Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
On Wed, Dec 21, 2005 at 10:42:03AM -0800, Edward Buck wrote:
> On the first point, I (and thus my company) use search lines in
> combination with LAN-only DNS subdomains for internal address
> management. It allows us to use internal IP addresses for hosts without
> fiddling with /etc/hosts. All our host subdomains are managed in DNS.
> A LOT of scripts, i.e. for backup, rsync, load balancing, use short
> hostnames that get their address information from internal DNS zones, a
> process that depends on the search functionality in /etc/resolv.conf.
My personal opinion is that this is wrong, and now you are trying to
paper over an initial design flaw. Should you had a policy to always use
full host names everywhere, you'd not have this problem now. In my
experience relying on lookup service configuration is never good.
> To give you an idea of impact, I was recently greeted with an e-mail
> from a DNS service provider that I use saying that I was getting close
> to my query quota. It surprised me that I got this e-mail because I was
> never close to hitting the quota before. It turns out that 90% of the
> queries were coming from 1 server where I unwittingly added the domain
> to the search path!
Well, resolv.conf(5) says about search lines that they "will generate a
lot of network traffic if the servers for the listed domains are
not local". You should not add a search line for a domain not server by
a local name server. In most cases this can be solved by installing a
local caching-only name server.
> On the subject of work-arounds, I'm not having much luck finding one
> without recompiling glibc, which is not a good option IMO. If anyone
> has any ideas on this, please let me know.
Did you try "apt-get install bind9" and putting "nameserver 127.0.0.1"
in /etc/resolv.conf? You can also try lwresd & libnss-lwres if you need
something smaller, or djbdns if you like its author :-)
This may reduce your DNS traffic even more than changing the lookup
order in glibc would. Of course you have to pay with some memory and a
little CPU usage.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences,
Laboratory of Parallel and Distributed Systems
Address : H-1132 Budapest Victor Hugo u. 18-22. Hungary
Phone/Fax : +36 1 329-78-64 (secretary)
W3 : http://www.lpds.sztaki.hu
---------------------------------------------------------
Reply to: