Hello, I got bug report [1] about different behavior of nslookup in 9.11 version compared to old 9.9 version. At first I thought this issue should be closed right away. But when I digged into changes in BIND, I could not find any reason for given change. It seems to me the effect was not desired. Or not well documented.
What changed since 9.10? In 9.9, bind utilities behaved the same way as internal glibc implementation. When there is dots >= ndots in searched name, absolute name is tried first. If it does not exist, domains from search clause are appended and searched as well. Current nslookup behavior is to use ONLY absolute name when dots >= ndots. While I personally consider it better practice, some people still expect original behavior. What is worse, it makes it inconsistent with evaulation by the system (glibc) dns resolver. This way, host some.service can give different results than getent hosts some.service with search openstacklocal. I would like to find evidence or at least opinions, whether this change[2] was intentional and/or what was the reason for it. It seems either bind utils should revert to use search domains after absolute name or system resolver should be fixed to behave the same way as bind utils. But either change requires decision what is the correct way and how it should behave. In case my description of the problem is unclear, let's have an example: $ nslookup -debug -domain="vm" rhel6.8 Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find rhel6.8: NXDOMAIN But on BIND 9.9 or with [2] reverted, it gets: $ ./nslookup -debug -domain="vm" rhel6.8 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: rhel6.8.vm Address: 192.168.122.109 Is it bug or feature? Glibc has the same behavior even on new enough versions. Both glibc-2.28-72.el8 and glibc-2.30.9000-7.fc32 can resolve name with dot inside which host or nslookup cannot resolve. I am aware referenced BIND version is quite archaic. Best regards, Petr 1. https://bugzilla.redhat.com/show_bug.cgi?id=1743572 2. https://gitlab.isc.org/isc-projects/bind9/commit/8afea636ab0c07399aa3e2410b2cfbd41099df98 -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: [email protected] PGP: 65C6C973 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
