Force failed DNS lookup to search my local domain?
Will Yardley
you at aredumb.com
Sat Jan 25 08:15:55 UTC 2003
In article <b0scs4$9jmv$1 at isrv4.isc.org>, Kevin Darcy wrote:
> Will Yardley wrote:
>>In article <b0qic1$8b26$1 at isrv4.isc.org>, Mark_Andrews at isc.org wrote:
>>> Secondly it is usually a BAD idea to have a wildcard in a search
>>> list. It tends to have unexpected consequences.
>> I have heard a few people say this... however, having a search list
>> can also be a *big* time saver. Typing in the FQDN each time you
>> connect somewhere can be quite time-consuming, as well as monotonous.
My mistake - I misread Mark's comment... sorry Mark. I was mostly
thinking of your [Kevin] posts on the subject.
> Mark wasn't eschewing searchlists altogether, only the practice of
> having a wildcard in a search list.
>
> I, on the other hand, eschew searchlists altogether. They waste DNS
> resources, increase resolution time, and can be a security problem
> (because you might accidentally connect to foo.untrusted.example.com
> instead of foo.trusted.example.com, and have your password stolen).
>
> Your argument is basically the same old "too much typing" argument
> that I've been hearing for years. My stock response: for commonly
> accessed resources, one should have a profile, a bookmark, a portal or
> something like that; actually typing the name of a host in order to
> connect to it should be a relatively rare event.
This requires maintaining some sort of list of hosts. In my case, I'd
consider all hosts "trusted" for the most part, and in any event there
are only one or two hostnames that are duplicated in the various names
in my search path.
I'm not saying that search paths are always a good idea, but I don't
think they're always a bad idea either.
Typing 'ssh ladd' is a lot quicker than typing 'ssh
ladd.hq.newdream.net' (even factoring in the small amount of time it
takes for the resolver to figure out what I mean). I suppose I could
maintain some sort of alias for each host, but that seems like somewhat
of a pain to maintain. Also, I often forget which subdomain a particular
host is in, so having most of the possible subdomains in my search path
means I don't have to remember.
And yes - the reason I like search paths is 100% because I am lazy. :>
I've found that even with a full (6 domains) search path, I rarely
notice any sort of perceptible delay in name resolution because of
it.... and any delay is more than made up for by the time I save in not
typing out the FQDN.
--
No copies, please.
To reply privately, simply reply; don't remove anything.
More information about the bind-users
mailing list