The search algorithms in libresolve/libbind are a compromise. If I had my way, back when libresolv was updated for RFC 1535, support for partially qualified domain names would have died. ndots was the compromise. Searches would have only continued on NXDOMAIN and unqualified names would not have been tried against the root. There were obvious security and information leakage issues with partially qualified names. So to with continuing searches on NODATA and SERVFAIL.
I have been setting hostname to the fully qualified value for the last 20 years or so. The worked on almost all platforms but some needed tweaking to remove assumptions that a hostname was a single label. Also whenever a hostname is added to a configuration file / script the fully qualified version is used. I killed searching in the local sendmail configurations and forced everyone to use fully qualified names in mail. This reduced problems once people got used to it. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
