Author: Usman O. Olanrewaju (Blu3 Sky)
Created: 2026/02/09
Modified: 2026/05/22
Environment: Fedora (Host), RHEL (Lab), Framework 13
Focus: DNS name resolution, resolver configuration, lookup tools, NTP fundamentals, Chrony configuration, stratum levels, and system time management
- DNS — Core Concepts
- DNS Client Configuration Files
- Name Resolution with dig
- Name Resolution with host
- Name Resolution with nslookup
- Name Resolution with getent
- NTP and Time Synchronization — Core Concepts
- Chrony Configuration File — /etc/chrony.conf
- Setting Up and Managing Chrony
- System Date and Time Management
- Configuring a Custom Chrony Time Source
DNS (Domain Name System) is an inverted tree-like hierarchical structure used on the Internet and private networks as the de facto standard for resolving hostnames to their numeric IP addresses. DNS is commonly implemented using BIND (Berkeley Internet Name Domain).
The DNS name space is a hierarchical organization of all domains on the Internet. The root of the name space is represented by a period (.). The hierarchy directly below the root consists of top-level domains (TLDs) such as .com, .net, .edu, .org, .gov, .ca, and .de.
A DNS domain is a collection of one or more systems. Subdomains fall under their parent domains and are separated by a period. For example, redhat.com is a second-level domain under .com, and bugzilla.redhat.com is a third-level domain under redhat.com.
At the deepest level of the hierarchy are the leaves — systems, nodes, or any device with an IP address. When a period is appended to the end of a fully qualified name (e.g. net01.travel.gc.ca.), it represents the Fully Qualified Domain Name (FQDN).
DNS hierarchy example:
. (root)
|
.com .net .edu .org .gov .ca, .uk
|
.redhat .ibm .internic
|
.bugzilla
FQDN breakdown example:
altinbas.edu.tr.
| | | └-----> trailing dot = FQDN
| | └--> top-level domain (.tr = Turkey)
| └--> second-level domain (.edu)
└-> subdomain (altinbas)
From a DNS perspective, a system can operate in one of three roles:
Primary server — responsible for its domain or subdomain. Maintains the master database of all hostnames and their associated IP addresses. All changes are made here. Each domain must have exactly one primary server with one or more optional secondary servers.
Secondary server — receives time from the primary and stores a copy of the master database. Continues to provide name resolution if the primary becomes unavailable. Optional but highly recommended for redundancy.
DNS client — queries nameservers for name lookups. Every system with internet access runs DNS client functionality. On Linux, configuring a DNS client primarily involves two text files: /etc/resolv.conf and /etc/nsswitch.conf.
The resolv.conf file defines the nameservers to query and the default search domain. Resolver utilities reference it to construct and transmit queries.
$ sudo cat /etc/resolv.conf
[sudo] password for blue:
# Generated by NetworkManager
search Usman.O.Olanrewaju
nameserver 192.168.122.1resolv.conf directives:
| Directive | Description |
|---|---|
domain |
Identifies the default domain name to be searched for queries |
nameserver |
Declares one or more DNS server IP addresses to be queried in order. Multiple entries are tried one at a time. |
search |
Specifies up to six domain names — the first must be the local domain. No need to define domain if search is used. |
If
/etc/resolv.confis absent, resolver utilities may default to querying a local caching resolver at127.0.0.53, or rely on system-managed DNS configuration.
nsswitch.conf directs lookup utilities to the correct source to get hostname information. When multiple sources exist, it defines the order to consult them and what action to take next.
$ sudo cat /etc/nsswitch.conf
# Generated by authselect
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
# In order of likelihood of use to accelerate lookup.
passwd: files systemd
shadow: files systemd
group: files [SUCCESS=merge] systemd
hosts: files dns myhostname
services: files
netgroup: files
automount: files
aliases: files
ethers: files
gshadow: files systemd
networks: files dns
protocols: files
publickey: files
rpc: filesThe
hostsline reads: checkfiles(/etc/hosts) first, thendns, thenmyhostname. This is the resolution order for all hostname lookups.
nsswitch.conf status keywords:
| Keyword | Meaning | Default Action |
|---|---|---|
success |
Information found in source and provided to the requester | return (do not try the next source) |
notfound |
Information not found in source | continue (try the next source) |
unavail |
Source is down, not responding, service disabled or not configured | continue (try the next source) |
dig (domain information groper) is a DNS lookup utility. It queries the nameserver specified at the command line or consults the resolv.conf file to determine the nameservers to be queried.
$ dig altinbas.edu.tr
; <<>> DiG 9.18.33 <<>> altinbas.edu.tr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64621
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;altinbas.edu.tr. IN A
;; ANSWER SECTION:
altinbas.edu.tr. 3103 IN A 46.234.29.115 # --> altinbas website ip
;; Query time: 0 msec
;; SERVER: 192.168.122.1#53(192.168.122.1) (UDP) # --> the namespace from /etc/resolve.conf
;; WHEN: Fri May 22 23:18:07 +03 2026
;; MSG SIZE rcvd: 60$ dig google.com
; <<>> DiG 9.18.33 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27926
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 142.251.38.238 # --> google ip
;; Query time: 53 msec
;; SERVER: 192.168.122.1#53(192.168.122.1) (UDP)
;; WHEN: Fri May 22 23:20:58 +03 2026
;; MSG SIZE rcvd: 55
$ dig -x 46.234.29.115
; <<>> DiG 9.18.33 <<>> -x 46.234.29.115
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15925
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;115.29.234.46.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
46.in-addr.arpa. 899 IN SOA pri.authdns.ripe.net. dns.ripe.net. 1779470994 3600 600 864000 3600
;; Query time: 248 msec
;; SERVER: 192.168.122.1#53(192.168.122.1) (UDP)
;; WHEN: Fri May 22 23:24:43 +03 2026
;; MSG SIZE rcvd: 115
NXDOMAINstatus on the reverse lookup means no PTR record is configured for that IP — the domain does not have reverse DNS set up. This is common.
host is a basic DNS lookup utility that works on the same principles as the dig command in terms of nameserver determination.
$ host redhat.com
redhat.com has address 52.200.142.250
redhat.com has address 34.235.198.240
redhat.com mail is handled by 10 us-smtp-inbound-1.mimecast.com.
redhat.com mail is handled by 10 us-smtp-inbound-2.mimecast.com.Adding
-vtohostproduces output in the same verbose format asdig.
$ host -v 52.200.142.250
Trying "250.142.200.52.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22287
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;250.142.200.52.in-addr.arpa. IN PTR
;; ANSWER SECTION:
250.142.200.52.in-addr.arpa. 298 IN PTR ec2-52-200-142-250.compute-1.amazonaws.com.
Received 101 bytes from 192.168.122.1#53 in 858 msnslookup queries the nameservers listed in /etc/resolv.conf or those specified explicitly on the command line.
$ nslookup google.com
Server: 192.168.122.1
Address: 192.168.122.1#53
Non-authoritative answer:
Name: google.com
Address: 142.251.38.238
Name: google.com
Address: 2a00:1450:4017:801::200e
$ nslookup altinbas 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: altinbas.usman.com
Address: 23.236.62.147
8.8.8.8is Google's public DNS server. Passing a nameserver explicitly on the command line overrides whatever is set in/etc/resolv.conf— useful for testing resolution against a different DNS provider or diagnosing a local nameserver issue.
$ nslookup 142.251.38.238
238.38.251.142.in-addr.arpa name = lcsofb-ab-in-f14.1e100.net.
Authoritative answers can be found from:getent (get entries) fetches matching entries from the databases defined in /etc/nsswitch.conf. It respects the configured resolution order.
$ getent hosts google.com
2a00:1450:4017:801::200e google.com$ getent hosts 2a00:1450:4017:801::200e
2a00:1450:4017:801::200e lcsofb-ab-in-x0e.1e100.netNTP (Network Time Protocol) is a networking protocol for synchronizing the system clock with remote time servers for accuracy and reliability.
RHEL 10 implements NTP using Chrony. Chrony uses UDP over the well-known NTP port 123. It starts at system boot and continuously operates to keep the system clock in sync with a more accurate time source. Chrony performs well on systems that are intermittently connected to the network, operate on busy networks, do not run continuously, or experience temperature-related clock drift.
A time source is any reference device that provides time to other devices. The most precise sources are atomic clocks — they generate Coordinated Universal Time (UTC) via radio signals used by radio clocks and GPS systems for time propagation. When selecting a time source, preference should be given to the one with the lowest response time — not necessarily the closest physically.
Common time sources on computer networks:
Local system clock — can act as a time provider but has no way to synchronize itself with a more reliable external source. Least recommended option.
Public NTP servers — available over the Internet from government agencies, research organizations, and universities. The official ntp.org pool (pool.ntp.org) allows vendors and organizations to register their NTP servers voluntarily. Distribution-specific pools include rhel.pool.ntp.org and ubuntu.pool.ntp.org. Country and region-specific pools include ca.pool.ntp.org and oceania.pool.ntp.org. Each pool is accessed using enumerated hostnames such as 0.rhel.pool.ntp.org, 1.rhel.pool.ntp.org, 2.rhel.pool.ntp.org, and so on.
Radio clock — highly accurate, receives time updates directly from an atomic clock via GPS, WWVB, or DCF77 signals. Requires dedicated hardware.
| Role | Description |
|---|---|
| Primary server | Gets time from a time source and provides time to secondary servers or directly to clients |
| Secondary server | Receives time from a primary server and can furnish time to clients to offload the primary or for redundancy. Optional but highly recommended. |
| Peer | Reciprocates time with an NTP server at the same stratum level to improve accuracy and reliability |
| Client | Receives time from a primary or secondary server and adjusts its clock accordingly |
Time sources are categorized hierarchically into stratum levels based on their distance from reference clocks (atomic, radio, GPS). Reference clocks operate at stratum 0 — the most accurate, with little to no delay. There are 15 additional levels ranging from 1 to 15.
- Stratum 0 — atomic/radio/GPS clocks. Cannot be used on the network directly — attached to a computer which then operates at stratum 1.
- Stratum 1 — servers directly connected to stratum 0 clocks. Called time servers. Highly accurate.
- Stratum 2–15 — each level receives time from the level above. Accuracy decreases with distance.
In the
chronyc sourcesoutput, theStratumcolumn shows the stratum level of each configured source. A^*marker indicates the currently selected source.
The key configuration file for the Chrony service is chrony.conf located in the /etc directory. This file is referenced by the Chrony daemon at startup to determine the sources to synchronize the clock, the log file location, and other details.
$ cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
pool 2.rhel.pool.ntp.org iburst
# Use NTP servers from DHCP.
sourcedir /run/chrony-dhcp
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Require authentication (nts or key option) for all NTP sources.
#authselectmode require
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony
# Insert/delete leap seconds by slewing instead of stepping.
#leapsecmode slew
# Set the TAI-UTC offset of the system clock.
#leapseclist /usr/share/zoneinfo/leap-seconds.list
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics trackingExample configuration snippet:
driftfile /var/lib/chrony/drift
logdir /var/log/chrony
pool 0.rhel.pool.ntp.org iburst
pool 2.rhel.pool.ntp.org iburst
pool pool.ntp.org iburst
server server20s8.example.com iburst
server 127.127.1.0
peer prodntp1.abc.net
Directive reference:
| Directive | Description |
|---|---|
driftfile |
Location and name of the drift file — records the rate at which the system clock gains or loses time. Used by Chrony to maintain local clock accuracy. |
logdir |
Sets the directory where Chrony stores its log files |
pool |
Defines a hostname representing a pool of time servers. Chrony binds to one server in the pool and automatically switches to another if it fails. The iburst option sends the first four update requests every 2 seconds at startup to quickly bring the clock close to correct time. |
server |
Defines the hostname or IP of a single time server. 127.127.1.0 represents the local system clock — use only in isolated or fallback scenarios. |
peer |
Defines the hostname or IP of a time server at the same stratum level. A peer both provides and receives time — bidirectional exchange improves accuracy. |
$ sudo dnf install chrony
[sudo] password for blue:
Updating Subscription Management repositories.
Last metadata expiration check: 0:41:58 ago on Fri 22 May 2026 11:23:57 PM +03.
Package chrony-4.8-2.el10.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!$ grep -E "pool|server" /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
pool 2.rhel.pool.ntp.org iburst # --> there is public time server
# Use NTP servers from DHCP.$ sudo systemctl enable chronyd ; sudo systemctl start chronyd ; sudo systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: enabled)
Active: active (running) since Fri 2026-05-22 22:15:24 +03; 1h 53min ago
Invocation: eb367a63a4874396970dc7228dc4df35
Docs: man:chronyd(8)
man:chrony.conf(5)
Main PID: 1377 (chronyd)
Tasks: 1 (limit: 16494)
Memory: 4.3M (peak: 5.3M)
CPU: 79ms
CGroup: /system.slice/chronyd.service
└─1377 /usr/sbin/chronyd -n -F 2
May 22 22:15:24 Sky.Usman.O.Olanrewaju systemd[1]: Starting chronyd.service - NTP client/server...
May 22 22:15:24 Sky.Usman.O.Olanrewaju chronyd[1377]: chronyd version 4.8 starting (+CMDMON +REFCLOCK +RTC +PRIVDROP >
May 22 22:15:24 Sky.Usman.O.Olanrewaju chronyd[1377]: Frequency 3.936 +/- 0.189 ppm read from /var/lib/chrony/drift
May 22 22:15:24 Sky.Usman.O.Olanrewaju chronyd[1377]: Loaded seccomp filter (level 2)
May 22 22:15:24 Sky.Usman.O.Olanrewaju systemd[1]: Started chronyd.service - NTP client/server.
May 22 22:15:31 Sky.Usman.O.Olanrewaju chronyd[1377]: Selected source 162.159.200.123 (2.rhel.pool.ntp.org)
May 22 22:15:32 Sky.Usman.O.Olanrewaju chronyd[1377]: Selected source 62.12.173.11 (2.rhel.pool.ntp.org)
May 22 22:58:41 Sky.Usman.O.Olanrewaju chronyd[1377]: Selected source 162.159.200.123 (2.rhel.pool.ntp.org)$ chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ nixx.info 2 10 377 961 -1129us[-1129us] +/- 58ms
^+ ntp1.home4u.ch 1 10 377 650 +2188us[+2188us] +/- 30ms
^+ nice.stuff.is 2 10 377 956 -1815us[-1815us] +/- 69ms
^* time.cloudflare.com 3 10 377 25m -1860us[-1728us] +/- 25ms
^*marks the currently selected and active time source.^+marks acceptable candidates. TheStratumcolumn shows each server's stratum level.
$ chronyc tracking
Reference ID : A29FC87B (time.cloudflare.com)
Stratum : 4
Ref time (UTC) : Fri May 22 20:50:23 2026
System time : 0.000414131 seconds fast of NTP time
Last offset : +0.000132280 seconds
RMS offset : 0.000503307 seconds
Frequency : 3.741 ppm fast
Residual freq : +0.006 ppm
Skew : 0.289 ppm
Root delay : 0.046842948 seconds
Root dispersion : 0.003698958 seconds
Update interval : 1030.6 seconds
Leap status : Normal
man chrony.confandman chronyccover all available directives and commands.
$ timedatectl
Local time: Mon 2026-02-09 14:02:37 PST
Universal time: Mon 2026-02-09 22:02:37 UTC
RTC time: Mon 2026-02-09 22:02:37
Time zone: America/Los_Angeles (PST, -0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
$ date
Mon Feb 9 02:12:13 PM PST 2026setting date to 2027-12-07
$ timedatectl set-ntp false $ sudo timedatectl set-time 2027-12-07
[sudo] password for blue: $ timedatectl
Local time: Tue 2027-12-07 00:01:50 +03
Universal time: Mon 2027-12-06 21:01:50 UTC
RTC time: Mon 2027-12-06 21:01:51
Time zone: Europe/Istanbul (+03, +0300)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: nowith Date:
$ date
Tue Dec 7 12:02:34 AM +03 2027$ timedatectl set-ntp true$ timedatectl
Local time: Sat 2026-05-23 00:34:09 +03
Universal time: Fri 2026-05-22 21:34:09 UTC
RTC time: Fri 2026-05-22 21:34:09
Time zone: Europe/Istanbul (+03, +0300)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
$ timedatectl list-timezones | grep New
America/New_York
America/North_Dakota/New_Salem
Canada/Newfoundland$ sudo timedatectl set-timezone America/North_Dakota/New_Salem$ timedatectl
Local time: Mon 2026-02-09 16:26:36 CST
Universal time: Mon 2026-02-09 22:26:36 UTC
RTC time: Mon 2026-02-09 22:26:36
Time zone: America/North_Dakota/New_Salem (CST, -0600)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
$ date
Mon Feb 9 04:30:01 PM CST 2026
$ sudo vi /etc/chrony.conf
[sudo] password for blue: Comment out the existing pool and add a local server entry:
#pool 2.rhel.pool.ntp.org iburst # --> disabled public pool
server 127.127.1.0 iburst # --> local system clock fallback
$ sudo systemctl restart chronyd$ chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 127.127.1.0 0 6 0 - +0ns[ +0ns] +/- 0ns$ chronyc tracking
Reference ID : 00000000 ()
Stratum : 0
Ref time (UTC) : Thu Jan 01 00:00:00 1970
System time : 0.000000001 seconds slow of NTP time
Last offset : +0.000000000 seconds
RMS offset : 0.000000000 seconds
Frequency : 89.296 ppm fast
Residual freq : +0.000 ppm
Skew : 0.000 ppm
Root delay : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status : Not synchronised
Stratum 0andReference ID: 00000000confirm the system is not synchronized — expected when using127.127.1.0with no external reference. This state is shown here for documentation purposes. Restore the public pool entries in production.
The hosts line in /etc/nsswitch.conf controls resolution order. The default files dns myhostname means /etc/hosts is checked before DNS. A hostname in /etc/hosts always wins over DNS for that entry.
All three query DNS but have different output formats. dig gives the most detail and is preferred for troubleshooting. host is concise. nslookup is cross-platform and widely recognized in network environments.
127.127.1.0 has no external reference. It drifts without correction and is only appropriate as a fallback in isolated environments where no external NTP is available.
Without iburst, Chrony sends one request every poll interval at startup — which can take minutes to synchronize. With iburst, it sends four rapid requests every 2 seconds at startup, bringing the clock into sync within seconds.
timedatectl set-time will fail if NTP is active. Always run timedatectl set-ntp false first, make the change, then re-enable with timedatectl set-ntp true.
| Task | Command |
|---|---|
| DNS forward lookup | dig <hostname> |
| DNS reverse lookup | dig -x <IP> |
| Simple forward lookup | host <hostname> |
| Verbose lookup (dig-style) | host -v <hostname> |
| nslookup forward | nslookup <hostname> |
| getent forward lookup | getent hosts <hostname> |
| Check current time/timezone | timedatectl |
| List timezones | timedatectl list-timezones |
| Set timezone | sudo timedatectl set-timezone <zone> |
| Disable NTP | timedatectl set-ntp false |
| Enable NTP | timedatectl set-ntp true |
| Set time manually | sudo timedatectl set-time <YYYY-MM-DD> |
| Install Chrony | sudo dnf install chrony |
| Enable and start Chrony | sudo systemctl enable --now chronyd |
| Check Chrony sources | chronyc sources |
| Check Chrony tracking | chronyc tracking |
| Restart Chrony | sudo systemctl restart chronyd |
| View resolver config | cat /etc/resolv.conf |
| View NSS config | cat /etc/nsswitch.conf |
| View Chrony config | cat /etc/chrony.conf |