[Pdns-users] FQDN vs "shortcut" host lookups

Aki Tuomi cmouse at youzen.ext.b2.fi
Tue Jan 6 19:26:50 UTC 2015 

On Tue, Jan 06, 2015 at 02:02:31PM -0500, Jason Frisvold wrote:
> Hi all,
> 
> 	I'm looking for some information/recommendations about how to handle
> subdomains in pdns.  I'm experiencing some odd behavior which appears as
> though it might be correct, but had previously worked when we ran bind
> as our resolver.
> 
> 	Some quick background.  We had several bind servers running as both
> authoritative and recursive nameservers.  My understanding is that since
> all of the servers were authoritative, they answered queries for local
> domains directly without having to hit the root nameservers.  With the
> new pdns recursors, I just let recursion happen and a query for the
> local domain goes through the motions just like any other domain.  I'm
> aware I can forward if needed, I just haven't bothered yet.
> 
> 	I believe "normal" DNS operations are working.  I am hitting an odd
> case that isn't, though.  If I shortcut DNS by not appending the domain,
> it only works for the primary domain.  (If there's a technical term for
> this, I'd love to know what it is)
> 
> 	For example, my primary domain is example.com and I have two
> subdomains, dev.example.com and stage.example.com.  If I perform a query
> on the primary domain, it works fine, even with just the hostname:
> 
> $ host www.example.com
> www.example.com has address 192.168.1.1
> 
> $ host www
> www.example.com has address 192.168.1.1
> 

This is because your /etc/resolv.conf has search exmaple.com

> 	For the subdomains, though, only a FQDN lookup works :
> 
> $ host www.stage.example.com
> www.stage.example.com has address 10.0.0.1
> 
> $ host www.stage
> Host www.stage not found: 3(NXDOMAIN)
> 
> 	And the dev subdomain is even more interesting :
> 
> $ host www.dev.example.com
> www.dev.example.com has address 172.16.0.1
> 
> $ host www.dev
> www.dev has address 127.0.53.53
> www.dev mail is handled by 10 your-dns-needs-immediate-attention.dev.
> 

This is because search in resolv.conf is appended only to names without dots. 

> 	Though I believe the dev response may be a result of the root
> nameservers having an entry for a "dev" tld, apparently owned by Google.
>

Using host to debug is usually a bad idea, use dig instead.

Aki

More information about the Pdns-users mailing list