Date: Sun, 24 Aug 1997 12:54:02 +0100 From: Brian Somers <brian@awfulhak.org> To: Mike Smith <mike@smith.net.au> Cc: Brian Somers <brian@awfulhak.org>, freebsd-hackers@FreeBSD.ORG Subject: Re: Broken resolver/named Message-ID: <199708241154.MAA00755@awfulhak.org> In-Reply-To: Your message of "Sun, 24 Aug 1997 12:30:55 %2B0930." <199708240300.MAA00846@word.smith.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> >
> > I have a bit of a problem - that I can only put down to being the
> > fault of either the resolver library or named.
>
> Neither.
>
> > My /etc/resolv.conf says (in 2.2.2 & -current):
> >
> > domain lan.awfulhak.org
>
> Have you read the resolver documentation on what this means?
>From resolver(3):
RES_DEFNAMES If set, res_search() will append the default domain name to
single-component names (those that do not contain a dot).
This option is enabled by default.
RES_DNSRCH If this option is set, res_search() will search for host
names in the current domain and in parent domains; see
hostname(7). This is used by the standard host lookup rou-
tine gethostbyname(3). This option is enabled by default.
This means to me that with "domain lan.awfulhak.org", a lookup of
``x'' results in a query of x.lan.awfulhak.org, x.awfulhak.org and
x.org and with "search lan.awfulhak.org", I get one lookup of
x.lan.awfulhak.org.
Both result in a lookup of ``x.lan.awfulhak.org'' then ``x''.
> > If I try to resolve an unqualified name that doesn't exist (such as
> > ``x''), the resolver sends two DNS queries (because the first fails).
> > The first query is for ``x.lan.awfulhak.org'', and when that fails,
> > it sends a query for ``x''. The resolver then says "Dunno who ``x''
> > is, I'll ask someone else.....".
> >
> > This is a bit of a dumb thing to do (I'm on a dial-up to real life).....
>
> It is, however, the _correct_ thing to do. If you don't want to dial
> to resolve names, use the dfilter stuff in user-mode ppp (do I need to
> tell *you* this?)
This is not the problem. My problem is that a WindowsNT box is
trying to resolve some dumb name, and sits there with its finger up
its a*s while the DNS times out. Good old Microslop^H^H^Hoft.
> > There is a compile-time option for named called "LOCALDOM" that
> > allows you to say "domain lan.awfulhak.org" in named.boot, and have
> > the second query answered with "dunno" immediately, but according to
> > named, only broken resolvers send unqualified names to the DNS.
>
> I don't understand how this would be useful. If you say "x", and "x"
> is not a local name, you _must_ consult someone else to determine if
> it's a valid name at all. How else are you supposed to know one way or
> the other?
So I send a query to my forwarder that asks for "x", and it looks it
up ? What's it likely to find ? The worst case would be
``x.demon.co.uk'' (my ISP's domain) which is dumb (and why named
disables the LOCALDOM stuff by default). The normal case would be
the generation of a load of useless DNS traffic.
> If you never want to consult an outside nameserver, disable your
> forwarders; this is pretty dumb though.
I do want to talk to real DNSs, but not for mis-typed names.
> > IMHO, the resolver shouldn't be sending the second query. Should I
> > look at fixing the resolver ?
>
> There's nothing there needs fixing, AFAICT.
Well, if anything, the "domain ..." isn't behaving - it should try
x.lan.awfulhak.org, x.awfulhak.org and x.org. I also suggest that
"search ..." is broken either in a similar way or because it should
behave as I originally suggested.
> mike
>
--
Brian <brian@awfulhak.org>, <brian@freebsd.org>
<http://www.awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708241154.MAA00755>