[Bug 1771304] Re: host don't use search domain for service record

[Andreas Hasenack]

I can see that behavior with normal queries. What triggers it is if the
name you are requesting has a subdomain component or not.

host foo <--- searches for foo and foo.<searchdomain>

host foo.bar <--- only searches for foo.bar

That is also the behavior in xenial 16.04.

The resolv.conf manpage has this to say:
"""
Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn  until a match is found.  For environments with multiple subdomains please read options ndots:n below to avoid man-in-the-middle attacks and unnecessary traffic for the root-dns-servers.
"""

And:
"""
ndots:n
Sets a threshold for the number of dots which must appear in a name given to res_query(3) (see resolver(3)) before an initial absolute query will be made.  The  default  for  n  is  1, meaning  that  if  there  are  any  dots  in  a name, the name will be tried first as an absolute name before any search list elements are appended to it.  The value for this option is silently capped to 15.
"""

So if you add this line to /etc/resolv.conf:
options ndots:2

your query "host -a -t SRV _kerberos._udp" should be attempted also with
the search domain appended.

Could you please try? That is not the final fix, though, even if it
works, because that file is managed by systemd-resolved, but as a quick
check it's good enough to try.

** Changed in: bind9 (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1771304

Title:
  host don't use search domain for service record

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1771304/+subscriptions