| 1 |
On 27/07/2014 12:30, Grand Duet wrote: |
| 2 |
> 2014-07-27 13:39 GMT+03:00 Walter Dnes <waltdnes@××××××××.org>: |
| 3 |
>> On Sun, Jul 27, 2014 at 12:21:23PM +0300, Grand Duet wrote |
| 4 |
>>> This is a continuation of the thread: |
| 5 |
>>> "Something went wrong with DNS, plz help!" |
| 6 |
>>> |
| 7 |
>>> Now, the issue became clearer, so I decided to start |
| 8 |
>>> a new thread with more descriptive Subject. |
| 9 |
>>> |
| 10 |
>>> In short: the contents of the file /etc/resolv.conf |
| 11 |
>>> is unpredictably different from one reboot to another. |
| 12 |
>>> It is either |
| 13 |
>>> # Generated by net-scripts for interface lo |
| 14 |
>>> domain mynetwork |
| 15 |
>>> or |
| 16 |
>>> # Generated by net-scripts for interface "eth0" |
| 17 |
>>> nameserver My.First.DNS-Server.IP |
| 18 |
>>> nameserver My.Second.DNS-Server.IP |
| 19 |
>>> nameserver 8.8.8.8 |
| 20 |
>>> |
| 21 |
>>> I tried to chmod this file to be unwrittable even for root |
| 22 |
>>> but after a reboot it have been overwritten anyway. |
| 23 |
>>> |
| 24 |
>> A similar problem was noted at... |
| 25 |
>> https://forums.gentoo.org/viewtopic-t-816332-start-0.html |
| 26 |
> |
| 27 |
> Like in the thread above, I also have a line |
| 28 |
> dns_domain_lo="mynetwork" |
| 29 |
> in my /etc/conf.d/net file. It says nothing to me |
| 30 |
> and I do not remember how it got there. |
| 31 |
> |
| 32 |
> But somewhere on Gentoo forum I have found the following |
| 33 |
> explanation: "If you only specify dns_domain_lo="foo" and |
| 34 |
> restart the lo interface it will put "domain foo" in /etc/resolv.conf |
| 35 |
> and remove everything else." |
| 36 |
|
| 37 |
You can specify dns_domain - without an interface suffix - which ought |
| 38 |
to prevent this behaviour. However, you'd be better off getting rid of |
| 39 |
it altogether. All the option does is define the suffix(es) that are |
| 40 |
appended by the resolver under certain conditions. These conditions are |
| 41 |
as follows: |
| 42 |
|
| 43 |
a) the initial name isn't qualified (contains no dots) [1] |
| 44 |
b) the initial name could not be resolved (NXDOMAIN response) |
| 45 |
|
| 46 |
Making up fake domains for this setting, as many Gentoo users are |
| 47 |
induced into doing, serves no purpose. Let's assume that I have |
| 48 |
"fakedomain" as a search domain in resolv.conf. |
| 49 |
|
| 50 |
Let's see what happens for a short name: |
| 51 |
|
| 52 |
$ host -t A -v shorthost | grep -e Trying -e NX |
| 53 |
Trying "shorthost.fakedomain" |
| 54 |
Trying "shorthost" |
| 55 |
Host shorthost not found: 3(NXDOMAIN) |
| 56 |
|
| 57 |
Result: two spurious DNS lookups, each resulting in NXDOMAIN. You may |
| 58 |
use tcpdump to confirm that there are indeed two. |
| 59 |
|
| 60 |
Now, let's try looking up a fully qualified hostname that happens not to |
| 61 |
exist: |
| 62 |
|
| 63 |
$ host -t A -v nonexistent.google.com | grep -e Trying -e NX |
| 64 |
Trying "nonexistent.google.com" |
| 65 |
Trying "nonexistent.google.com.fakedomain" |
| 66 |
Host nonexistent.google.com not found: 3(NXDOMAIN) |
| 67 |
|
| 68 |
Result: The first lookup fails and is immediately followed by an another |
| 69 |
lookup that is completely and utterly useless. Had a search domain _not_ |
| 70 |
been defined, then the resolver could have concluded its efforts after |
| 71 |
the first NXDOMAIN response. |
| 72 |
|
| 73 |
The bottom line is that it only makes sense to define search domain(s) |
| 74 |
if the following two conditions hold true. |
| 75 |
|
| 76 |
1) You want to be able to resolve hostnames in their short form |
| 77 |
2) Records for said names will exist in a known, *valid* domain |
| 78 |
|
| 79 |
Otherwise, don't bother and leave it to the DHCP server to decide [2]. |
| 80 |
While I haven't looked at the handbook lately, it has had a history of |
| 81 |
prescribing dns/domain related options without adequate explanation and, |
| 82 |
in some cases, with outright misleading information [3]. |
| 83 |
|
| 84 |
On a related note, some people prefer to manage resolv.conf themselves |
| 85 |
and it is not initially obvious as to how to do this while also using |
| 86 |
DHCP. Trying to make the file immutable is not a proper approach. The |
| 87 |
trick is as follows: |
| 88 |
|
| 89 |
* Specify dhcpd_eth0="nodns" (do this for any dhcp-using interfaces) |
| 90 |
* Do not specify any dns or nameserver related settings in conf.d/net |
| 91 |
|
| 92 |
The netifrc scripts will then leave resolv.conf alone. |
| 93 |
|
| 94 |
--Kerin |
| 95 |
|
| 96 |
[1] Check out the ndots option in the resolv.conf(5) manpage |
| 97 |
[2] DHCP servers may specify a search domain for clients with option 15 |
| 98 |
[3] https://bugs.gentoo.org/show_bug.cgi?id=341349 |
Archives