Bug 4692 - Tuning failure to resolve non-existent domain names - a counterpart to the /etc/resolv.conf ndots option
Summary: Tuning failure to resolve non-existent domain names - a counterpart to the /e...
Status: NEW
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: unspecified
: P3 enhancement
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2007-06-23 15:48 UTC by Alex Smith
Modified: 2016-05-16 17:04 UTC (History)
1 user (show)

See Also:
Last reconfirmed:
fweimer: security-

Patch to add a maxdots option in /etc/resolv.conf (2.08 KB, patch)
2007-06-23 15:55 UTC, Alex Smith
Details | Diff
Patch to add a maxdots option in /etc/resolv.conf (2.70 KB, patch)
2009-02-20 00:16 UTC, Alex Smith
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Smith 2007-06-23 15:48:51 UTC
The ndots option may be set in /etc/resolv.conf to control when the resolver
tries looking up a name directly before considering the search list. This can be
used to tune the performance of lookups using knowledge of the local DNS setup
and the expected frequency of different types of lookup.

However there is no counterpart to allow the resolver to be told when it may
take initial "as-is" lookup failure as final and skip trying the search list.
Such an option would tune the performance of lookups of non-existent domains.

An example will probably aid comprehension and illustrate when and why this
might be useful:

Consider the domain example.com with nameserver ns.example.com, mail gateway
mx.example.com and an internal server int.example.com. Suppose that all other
hosts in the domain are at most sub-sub domains, that is all names in the domain
are of the form x.y.example.com. Assume that all machines have the domain and/or
search option in their /etc/resolv.conf set to example.com.

The internal server almost only ever looks up local domain names (within
example.com) and so has ndots set to 2 in its /etc/resolv.conf so that for any
query of the form x or x.y the resolver first looks for x.example.com and
x.y.example.com respectively. Since this is usually what is meant this speeds
lookups and keeps down the load which int.example.com places on the nameserver.

However the mail gateway is almost always looking up external domain names so
has ndots set to 1; the name x will probably be x.example.com (and this is still
tried first) but x.y is more likely to external (but still might be internal and
is still tried if the "as-is" query fails).

In the case of the mail gateway many failed lookups of the form x.y.z (or with
more dots) are expected (since example.com receives mountains of spam) and it
would be nice to skip the search list in these cases since it is known that
there are no names of the form x.y.z.example.com (but we still want to try
x.y.example.com for the query x.y) so that they fail faster and to reduce the
load on the nameserver.

I therefore propose a new option called, for the sake of argument, maxdots to
control the maximum number of dots in a name before the resolver considers it to
be absolute. In the example, mx.example.com would have maxdots set to 3 as this
is the maximum number of dots that may occur in a local domain.

I have produced a patch to implement this feature, and provide it here on the
off-chance that it should be considered useful by others. It ignores any item on
the search path such a that the new name to lookup would have more than maxdots
dots. So in the example above, when looking up x.y.z the search path item
example.com is ignored because x.y.z.example.com has four dots and maxdots is three.

The default setting for the new maxdots options is zero which means no limit,
i.e. the existing behaviour.

Comment 1 Alex Smith 2007-06-23 15:55:47 UTC
Created attachment 1900 [details]
Patch to add a maxdots option in /etc/resolv.conf

This patch is against current CVS. It can be applied to 2.5 (and probably
earlier) with a only minor manual fix in resolv/resolv.h where the lack of the
new ipv6_unavail structure member causes the patch to fail to apply.
Comment 2 Alex Smith 2009-02-20 00:16:49 UTC
Created attachment 3755 [details]
Patch to add a maxdots option in /etc/resolv.conf

Updated patch for recent changes to the resolver code.