Internal clients' queries for "myhostname." get sent to forwarders. Why?
Mark Andrews
marka at isc.org
Wed Mar 12 21:51:39 UTC 2014
The search algorithms in libresolve/libbind are a compromise.
If I had my way, back when libresolv was updated for RFC 1535,
support for partially qualified domain names would have died. ndots
was the compromise. Searches would have only continued on NXDOMAIN
and unqualified names would not have been tried against the root.
There were obvious security and information leakage issues with
partially qualified names. So to with continuing searches on NODATA
and SERVFAIL.
I have been setting hostname to the fully qualified value for the
last 20 years or so. The worked on almost all platforms but some
needed tweaking to remove assumptions that a hostname was a single
label. Also whenever a hostname is added to a configuration file
/ script the fully qualified version is used.
I killed searching in the local sendmail configurations and forced
everyone to use fully qualified names in mail. This reduced problems
once people got used to it.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list