Bug 1758317 - nslookup / host do not honor the new search domain limits of glibc
Summary: nslookup / host do not honor the new search domain limits of glibc
Keywords:
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: bind
Version: 7.8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Petr Menšík
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-03 20:25 UTC by Juan Manuel Santos
Modified: 2019-11-07 12:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Comment 2 Petr Menšík 2019-10-04 08:47:32 UTC
Public notes.

Search in nslookup is limited to 8 domains. 
When search in /etc/resolv.conf includes more than 8 domains, only first 8 are tried.

Limit was increased in glibc by bug #677316.

Comment 3 Petr Menšík 2019-10-04 08:55:04 UTC
This number of searches is defined in lib/lwres/include/lwres/lwres.h

#define LWRES_CONFMAXSEARCH 8		/*%< max 8 domains in "search" entry */

No support for dynamic unlimited list is present.

Comment 4 Petr Menšík 2019-10-04 12:18:51 UTC
Steps to Reproduce:
1. sed -i 's/^search .*/search non-existent1.very-long-domain.fedoraproject.org non-existent2.very-long-domain.fedoraproject.org non-existent3.very-long-domain.fedoraproject.org non-existent4.very-long-domain.fedoraproject.org non-existent5.very-long-domain.fedoraproject.org non-existent6.very-long-domain.fedoraproject.org openstacklocal redhat.com/' /etc/resolv.conf
2. [ "$(host access)" == "$(getent host access.redhat.com.)" ] && echo matches
3. sed -i 's/^search .*/search non-existent1.very-long-domain.fedoraproject.org non-existent2.very-long-domain.fedoraproject.org non-existent3.very-long-domain.fedoraproject.org non-existent4.very-long-domain.fedoraproject.org non-existent5.very-long-domain.fedoraproject.org non-existent6.very-long-domain.fedoraproject.org non-existent7.very-long-domain.fedoraproject.org non-existent8.very-long-domain.fedoraproject.org openstacklocal redhat.com/' /etc/resolv.conf
4. [ "$(host access)" == "$(getent host access.redhat.com.)" ] && echo still matches

Comment 5 Petr Menšík 2019-10-04 13:09:55 UTC
Not even the most recent development version handles this different way. Reported upstream [1].

1. https://gitlab.isc.org/isc-projects/bind9/issues/1259


Note You need to log in before you can comment on or make changes to this bug.