Re: How to disable DNS search received by DHCP
On Sun, 2024-01-28 at 08:12 +0000, Strahil Nikolov via users wrote:
I do control the DHCP and the DNS servers in my network and I did
manage to make the DHCP stop proposing 'domain-search' and yet
NetworkManager (after OKD update and my interventions with
/etc/resolv.conf systemd-resolved is no longer a factor) is still
assigning a search stanza in the /etc/resolv.conf on the hosts.
On the otherside , the CoreDNS (the stupid thing that appends the
search stanza from /etc/resolv.conf) is not under my control but I
can check.
The search parameter is only supposed to be appended to a query if
there is no answer for the query as it is, or if you just have a
hostname (typically, a name with no dots in it) a fully qualified
domain name is required to resolve the query.
e.g. If my IP is 192.168.1.1 and I do reverse lookup on it, and find
my hostname is feefiefum, further lookups can be done find my fully
qualified domain name, or the lookup might have provided the whole
thing with the first query. Or, if I already know my hostname is
feefiefum, lookups can be done to find my fully qualified domain name,
though a simple approach is to try appending the "search" name.
So, something isn't providing full answers in the first place, and it's
trying to find out some other way.
You DHCP servers should be providing the full details required for your
network (hostname and domain name), and your DNS servers should be
providing the full answers for them. And hopefully your network is set
up to query your own servers, first.
In the old dhcpd.conf file, that would mean
option domain-name "quay.io.";
And if you have integrated DNS and DHCP for dynamic addressing, you'd
also have a:
ddns-domainname "quay.io.";
The trailing dot is important. It means that it is the end of the
chain.
You should be assigning your clients hostnames, in other words your
pc's full address could be "something.quay.io" not just "quay.io".
Although quay.io is a hostname in the .io top level domain, it's a
country TLD, and I doubt you're in control of "io". I see that quay.io
exists; if it's not your domain then you're going to have a lot of pain
trying to use it for your own purposes.
Since you mentioned "quay.io" in your first post, your DNS server ought
to have data for that domain. If it doesn't, then of course name
resolution may try adding the suggested domain name suffixes.
Again your DNS records should have an entry for the particular hostname
your using in the zone file for that domain, and that zone file should
have all the proper data for that domainname.
--
NB: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the list.
The following system info data is generated fresh for each post:
uname -rsvp
Linux 6.2.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53
UTC 2023 x86_64