How to disable DNS lookups?

Henry B (Hank) Hotz, CISSP hbhotz at oxy.edu
Thu Jul 27 00:08:30 CEST 2017


> On Jul 26, 2017, at 10:29 AM, u-hd-phes at aetey.se wrote:
> 
> On Wed, Jul 26, 2017 at 08:45:17AM -0700, Russ Allbery wrote:
>> Viktor Dukhovni <heimdal at dukhovni.org> writes:
>>> 	2. Look up same name in DNS, return address(es) if found
>> 
>>> instead, in step 2, we may get undesirable, incorrect and/or costly
>>> interactions with the stub resolver's domain search list.  The name in
>>> the SRV record is an FQDN and MUST NOT be subject to RES_DEFNAMES or
>>> RES_DNSRCH.  The getaddrinfo(3) API provides no means to signal that a
>>> name should not be subjected to the DNS search list.
>> 
>> Ah!  Thank you.  That helps me understand the problem you're trying to
>> solve.
> 
> +1
> 
> Then the explicit trailing dots in /etc/hosts look indeed
> like a reasonable trade-off.
> 
> Rune

Actually, isn’t the trailing dot just a red herring?

The RR is guaranteed to return a name which has an A/AAAA record, therefore no search list will be exercised. <pun>period!</pun> The first lookup must succeed, by design.

Personal email.  hbhotz at oxy.edu





More information about the Heimdal-discuss mailing list