Change in behaviour regarding ndots and searchlist
JLightner at dsservices.com
Mon Sep 15 14:04:13 UTC 2014
While the final dot has been required within zone files to prevent unwanted appendages to records it has NOT been required by tools such as host and nslookup on either Windows or Linux/UNIX which routinely use "search" domains. As I noted this is something that seems to have changed recently. It doesn't happen for every record either so we're just now looking into what has changed and as stated I suspect it is the new Windows Domain Controllers recently installed.
The article I mentioned posted last week does suggest that using short names is a bad idea now due to the new plethora of TLDs and the bleed over but that doesn't mean it never worked. The article says that what made short names work in the past was platform dependent so really wasn't a good idea even for internal systems. Despite that it IS the way many people have run their environments for years.
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Sebastian Wiesinger
Sent: Monday, September 15, 2014 9:50 AM
To: bind-users at lists.isc.org
Subject: Re: Change in behaviour regarding ndots and searchlist
* Barry Margolin <barmar at alum.mit.edu> [2014-09-15 15:18]:
> In article <mailman.957.1410786839.26362.bind-users at lists.isc.org>,
> Steven Carr <sjcarr at gmail.com> wrote:
> > On 15 September 2014 13:29, Lightner, Jeff <JLightner at dsservices.com> wrote:
> > > I've begun seeing this recently in nslookup on Windows workstations as
> > > well. It appears it is appending search domains even when I've specified
> > > an FQDN. That is I have two search domains such as ex1.com and ex2.net
> > > and I typed short name "ralph" for nslookup or host it would give
> > > me "ralph.ex1.com" IP if it existed or "ralph.ex2.net" if the ralph.ex1.com
> > > didn't exist and the latter did. Now what I'm seeing is even if I specify
> > > "ralph.ex1.com" it is looking up and failing on "ralph.ex1.com.ex2.net".
> > Without the final explicit "." your name is not fully qualified.
> But if a name has more than ndots dots, it's supposed to be tried as
> given first, before adding search domains.
But currently (9.9) it will not add search domains at all. Which I find odd.
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant _______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer
CONFIDENTIALITY NOTICE: This e-mail may contain privileged
or confidential information and is for the sole use of the intended
recipient(s). If you are not the intended recipient, any disclosure,
copying, distribution, or use of the contents of this information
is prohibited and may be unlawful. If you have received this electronic
transmission in error, please reply immediately to the sender that
you have received the message in error, and delete it. Thank you
More information about the bind-users