Force failed DNS lookup to search my local domain?

Kevin Darcy kcd at daimlerchrysler.com
Fri Jan 24 21:54:23 UTC 2003


Will Yardley wrote:

>In article <b0qic1$8b26$1 at isrv4.isc.org>, Mark_Andrews at isc.org wrote:
>
>  
>
>>Secondly it is usually a BAD idea to have a wildcard in a search list.
>>It tends to have unexpected consequences.
>>    
>>
>
>I have heard a few people say this... however, having a search list can
>also be a *big* time saver. Typing in the FQDN each time you connect
>somewhere can be quite time-consuming, as well as monotonous.
>
Mark wasn't eschewing searchlists altogether, only the practice of 
having a wildcard in a search list.

I, on the other hand, eschew searchlists altogether. They waste DNS 
resources, increase resolution time, and can be a security problem 
(because you might accidentally connect to foo.untrusted.example.com 
instead of foo.trusted.example.com, and have your password stolen).

Your argument is basically the same old "too much typing" argument that 
I've been hearing for years. My stock response: for commonly accessed 
resources, one should have a profile, a bookmark, a portal or something 
like that; actually typing the name of a host in order to connect to it 
should be a relatively rare event.

                                                                        
                                                - Kevin

>  
>




More information about the bind-users mailing list