Re: How *not* to concatenate my domain name?
On Sun, 9 Nov 2014 04:32:22 +0000 (UTC)
Hendrik Boom <hendrik@topoi.pooq.com> wrote:
> On Sat, 08 Nov 2014 20:05:05 +0000, Joe wrote:
>
> > On Sat, 8 Nov 2014 18:49:50 +0000 (UTC)
> > Hendrik Boom <hendrik@topoi.pooq.com> wrote:
> >
> >> When I do a web search from my laptop, connected via wifi to my
> >> server and then too the rest of the world, if it for any reason
> >> fails to find, say, aspidistraonion.com, it ends up giving me the
> >> IP number of my own server, and thus the wrong web page.
> >>
> >> This can happen because of a temporary network problem, and if I'm
> >> using chrome, it puts the wrong IP number into its own DNS cache,
> >> and the cache remains poisoned for a long time. (anyone know how
> >> to remove things from the chrome's DNS cache, by the way?)
> >>
> >> Now I suspect the cause is that my DNS lookup
> >> appends .topoi.pooq.com to every unsuccessful search, in case I'm
> >> looking for something on my LAN. And then it does find
> >> 69.165.131.134, which is the externally known gateway IP number
> >> for everything on the LAN. (let the server figure out where the
> >> packet really goes).
> >>
> >> I suspect this dates back to installation time, when I was
> >> separately asked for the machine's name (notlookedfor) and the
> >> domain name (topoi.pooq.com), presumably so it could set up this
> >> alleged convenience.
> >> Is there any way to get my local DNS lookup *not* to append the
> >> wider domain name to anything (or, at least, to anything already
> >> containing a dot)?
> >>
> >> I'm running a jessie system with systemv init and systemd-shim, in
> >> case it matters.
> >>
> >> -- hendrik
> >>
> >>
> >
> > My /etc/resolv.conf files always contain a search domain name, and
> > I've never seen a DNS failure try to append it to anything but a
> > hostname.
> >
> > I ask because an increasing number of routers, particularly those
> > supplied by ISPs, are now taking it upon themselves to take some
> > kind of action of their own if a DNS lookup fails, instead of
> > passing on the authoritative DNS server's failure message as they
> > should, so your browser can tell you what really happened. It may
> > not be your laptop which is causing the problem.
>
> I appear to be using Google's DNS.
>
> hendrik@notlookedfor:~$ cat /etc/resolv.conf
> domain topoi.pooq.com
> search topoi.pooq.com
> nameserver 8.8.8.8
> nameserver 8.8.4.4
> hendrik@notlookedfor:~$
>
> As far as I know, I've let Debian install its preferred packages for
> DNS lookup, and haven't interfered with it. The system has been
> continually upgraded as testing since the days of wheezy, and
> possibly earlier.
>
I have a feeling it is your own domain host which is responsible for
this problem. It has become customary for authoritative DNS servers to
return the IP address for the www A record if queried for the bare
domain name, which isn't right but which many people find convenient.
It would appear that your domain host goes one step further, and the
same IP address is returned for a ping to anything at all with your
domain suffix. This certainly isn't right, but may be beyond your
ability to prevent. It's worth a look on your domain host's web control
panel for DNS, to see if there's a 'catch-all' option which can be
turned off. If you can do this, don't forget that DNS servers such as
Google's will cache the old values for a time.
If not, all I can suggest is that you set invalid domain names in your
resolv.conf for search and domain, and hope that something clever on
your system doesn't reset them. Mucking about with /etc/resolv.conf is
not at all unusual, especially with VPN or wi-fi involved. It doesn't
appear possible to prevent these values being used as suffixes in DNS
lookups, even to already fully qualified hostnames.
--
Joe
Reply to: