Hello, Am Mittwoch, 12. Mai 2021, 13:38:01 CEST schrieb Lars Vogdt: [...]
would be my recommended line in /etc/resolv.conf for internal machines.
attempts:1 -> switch to another nameserver, if the 1st request fails timeout:1 -> switch to another nameserver, if not getting an answer after 1 second rotate -> rotate requests to the nameservers in the list
Makes sense, but maybe use attempts:2 to give the nameservers a second chance if they all fail in the first round (which is hopefully unlikely). [Since you asked about the forwarders in an earlier mail - I'm fine with getting rid of the forwarders and directly asking the root DNS servers. I even do that on my laptop ;-) and for servers it makes even more sense.]
IMHO this somehow cries to be managed via Salt, but so far I could not see that we have a "base" or "common" role defined in our Salt repo?
We have that ;-) - pillar/common.sls - pillar/virt_cluster/*.sls (for cluster-specific config, nameserver IPs might fit into this category) - salt/role/base.sls (includes several profile.*) AFAIK resolv.conf is not managed in salt yet - feel free to salt it ;-) Regards, Christian Boltz -- Yes, English can be weird. It can be understood through tough thorough thought, though. [https://twitter.com/iowahawkblog/status/594168269759623168]