nslookup domain search order

Bob Vance bobvance at alumni.caltech.edu
Wed Sep 27 15:37:22 UTC 2000


>Oh, and I don't think I've been hard enough on nslookup.

No.  As I said, you've been too hard.


>Sorry, but this is just wrong.
In your NSHO -- and I still disagree with you.


>First of all, your resolvers may be causing wasteful lookups to the
>root servers for "mailx.".

*may* ?  I would consider this a bug, or, at a minimum, a design flaw.
But that is no reason to deprecate the entire philosophy.


>you assume your users have access to have a host called mailx in every
>domain that is an SMTP mail server.

Absolutely -- I control the clients and the domains.


> [What about roving users with laptops?]

Just like in all things, one solution is not applicable to all
situations.  But if he can only be in domains that I control, then it
works there as well.  If not, that's just one client to "fix".


>Thirdly, you assume that the resolver code never deviates from the
>current sloppy behaviour you're relying on to append a default domain
>name.

No, I do not.
You're already at the mercy of the vendor's resolver code, and I pointed
out that you should always use the vendor's 'nslookup'.
If there is a bug, well, just as with every other piece of non-trivial
software, (except, apparently, 'dig', as far as you're concerned), bugs
occur and should be fixed -- as well as design flaws


>Why a bill payment package needs to mess with the system's TCP/IP stack
>is a mystery. So what might happen to the resolver whenever a user
>upgrades Word (say) or installs a new game?

What in the world does this have to do with the discussion at hand?
Sure.  And a prog could -- and many have -- replace a *.dll anywhere and
cause problems.  But that is an issue that should be resolved (no pun
intended) and not just arbitrarily say that the entire program is trash
and useless because of this bug.


>You'd feel differently if you ran a name server that was on the
>receiving end from hundreds of thousands (millions?) of these idiot
>lookups every day.

Again, one solution doesn't work everywhere, and I stated in the
original post
   "Personally, I find this very useful for internal use.
     ...
    With a large number of servers and domains you certainly have
    diminishing returns, but that doesn't mean it's totally useless.
   "


>You seem to be favouring sloppiness and laziness -
>supposedly for (dubious) convenience - at the expense of needless load
>on the root servers and the WAN.

This is such a giant and invalid leap -- and you know that it is not the
case.
I promote elegance, portability, and ease of maintenance -- in
everything, not just computer crap.

And, besides whoever said "laziness" is a bad thing -- it causes some of
us to look for better and more efficient ways of doing things.


So, you can continue to wear out your keyboard and modify every mail
client.
I'll continue to use 'nslookup' (and 'dig'), search, and "mailx",
and happily type

    'ssh bobv'

instead of
    'ssh bobv.lab.internal.atl.sbm.com.'


I don't know how the tone of this response will appear, but it was
intended as cordial and non-belligerent.
However, I was concerned by your statement
   "You seem to be favouring sloppiness ...
   "
I can't, of course, gauge your mind or tone in that remark, but I assume
that you meant it in a kinder and gentler way than it sounded on first
reading.


-----------------------------------------------
Tks          |  BVance at sbm.com
BV           |  BobVance at alumni.caltech.edu
Sr. Tech. Consultant,    SBM
Vox 770-623-3430         11455 Lakefield Dr.
Fax 770-623-3429         Duluth, GA 30097-1511
===============================================

-----Original Message-----
From: Jim Reid [mailto:jim at rfc1035.com]
Sent: Wednesday, September 27, 2000 8:39 AM
To: bobvance at alumni.caltech.edu
Cc: bind-users at isc.org
Subject: Re: nslookup domain search order 


>>>>> "Bob" == Bob Vance <bobvance at alumni.caltech.edu> writes:

    Bob> I think that you're way too hard on 'nslookup'.  But then
    Bob> again, IIRC, you also enjoy typing FQDNs for everything, and
    Bob> deprecate the use of "search" :)

Indeed. And with good reasons that have been explained here many times
before. Oh, and I don't think I've been hard enough on nslookup.

    Bob> 'nslookup' is simply trying to emulate this behavior of the
    Bob> resolver library, which is why you should use the vendor's
    Bob> version that corresponds to the resolver lib that your
    Bob> programs are using.

That's all very well, but how can anyone know *for sure* that nslookup
uses the same resolver code as the system's library?

    Bob> Personally, I find this very useful for internal use.  I can
    Bob> configure a Win95 client to use "mailx" for the SMTP relay,
    Bob> for example, and it will still work when I move it to another
    Bob> sub-domain without re-configuring the mail client (assuming
    Bob> that I have configured the requisite servers and DNS
    Bob> properly).

Sorry, but this is just wrong. First of all, your resolvers may be
causing wasteful lookups to the root servers for "mailx.". That sort
of behaviour is evil. [It also accounts for ~90% of the thousands of
lookups per second that the root servers get.] Secondly, you assume
your users have access to have a host called mailx in every domain
that is an SMTP mail server. [What about roving users with laptops?]
And that mail server will always accept mail from the user's PC no
matter what domain that PC thinks it's in. Thirdly, you assume that
the resolver code never deviates from the current sloppy behaviour
you're relying on to append a default domain name. Or walk up the
domain name. This is a big problem with PCs in particular because all
sorts of application software likes to diddle with the system software
- installing drivers, replacing kernel code, etc - or fiddle with
registry settings when you install it. For instance, I have heard of
Quicken nuking a secure TCP/IP stack because it silently replaced one
module of the system's TCP/IP code. Why a bill payment package needs
to mess with the system's TCP/IP stack is a mystery. So what might
happen to the resolver whenever a user upgrades Word (say) or installs
a new game?

You'd feel differently if you ran a name server that was on the
receiving end from hundreds of thousands (millions?) of these idiot
lookups every day. You seem to be favouring sloppiness and laziness -
supposedly for (dubious) convenience - at the expense of needless load
on the root servers and the WAN. Maybe you should see what happens to
local lookups if you lose your external connectivity and all those
queries to the root servers for "mailx." time out?

    Bob> BTW, what "modern" resolver code are you referring to that
    Bob> doesn't allow this?  

The BIND8 resolver. It almost always looks up the name as-is. It does
the right thing.

    Bob> I still consider Win98, NT4, and HP-UX 11.00 fairly modern.

Isn't HPUX11 the OS that shipped with the long-dead BIND4?




More information about the bind-users mailing list