I have a server with active directory and dns on windows server 2012 with the following subdomain:
ac: alm.local <— 10.0.0.3
javi.a.alm.local <—- 10.0.0.20
when I solve in windows:
nslookup javi.a server: localhost address: 127.0.0.1 name: javi.a.alm.local address: 10.0.0.20
but when i result in debian:
nslookup javi.a Server: 10.0.0.3 Address: 10.0.0.3 # 53 ** server can't find javi.a: NXDOMAIN
why does it not solve ??
resolv.conf: nameserver 10.0.0.3 search alm.local
By default, the Linux resolver will not apply the
search domain to a queried name that already contains a dot. So
javi.a will be treated as a FQDN and will not have the domain
alm.local appended to it.
You can change this behavior using the
option. This says the minimum number of dots that can be in a name to be treated as a FQDN. It defaults to
You should also consider the warnings in the man page
resolv.conf(5) before doing so.
Resolver queries having fewer than ndots dots (default
is 1) in them will be attempted using each component of the
search path in turn until a match is found. For environments
with multiple subdomains please read options ndots:n below to
avoid man-in-the-middle attacks and unnecessary traffic for the
root-dns-servers. Note that this process may be slow and will
generate a lot of network traffic if the servers for the listed
domains are not local, and that queries will time out if no
server is available for one of the domains.
And the documentation for
Sets a threshold for the number of dots which must appear
in a name given to res_query(3) (see resolver(3)) before
an initial absolute query will be made. The default for
n is 1, meaning that if there are any dots in a name, the
name will be tried first as an absolute name before any
search list elements are appended to it. The value for
this option is silently capped to 15.
(Note that this implies that the name will be tried with search domains after being tried as a FQDN, but in practice this does not actually happen. It is not tried with the search domains at all. Which is why you have posted here today.)
So in resolv.conf you can add:
And a name with one dot will now have the search domain appended, but names with two or more dots will not. As the man page says, you can set this as high as 15 if necessary.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.