Change in behaviour regarding ndots and searchlist

Doug Barton dougb at dougbarton.us
Mon Sep 15 18:06:22 UTC 2014


On 9/15/14 7:04 AM, Lightner, Jeff wrote:
> While the final dot has been required within zone files to prevent unwanted appendages to records it has NOT  been required by tools such as host and nslookup on either Windows or Linux/UNIX which routinely use "search" domains.

On Windows the behavior you're seeing has been the default for a long 
time. (I spend a lot of time looking at BIND query logs helping 
customers to debug wacky holes they've dug for themselves with Windows 
search strings.)

Further, Windows has a "feature" usually referred to as "domain search 
devolution" which means that if you have a domain name option (NOT a 
search string) such as foo.example.com and <query>.foo.example.com 
doesn't return an answer, it will also try for <query>.example.com and 
<query>.com.

So short names are awesome ... except where they're not. :)  And even 
more awesome in the Windows world when you have applications that can 
ONLY work with short names, you can't even type a FQDN into the config.

hth,

Doug



More information about the bind-users mailing list