
    forward-addr: 209.244.0.3

Short answer: No, it's not.

Longer answer: While nearly all Unix variants use the file /etc/resolv.conf for global name resolution configuration, nowhere close to all of them actually use the same resolver library to do the job. It may be that your particular variant of Unix can do what you want, but to find that out you'll have to read its own documentation. Also, it will not be portable at all.

Related

what does this mean Superfluous name server listed at parent: ns52.domaincontrol.com?
How to find out how DNS is resolved on client computer?
What are the pros & cons of 4xSSD(512Gig) in a RAID10 vs. 2xSSD(1Tb) no RAID?
Loading fail2ban rules to iptables using iptables-persistent
Can a domain name be mapped to multiple ips
LXC container shows host's full RAM amount and CPU count
Can't seem to sync albums that weren't purchased from the itunes store to my IPhone 5c
how to move a video from photo to icloud
Print file from terminal via smb
Is it possible to have two phones (one of which an iPhone) on the same number without changing the SIM card?
Tmux hampers osascripts display notification
Can't re-install homebrew