From owner-freebsd-hackers Sun Aug 24 04:54:49 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id EAA29035 for hackers-outgoing; Sun, 24 Aug 1997 04:54:49 -0700 (PDT) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA29029 for ; Sun, 24 Aug 1997 04:54:44 -0700 (PDT) Received: from awfulhak.org (dev.lan.awfulhak.org [10.0.1.5]) by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id MAA00210; Sun, 24 Aug 1997 12:54:03 +0100 (BST) Received: from dev.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.org (8.8.7/8.8.6) with ESMTP id MAA00755; Sun, 24 Aug 1997 12:54:02 +0100 (BST) Message-Id: <199708241154.MAA00755@awfulhak.org> X-Mailer: exmh version 2.0zeta 7/24/97 To: Mike Smith cc: Brian Somers , freebsd-hackers@FreeBSD.ORG Subject: Re: Broken resolver/named In-reply-to: Your message of "Sun, 24 Aug 1997 12:30:55 +0930." <199708240300.MAA00846@word.smith.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 24 Aug 1997 12:54:02 +0100 From: Brian Somers Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > > I have a bit of a problem - that I can only put down to being the > > fault of either the resolver library or named. > > Neither. > > > My /etc/resolv.conf says (in 2.2.2 & -current): > > > > domain lan.awfulhak.org > > Have you read the resolver documentation on what this means? >From resolver(3): RES_DEFNAMES If set, res_search() will append the default domain name to single-component names (those that do not contain a dot). This option is enabled by default. RES_DNSRCH If this option is set, res_search() will search for host names in the current domain and in parent domains; see hostname(7). This is used by the standard host lookup rou- tine gethostbyname(3). This option is enabled by default. This means to me that with "domain lan.awfulhak.org", a lookup of ``x'' results in a query of x.lan.awfulhak.org, x.awfulhak.org and x.org and with "search lan.awfulhak.org", I get one lookup of x.lan.awfulhak.org. Both result in a lookup of ``x.lan.awfulhak.org'' then ``x''. > > If I try to resolve an unqualified name that doesn't exist (such as > > ``x''), the resolver sends two DNS queries (because the first fails). > > The first query is for ``x.lan.awfulhak.org'', and when that fails, > > it sends a query for ``x''. The resolver then says "Dunno who ``x'' > > is, I'll ask someone else.....". > > > > This is a bit of a dumb thing to do (I'm on a dial-up to real life)..... > > It is, however, the _correct_ thing to do. If you don't want to dial > to resolve names, use the dfilter stuff in user-mode ppp (do I need to > tell *you* this?) This is not the problem. My problem is that a WindowsNT box is trying to resolve some dumb name, and sits there with its finger up its a*s while the DNS times out. Good old Microslop^H^H^Hoft. > > There is a compile-time option for named called "LOCALDOM" that > > allows you to say "domain lan.awfulhak.org" in named.boot, and have > > the second query answered with "dunno" immediately, but according to > > named, only broken resolvers send unqualified names to the DNS. > > I don't understand how this would be useful. If you say "x", and "x" > is not a local name, you _must_ consult someone else to determine if > it's a valid name at all. How else are you supposed to know one way or > the other? So I send a query to my forwarder that asks for "x", and it looks it up ? What's it likely to find ? The worst case would be ``x.demon.co.uk'' (my ISP's domain) which is dumb (and why named disables the LOCALDOM stuff by default). The normal case would be the generation of a load of useless DNS traffic. > If you never want to consult an outside nameserver, disable your > forwarders; this is pretty dumb though. I do want to talk to real DNSs, but not for mis-typed names. > > IMHO, the resolver shouldn't be sending the second query. Should I > > look at fixing the resolver ? > > There's nothing there needs fixing, AFAICT. Well, if anything, the "domain ..." isn't behaving - it should try x.lan.awfulhak.org, x.awfulhak.org and x.org. I also suggest that "search ..." is broken either in a similar way or because it should behave as I originally suggested. > mike > -- Brian , Don't _EVER_ lose your sense of humour....