Resolving without TLD
tmaestas at dnsconsultants.com
Mon Oct 22 16:54:57 UTC 2001
The resolver on the client machine will append it's default
dns domain to any unqualified lookups. Hence, if your domain
is foo.com, a lookup for "smtnet" will end up trying "smtnet."
and then, if that is unsuccessful, "smtnet.foo.com", and then
any domains the client machine has configured in the domain
suffix search lists (on a windows box), or under the search
directive in the resolv.conf (on a unix box).
On 22 Oct 2001, adam brower wrote:
> I sincerely hope I have chosen the correct NG for this question.
> Background: when Northpoint went in the tank and some customers were
> transferred to Telocity, I was trying to go to the Northpoint website
> for news. Without autocomplete on, I typed just "northpoint" in the
> address bar on IE. Lo and behold, I wound up at an unsecured database
> front end (url: http://northpoint/) being run by Telocity, with all
> the customers' data on display: cc numbers, addresses, etc! After a
> quick call to a friend at the Telocity noc, they frantically closed
> the security hole. I never got around to asking how "northpoint"
> (*without* any tld...not "northpoint.com") could resolve to an IP! Now
> the issue has arisen again. A client owns "smtnet.com" but finds that
> just "smtnet" resolves to a competitor's site.
> How is this done? I will happily read and swallow all "flames for
> newbies" if just one person will at least point me in the right
> direction to solve this.
More information about the bind-users