On 03/12/14 06:50, Tony Finch wrote: > Lawrence K. Chen, P.Eng. <lkc...@ksu.edu> wrote: > >> If you have FQDN for machines, the problem might be that the domain >> isn't set in resolv.conf? > > The machines are configured with a bare hostname. If there isn't a search > or domain directive in /etc/resolv.conf and there isn't an entry for the > machine in /etc/hosts then `hostname -f` will fail. > > It is probably a bug that `hostname -f` does not have any "ndots" logic. > See also RFC 1535. > > Tony. >
Around here, the users insist on being able to only use hostname to reach everything....so our resolv.conf's have search is max'd...though some systems seem to work when 7 subdomains are listed for "search". Though most of the time, we'll find that we have to ask them which subdomain can they live without to add a new one to "search". One time, they removed the first one...because the department doesn't exist anymore and they don't (think they) have anything in it they need. Except that the backup jobs they run all stopped working. Yeah, the backup server is in that subdomain (and the fqdn is baked into the library catalog's Oracle DB backend, so we can never change it...though every few years they look at switching us to another vendor's product rather than upgrading...and we end up upgrading.) Also we still have a large number of Solaris systems around...where typing 'hostname -f' would change the hostname of the system to '-f'. (or an error if not root.) And, virtually every system here uses just hostname....since lots of people call `hostname` in their prompts, and don't like the added length of getting an fqdn. (or figuring out what they need to do to make it right.) Though I did discover that search appends to all lookups, not just bare hostnames. Could not understand why new SA saying machines could be reached with <hostname>.campus (years ago when we started having systems with RFC1918 IPs...they decided to make up a TLD. The DNS administrator said that it wasn't possible to do split DNS, yet he didn't ask what I meant when I had asked him about it. After he quit, DNS got thrown in my lap. and .campus.ksu.edu was born, which was good, because we had a policy at the time requiring user facing sites to use Thawte certificates...which were hard to get for .campus fqdn's...but we can get for .campus.ksu.edu fqdn's, which can't be resolved from off campus (well, not fully...) Several years ago, another admin tried to get force everybody to stop using the .campus TLD. (I've joked that its only a matter of time that some one goes and registers it....or perhaps one of the other fake TLDs we used, like .wireless ;) Problem was there was a big move of Oracle DBs into the TLD...and with the name baked into the installation....renaming isn't going to happen until those systems are abandoned (though a big hardware refresh is near on the horizon...along with a network reorg for data classification.) Though everything that was .campus is in .campus.ksu.edu (except that we had functional subdomains in .campus and functional hostnames in .campus.ksu.edu....) But, a host in .campus.ksu.edu is often not in .campus (since its deprecated....) And, there's a mix on which domain the reverses are pointed to....which is important for the particular system he was setting up at the time. (Some old systems have had their reverses updated, but not all users have switched to using the new forward.... in service requests to him....) Oh, there have been cases where we've added hostnames to /etc/hosts so that they could use bare hostnames to reach things in other subdomains....other times its to ensure the desired hostname is reached when the name exists in more than one subdomain. Some also have names that are not in DNS (not sure if they thought of CNAMEs) so they can find the application. Which was especially important before we forced a consistent functional naming scheme across our datacenter. They were using Sith Lords to name their machines, some where very similar in spelling but significantly different functions or classifications. Probably ran out of Sith lords with names starting with p, t, d, a or b (prod, test, dev, alpha or beta). It was whole bunch of very similar names starting with 's' that made my manager snap. -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
