On 07/06/2022 17:53, Greg Wooledge wrote:
I've wondered about that in the past. Is this maybe a bug in the application, then (I admit that it'll be a widespread bug if so). To my knowledge, DNS domains support "relative" names (e.g. "www.example.com") as well as "absolute" names (e.g. "www.example.com." - with the trailing dot). Should applications be querying for hostnames with the trailing dot and, if so, would that prevent the resolver from trying to append the search domains?On Tue, Jun 07, 2022 at 11:22:34AM -0400, Dan Ritter wrote:search Search list for host-name lookup. By default, the search [...] This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found.I've read this paragraph a few times, and as far as I can tell, it's simply wrong. If you go down farther in the page and look at: ndots:n Sets a threshold for the number of dots which must appear in a name given to res_query(3) (see resolver(3)) before an initial absolute query will be made. The default for n is 1, meaning that if there are any dots in a name, the name will be tried first as an absolute name before any search list elements are appended to it. The value for this option is silently capped to 15. This one says that it simply determines whether the name will be tried as is *before* appending the search domain(s) to it, or whether it just skips straight to appending the search domains. My experience, and the OP's experience, suggests that the description in the ndots paragraph is correct, and the description in the search paragraph is not. To the best of my knowledge, there isn't any setting to *prevent* the appending of search domains to a name, no matter how many dots you put in the name.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature