Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Dec 2022 23:25:06 +0100
From: Quentin Rameau <>
Subject: Re: lookup_name issue with search domains

Hi Kenny,

> The API that's in question is called `gethostbyname*`. It's not getTXT,
> or getMX or anything like that. When calling that I don't care if a name
> exists, I care if a host exists. As such I expect the API to only look
> at host records (and possibly dnssec that protect them). I wouldn't
> really care if there was 10 odd new record types, if there's no host
> records then there's no host at that name.

Indeed, and that's what you get there.
The DNS server is telling you it's authoritative
(you'll get no better different answer from somebody else),
the name exists, but its without an (IPv4) address.

You get the error NO_DATA and your request ends there,
as the authoritative entity of the domain told you so.

> From my understanding of what you're saying: if the query response
> doesn't contain error flags , it's indicating the name exists. That's
> fine, the name exists. That doesn't mean the host exists. The response
> that comes back has zero 'Answer RRs'. If searching should now stop
> because the host was found, what's it's address?

Searching ends there because the host was found by name,
and the server said it doesn't have an associated address.

> Reading a Linux man page on `resolv.conf` it says of the "Search list
> for host-name lookup":
> >> Resolver queries having fewer than ndots dots (default is 1) in them
> >> will be attempted using each component of the search path in turn
> >> until a match is found.  

> So I guess it comes down to the question: Does this match a host?

This matches a host, with no configured AF_INET address.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.