Help w. multiple DNS servers

> even though my Mac clients have all 3 DNSs listed they only attempt to use the 1st in the list and fail to use the 2nd or 3rd listed servers

That's how it works.

The purpose of multiple DNS servers is so that when one server doesn't respond the client can retry the request through a different server.

The issue you have is that the first server does respond. The fact that it responds with an 'I don't know' answer is irrelevant. It responds with a 'host unknown' response, but that's good enough to tell the client that the hostname they requested doesn't exist.

The second server would only be queried if the first server didn't respond with any answer at all.

Your solution is to enable recursion - this tells the DNS server to pass the request on to other DNS servers if it doesn't know the answer.

As I understand it if you want to use an internal only DNS zone you need to use only that DNS as you can't be certain the other DNSes isn't getting the request instead of the internal one.

As the external DNSes doesn't know about your internal zone/domain you need to use ONLY the internal DNS with recursion.

The only way I know of to make your DNS not do all lookups (via root servers) by itself is to enter forwarders to the configuration in /etc/named.conf. You still let your internal DNS handle all DNS matters, this will just help it hand over some of the work to the forwarders.

The forwarders you use is usually your ISP DNSes.

With forwarders all lookups of domains not setup in your own DNS is forwarded to the forwarders. With this setting: "forward first;", all forwarders get the same request and the first returning answer is used.

To speed up DNS lookups you also turn off IPv6 in Network config.


You edit the /etc/named.conf file:

-----------------------snip------------------------
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;


// # add this:

forwarders {
<your ISP DNS server#1 IP here>;
<your ISP DNS server#2 IP here>;
};
forward first;

// # to here


};
---------------------snip----------------------------

Well, that's what recursion is for.

The client asks your local server for info, the server answers with, "I don't know, ask these guys". From then on, the client talks with the outside DNS servers and does not query your local DNS server.

I think what you want to do is not to cache public DNS info on your local DNS server.