[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf

On Wed, Dec 21, 2005 at 10:42:03AM -0800, Edward Buck wrote:

> On the first point, I (and thus my company) use search lines in
> combination with LAN-only DNS subdomains for internal address
> management.  It allows us to use internal IP addresses for hosts without
> fiddling with /etc/hosts.  All our host subdomains are managed in DNS.
> A LOT of scripts, i.e. for backup, rsync, load balancing, use short
> hostnames that get their address information from internal DNS zones, a
> process that depends on the search functionality in /etc/resolv.conf.

My personal opinion is that this is wrong, and now you are trying to
paper over an initial design flaw. Should you had a policy to always use
full host names everywhere, you'd not have this problem now. In my
experience relying on lookup service configuration is never good.

> To give you an idea of impact, I was recently greeted with an e-mail
> from a DNS service provider that I use saying that I was getting close
> to my query quota.  It surprised me that I got this e-mail because I was
> never close to hitting the quota before.  It turns out that 90% of the
> queries were coming from 1 server where I unwittingly added the domain
> to the search path!

Well, resolv.conf(5) says about search lines that they "will generate  a
lot  of  network  traffic  if  the  servers for the listed domains are
not local". You should not add a search line for a domain not server by
a local name server. In most cases this can be solved by installing a
local caching-only name server.

> On the subject of work-arounds, I'm not having much luck finding one
> without recompiling glibc, which is not a good option IMO.  If anyone
> has any ideas on this, please let me know.

Did you try "apt-get install bind9" and putting "nameserver 127.0.0.1"
in /etc/resolv.conf? You can also try lwresd & libnss-lwres if you need
something smaller, or djbdns if you like its author :-)

This may reduce your DNS traffic even more than changing the lookup
order in glibc would. Of course you have to pay with some memory and a
little CPU usage.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences,
     Laboratory of Parallel and Distributed Systems
     Address   : H-1132 Budapest Victor Hugo u. 18-22. Hungary
     Phone/Fax : +36 1 329-78-64 (secretary)
     W3        : http://www.lpds.sztaki.hu
     ---------------------------------------------------------
Reply to: