70
11
If I have the option set as the domain name of the server itself, does that mean the server itself is used first to lookup domain names before querying the external internet? i.e. /etc/hosts will be queried?
For example:
search localdomain.com
Mike
Posted 2013-03-22T20:08:46.730
Reputation: 897
69
From man resolv.conf
The search list is normally determined from the local domain name; by default, it contains only the local domain name. This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found. For environments with multiple subdomains please read options ndots:n below to avoid man-in-the-middle attacks and unnecessary traffic for the root-dns-servers. Note that this process may be slow and will generate a lot of network traffic if the servers for the listed domains are not local, and that queries will time out if no server is available for one of the domains.
The search list is currently limited to six domains with a total of 256 characters.
To summarize the above, assuming no change from the defaults mentioned above, if something gets to the resolver that has no dots in it, the resolver will try adding localdomain.com to it.
So lets say you just type http://somesite/somedocument.html in your browser. The resolver will catch that and first try to resolve somesite.localdomain.com - equivalent if you actually typed http://somesite.localdomain.com/somedocument.html - before trying what you actually requested.
This is helpful if you are part of a LAN environment that has its own DNS server so that people can type simple names to reach local resources. If you don't have a home or corporate LAN with your own DNS server it's nothing you really have to worry about.
LawrenceC
Posted 2013-03-22T20:08:46.730
Reputation: 63 487
1@Zoredache, you're bringing a valid point, however, one has to assume that the search technique would be implemented by a local system administrator that is also in control of all the hosts of the local domain names, thus named-based virtual hosts would supposedly already be configured to allow for this behaviour. – cnst – 2016-11-10T17:27:30.950
1@cnst - not true always true in my experience. devs build a complete server with tomcat packaged with the war file. ops/sys admin person worries about the machines/vms/dns config. There is this gray line about who is responsible. Its nice that zoredache called it out in case a reader does have a config that might have a the problem described. – Pat – 2016-11-10T23:21:17.617
12HTTP is a bad example for use of the search option. A large number of people use name-based virtual hosts because of IPv6 scarcity. In my experience it very rare to see virtual hosts in a way that accepts a request for
Host: somesitein addition toHost: somesite.localdomain.com. Or to put it differently, the search option permits your client to resolve an abbreviated name, but that doesn't mean that you will actually be able to complete a request. – Zoredache – 2013-03-22T22:19:08.930