How to disable DNS lookups?
Henry B (Hank) Hotz, CISSP
hbhotz at oxy.edu
Thu Jul 27 00:08:30 CEST 2017
> On Jul 26, 2017, at 10:29 AM, u-hd-phes at aetey.se wrote:
> On Wed, Jul 26, 2017 at 08:45:17AM -0700, Russ Allbery wrote:
>> Viktor Dukhovni <heimdal at dukhovni.org> writes:
>>> 2. Look up same name in DNS, return address(es) if found
>>> instead, in step 2, we may get undesirable, incorrect and/or costly
>>> interactions with the stub resolver's domain search list. The name in
>>> the SRV record is an FQDN and MUST NOT be subject to RES_DEFNAMES or
>>> RES_DNSRCH. The getaddrinfo(3) API provides no means to signal that a
>>> name should not be subjected to the DNS search list.
>> Ah! Thank you. That helps me understand the problem you're trying to
> Then the explicit trailing dots in /etc/hosts look indeed
> like a reasonable trade-off.
Actually, isn’t the trailing dot just a red herring?
The RR is guaranteed to return a name which has an A/AAAA record, therefore no search list will be exercised. <pun>period!</pun> The first lookup must succeed, by design.
Personal email. hbhotz at oxy.edu
More information about the Heimdal-discuss