[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DNS Resolution and Short Names with Dots

Hi -

I've been running into somewhat inconsistent behavior with DNS short
name resolution in Debian across a few systems.

Here's the behavior that I've occasionally relied on over the years:

% cat /etc/resolv.conf
search example.com
nameserver 192.0.2.10
% host foo.bar.baz.example.com.
foo.bar.baz.example.com has address 192.0.2.1
foo.bar.baz.example.com has IPv6 address 2001:db8::1
% host foo.bar.baz
foo.bar.baz.example.com has address 192.0.2.1
foo.bar.baz.example.com has IPv6 address 2001:db8::1

Basically, I expect the search suffix to always be appended to the label
unless a trailing "." (ie, fully-qualified) is the last character.

I don't know if it was a glibc upgrade or something else but on a few of
my Debian systems (combination of i386 and x86_64) I now cannot resolve
any short names that have a dot in them.  So, the above example now
returns:

% cat /etc/resolv.conf
search example.com
nameserver 192.0.2.10
% host foo.bar.baz.example.com.
foo.bar.baz.example.com has address 192.0.2.1
foo.bar.baz.example.com has IPv6 address 2001:db8::1
% host foo.bar.baz
Host foo.bar.baz not found: 3(NXDOMAIN)

However, something this will still succeed:

% host www
www.example.com has address 192.0.2.2
www.example.com has IPv6 address 2001:db8::2

Running tcpdump and filtering on port 53 confirms what I'm seeing
above—the resolver just isn't appending the search prefix to names with
a dot in them.

I've run into this issue on Mac OS X and Windows and in each case there
were [possibly hacky] tweaks to restore the legacy behavior.

I don't use these short names too often so I can't pinpoint when this
broke or what I upgraded to change this behavior.  I don't use any
DNS-related options in /etc/network/interfaces and I don't have
mDNSResponder or any local caching resolver running.

I realize that using short names in this fashion may be not the best
thing to do anymore considering recent ICANN policies and the plethora
of new TLDs.  However, I'd like to still have the option to enable this
behavior.

Any ideas?

Thanks!

- Mark

-- 
Mark Kamichoff
prox@prolixium.com
http://www.prolixium.com/

Attachment: signature.asc
Description: Digital signature

Reply to: