Does resolver always append domain ?

Kevin Darcy kcd at daimlerchrysler.com
Wed Sep 13 23:36:17 UTC 2000 

This is one of the reasons why it's good to get into the habit of always
using fully-qualified names.

What's happening is that "xy", which I'm assuming doesn't exist in the
"mydomain.de" zone, is eventually being queried as an
*absolute* unqualified name, which is considered external, hence the
dial-on-demand connection.

Workarounds? The only 2 which immediately come to mind are both ugly:

1) Switch your nameserver configuration via some sort of script whenever
you connect or disconnect -- the "disconnected" configuration would have
a synchronized copy of the Internet root zone. If a query like
"xy" comes to your nameserver while in disconnected mode, it'll know --
because it has all of the Internet TLD delegations -- that this doesn't
belong in any real TLD like "com" or "de", and it will simply tell the
client it doesn't exist, without initiating a connection. Note that this
*won't* work for unqualified names which happen to be TLDs. If you
mistyped "xy" as "sy", for instance, that happens to be a valid TLD, so
an external query will still be made. And "sy" also happens to have an
A record, so you'll end up trying to connect to the wrong host, probably
in some other part of the world. Yuck!

2) Set up a search list with a bogus domain at the end, e.g. "invalid".
Configure this domain as a master zone on your nameserver with a
wildcard A entry in it, pointing to some local-but-non-existent
IP address. Therefore, "xy" will be resolved as, e.g., "xy.invalid"
without bringing up your connection for a DNS query, but the connection
to "xy.invalid" will fail. This is *incredibly* ugly, though: for one
thing, it'll break any application which makes a distinction between an
unknown and an unreachable host...


- Kevin


ks_7359 at my-deja.com wrote:

> I have the following problem:
>
> My linux box is used as an internet router using
> masquerading. I have set up a nameserver for my
> own domain mydomain.de. Also i have a forwarder
> in my named.conf for all domains except
> mydomain.de. So typing www.xy.com in any browser
> window the nameserver wants to contact the
> forwarder and is initiating the dial on demand
> connection to the isp. This works fine. But when
> i type
> ping xy
> at my linux box the connection will be
> established as well. Here is my resolv.conf:
> domain mydomain.de
> nameserver ip.of.the.linuxbox
> A ping xy.mydomain.de returns unknown host.
> How can i configure the resolver NOT to append
> the domain to unqualified names.
>
> Sascha Killinger
> mailto:killinger.sascha at gmx.de
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.

More information about the bind-users mailing list