Duplicate domain name in DNS queryVerbose DNS query to see DNS query order?Why is my computer trying to send...
Can I perform Umrah while on a Saudi Arabian visit e-visa
Should I reveal productivity tricks to peers, or keep them to myself in order to be more productive than the others?
Is there such thing as plasma (from reentry) creating lift?
This fell out of my toilet when I unscrewed the supply line. What is it?
What determines the top speed in ice skating?
Abuse of Illusory Reality
What ways are there to bypass spell resistance?
How stable are PID loops really?
How to find an internship in OR/Optimization?
Does "Op. cit." stand for "opus citatum" or "opere citato"?
A sentient carnivorous species trying to preserve life. How could they find a new food source?
Why are engines with carburetors hard to start in cold weather?
Why did a young George Washington sign a document admitting to assassinating a French military officer?
Can massive damage kill you while at 0 HP?
Canceling a color specification
D&D Monsters and Copyright
"Es gefällt ihm." How to identify similar exceptions?
Why is matter-antimatter asymmetry surprising, if asymmetry can be generated by a random walk in which particles go into black holes?
Why is there no logical not operator (!!) in C-style languages?
Transiting through Switzerland by coach with lots of cash
How do lasers measure short distances (<1cm) when electronics are too slow for time-of-flight to work?
What do you call the fallacy of thinking that some action A will guarantee some outcome B, when in reality B depends on multiple other conditions?
How to make a gift without seeming creepy?
Meaning/translation of title "The Light Fantastic" By Terry Pratchett
Duplicate domain name in DNS query
Verbose DNS query to see DNS query order?Why is my computer trying to send ICMP type 3 to OpenDNS?DNS reverse queryReverse dns using dns server of domainIs this my hostname and DNS domain name?To get domain name from ip in Reverse DNS DigDNS query response logging
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{
margin-bottom:0;
}
I found out strange duplicate domain name in the DNS queries during tcpdump capturing on my RedHat server. It did not do any impact on my DNS names resolving.
But it's not clear why my server sends such request in DNS query ==> my.domainspec.com.domainspec.com.domainspec.com. In general it should be
just my.domainspec.com
info from tcpdump:
12:17:28.431208 IP (tos 0x0, ttl 64, id 57779, offset 0, flags [DF], proto UDP (17), length 97)
my.domainspec.com.33953 > ns1.entry.com.domain: [bad udp cksum 0xcb8a -> 0x6e04!] 63367+ A? my.domainspec.com.domainspec.com.domainspec.com. (69)`
`12:17:28.431718 IP (tos 0x0, ttl 64, id 61601, offset 0, flags [none], proto UDP (17), length 148)
ns1.entry.com.domain > my.domainspec.com.33953: [udp sum ok] 63367 NXDomain* q: A? my.domainspec.com.domainspec.com.domainspec.com. 0/1/0 ns: domainspec.com. SOA ns1.entry.com. postmaster.domainspec.com. 2018012732 600 300 2592000 900 (120)
info from nsswitch.conf:
grep "hosts" /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname
info from /etc/hosts:
193.48.203.195 my.domainspec.com
info from /etc/resolv.conf:
# Generated by NetworkManager
search domainspec.com
nameserver 8.8.8.8
Please note. I've used fake domain names and IPs for the example.
Could someone explain what the reason for the duplicate domain name in DNS query is? Any help is really appreciated.
rhel dns
edited 51 mins ago
muru
45k5 gold badges111 silver badges185 bronze badges
asked Feb 7 '18 at 15:17
fuserfuser
3561 gold badge12 silver badges21 bronze badges
add a comment
|
I found out strange duplicate domain name in the DNS queries during tcpdump capturing on my RedHat server. It did not do any impact on my DNS names resolving.
But it's not clear why my server sends such request in DNS query ==> my.domainspec.com.domainspec.com.domainspec.com. In general it should be
just my.domainspec.com
info from tcpdump:
12:17:28.431208 IP (tos 0x0, ttl 64, id 57779, offset 0, flags [DF], proto UDP (17), length 97)
my.domainspec.com.33953 > ns1.entry.com.domain: [bad udp cksum 0xcb8a -> 0x6e04!] 63367+ A? my.domainspec.com.domainspec.com.domainspec.com. (69)`
`12:17:28.431718 IP (tos 0x0, ttl 64, id 61601, offset 0, flags [none], proto UDP (17), length 148)
ns1.entry.com.domain > my.domainspec.com.33953: [udp sum ok] 63367 NXDomain* q: A? my.domainspec.com.domainspec.com.domainspec.com. 0/1/0 ns: domainspec.com. SOA ns1.entry.com. postmaster.domainspec.com. 2018012732 600 300 2592000 900 (120)
info from nsswitch.conf:
grep "hosts" /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname
info from /etc/hosts:
193.48.203.195 my.domainspec.com
info from /etc/resolv.conf:
# Generated by NetworkManager
search domainspec.com
nameserver 8.8.8.8
Please note. I've used fake domain names and IPs for the example.
Could someone explain what the reason for the duplicate domain name in DNS query is? Any help is really appreciated.
rhel dns
edited 51 mins ago
muru
45k5 gold badges111 silver badges185 bronze badges
asked Feb 7 '18 at 15:17
fuserfuser
3561 gold badge12 silver badges21 bronze badges
Good that you tell us it is fake, because thetcpdumpandresolv.conf, and evennameserverdo not match.
– Rui F Ribeiro
Feb 7 '18 at 15:36
Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, useexample.com, or.exampleTLD next time.
– Patrick Mevzek
Feb 7 '18 at 15:47
add a comment
|
I found out strange duplicate domain name in the DNS queries during tcpdump capturing on my RedHat server. It did not do any impact on my DNS names resolving.
But it's not clear why my server sends such request in DNS query ==> my.domainspec.com.domainspec.com.domainspec.com. In general it should be
just my.domainspec.com
info from tcpdump:
12:17:28.431208 IP (tos 0x0, ttl 64, id 57779, offset 0, flags [DF], proto UDP (17), length 97)
my.domainspec.com.33953 > ns1.entry.com.domain: [bad udp cksum 0xcb8a -> 0x6e04!] 63367+ A? my.domainspec.com.domainspec.com.domainspec.com. (69)`
`12:17:28.431718 IP (tos 0x0, ttl 64, id 61601, offset 0, flags [none], proto UDP (17), length 148)
ns1.entry.com.domain > my.domainspec.com.33953: [udp sum ok] 63367 NXDomain* q: A? my.domainspec.com.domainspec.com.domainspec.com. 0/1/0 ns: domainspec.com. SOA ns1.entry.com. postmaster.domainspec.com. 2018012732 600 300 2592000 900 (120)
info from nsswitch.conf:
grep "hosts" /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname
info from /etc/hosts:
193.48.203.195 my.domainspec.com
info from /etc/resolv.conf:
# Generated by NetworkManager
search domainspec.com
nameserver 8.8.8.8
Please note. I've used fake domain names and IPs for the example.
Could someone explain what the reason for the duplicate domain name in DNS query is? Any help is really appreciated.
rhel dns
edited 51 mins ago
muru
45k5 gold badges111 silver badges185 bronze badges
asked Feb 7 '18 at 15:17
fuserfuser
3561 gold badge12 silver badges21 bronze badges
I found out strange duplicate domain name in the DNS queries during tcpdump capturing on my RedHat server. It did not do any impact on my DNS names resolving.
But it's not clear why my server sends such request in DNS query ==> my.domainspec.com.domainspec.com.domainspec.com. In general it should be
just my.domainspec.com
info from tcpdump:
12:17:28.431208 IP (tos 0x0, ttl 64, id 57779, offset 0, flags [DF], proto UDP (17), length 97)
my.domainspec.com.33953 > ns1.entry.com.domain: [bad udp cksum 0xcb8a -> 0x6e04!] 63367+ A? my.domainspec.com.domainspec.com.domainspec.com. (69)`
`12:17:28.431718 IP (tos 0x0, ttl 64, id 61601, offset 0, flags [none], proto UDP (17), length 148)
ns1.entry.com.domain > my.domainspec.com.33953: [udp sum ok] 63367 NXDomain* q: A? my.domainspec.com.domainspec.com.domainspec.com. 0/1/0 ns: domainspec.com. SOA ns1.entry.com. postmaster.domainspec.com. 2018012732 600 300 2592000 900 (120)
info from nsswitch.conf:
grep "hosts" /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname
info from /etc/hosts:
193.48.203.195 my.domainspec.com
info from /etc/resolv.conf:
# Generated by NetworkManager
search domainspec.com
nameserver 8.8.8.8
Please note. I've used fake domain names and IPs for the example.
Could someone explain what the reason for the duplicate domain name in DNS query is? Any help is really appreciated.
rhel dns
rhel dns
edited 51 mins ago
muru
45k5 gold badges111 silver badges185 bronze badges
asked Feb 7 '18 at 15:17
fuserfuser
3561 gold badge12 silver badges21 bronze badges
edited 51 mins ago
muru
45k5 gold badges111 silver badges185 bronze badges
asked Feb 7 '18 at 15:17
fuserfuser
3561 gold badge12 silver badges21 bronze badges
edited 51 mins ago
muru
45k5 gold badges111 silver badges185 bronze badges
edited 51 mins ago
muru
45k5 gold badges111 silver badges185 bronze badges
edited 51 mins ago
muru
45k5 gold badges111 silver badges185 bronze badges
45k5 gold badges111 silver badges185 bronze badges
asked Feb 7 '18 at 15:17
fuserfuser
3561 gold badge12 silver badges21 bronze badges
asked Feb 7 '18 at 15:17
fuserfuser
3561 gold badge12 silver badges21 bronze badges
asked Feb 7 '18 at 15:17
fuserfuser
3561 gold badge12 silver badges21 bronze badges
3561 gold badge12 silver badges21 bronze badges
Good that you tell us it is fake, because thetcpdumpandresolv.conf, and evennameserverdo not match.
– Rui F Ribeiro
Feb 7 '18 at 15:36
Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, useexample.com, or.exampleTLD next time.
– Patrick Mevzek
Feb 7 '18 at 15:47
add a comment
|
Good that you tell us it is fake, because thetcpdumpandresolv.conf, and evennameserverdo not match.
– Rui F Ribeiro
Feb 7 '18 at 15:36
Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, useexample.com, or.exampleTLD next time.
– Patrick Mevzek
Feb 7 '18 at 15:47
Good that you tell us it is fake, because the
tcpdump and resolv.conf, and even nameserverdo not match.– Rui F Ribeiro
Feb 7 '18 at 15:36
Good that you tell us it is fake, because the
tcpdump and resolv.conf, and even nameserverdo not match.– Rui F Ribeiro
Feb 7 '18 at 15:36
Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use
example.com, or .example TLD next time.– Patrick Mevzek
Feb 7 '18 at 15:47
Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use
example.com, or .example TLD next time.– Patrick Mevzek
Feb 7 '18 at 15:47
add a comment
|
1 Answer
1
active
oldest
votes
You are describing pretty much normal, known and documented behaviour.
What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).
The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.
The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".
As in:
search domainspec.com. domain.com. example.com.
In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:
ping www.example.com.
or
ping www.cnn.com.
From man resolv.conf(5)
search Search list for host-name lookup.
The search list is normally determined from the local domain
name; by default, it contains only the local domain name.
This may be changed by listing the desired domain search path
following the search keyword with spaces or tabs separating
the names. Resolver queries having fewer than ndots dots
(default is 1) in them will be attempted using each component
of the search path in turn until a match is found. For
environments with multiple subdomains please read options
ndots:n below to avoid man-in-the-middle attacks and
unnecessary traffic for the root-dns-servers. Note that this
process may be slow and will generate a lot of network traffic
if the servers for the listed domains are not local, and that
queries will time out if no server is available for one of the
domains.
The search list is currently limited to six domains with a
total of 256 characters.
answered Feb 7 '18 at 15:38
Rui F RibeiroRui F Ribeiro
41.7k16 gold badges97 silver badges158 bronze badges
add a comment
|
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f422559%2fduplicate-domain-name-in-dns-query%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You are describing pretty much normal, known and documented behaviour.
What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).
The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.
The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".
As in:
search domainspec.com. domain.com. example.com.
In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:
ping www.example.com.
or
ping www.cnn.com.
From man resolv.conf(5)
search Search list for host-name lookup.
The search list is normally determined from the local domain
name; by default, it contains only the local domain name.
This may be changed by listing the desired domain search path
following the search keyword with spaces or tabs separating
the names. Resolver queries having fewer than ndots dots
(default is 1) in them will be attempted using each component
of the search path in turn until a match is found. For
environments with multiple subdomains please read options
ndots:n below to avoid man-in-the-middle attacks and
unnecessary traffic for the root-dns-servers. Note that this
process may be slow and will generate a lot of network traffic
if the servers for the listed domains are not local, and that
queries will time out if no server is available for one of the
domains.
The search list is currently limited to six domains with a
total of 256 characters.
answered Feb 7 '18 at 15:38
Rui F RibeiroRui F Ribeiro
41.7k16 gold badges97 silver badges158 bronze badges
add a comment
|
You are describing pretty much normal, known and documented behaviour.
What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).
The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.
The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".
As in:
search domainspec.com. domain.com. example.com.
In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:
ping www.example.com.
or
ping www.cnn.com.
From man resolv.conf(5)
search Search list for host-name lookup.
The search list is normally determined from the local domain
name; by default, it contains only the local domain name.
This may be changed by listing the desired domain search path
following the search keyword with spaces or tabs separating
the names. Resolver queries having fewer than ndots dots
(default is 1) in them will be attempted using each component
of the search path in turn until a match is found. For
environments with multiple subdomains please read options
ndots:n below to avoid man-in-the-middle attacks and
unnecessary traffic for the root-dns-servers. Note that this
process may be slow and will generate a lot of network traffic
if the servers for the listed domains are not local, and that
queries will time out if no server is available for one of the
domains.
The search list is currently limited to six domains with a
total of 256 characters.
answered Feb 7 '18 at 15:38
Rui F RibeiroRui F Ribeiro
41.7k16 gold badges97 silver badges158 bronze badges
add a comment
|
You are describing pretty much normal, known and documented behaviour.
What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).
The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.
The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".
As in:
search domainspec.com. domain.com. example.com.
In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:
ping www.example.com.
or
ping www.cnn.com.
From man resolv.conf(5)
search Search list for host-name lookup.
The search list is normally determined from the local domain
name; by default, it contains only the local domain name.
This may be changed by listing the desired domain search path
following the search keyword with spaces or tabs separating
the names. Resolver queries having fewer than ndots dots
(default is 1) in them will be attempted using each component
of the search path in turn until a match is found. For
environments with multiple subdomains please read options
ndots:n below to avoid man-in-the-middle attacks and
unnecessary traffic for the root-dns-servers. Note that this
process may be slow and will generate a lot of network traffic
if the servers for the listed domains are not local, and that
queries will time out if no server is available for one of the
domains.
The search list is currently limited to six domains with a
total of 256 characters.
answered Feb 7 '18 at 15:38
Rui F RibeiroRui F Ribeiro
41.7k16 gold badges97 silver badges158 bronze badges
You are describing pretty much normal, known and documented behaviour.
What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).
The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.
The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".
As in:
search domainspec.com. domain.com. example.com.
In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:
ping www.example.com.
or
ping www.cnn.com.
From man resolv.conf(5)
search Search list for host-name lookup.
The search list is normally determined from the local domain
name; by default, it contains only the local domain name.
This may be changed by listing the desired domain search path
following the search keyword with spaces or tabs separating
the names. Resolver queries having fewer than ndots dots
(default is 1) in them will be attempted using each component
of the search path in turn until a match is found. For
environments with multiple subdomains please read options
ndots:n below to avoid man-in-the-middle attacks and
unnecessary traffic for the root-dns-servers. Note that this
process may be slow and will generate a lot of network traffic
if the servers for the listed domains are not local, and that
queries will time out if no server is available for one of the
domains.
The search list is currently limited to six domains with a
total of 256 characters.
answered Feb 7 '18 at 15:38
Rui F RibeiroRui F Ribeiro
41.7k16 gold badges97 silver badges158 bronze badges
edited 56 mins ago
answered Feb 7 '18 at 15:38
Rui F RibeiroRui F Ribeiro
41.7k16 gold badges97 silver badges158 bronze badges
answered Feb 7 '18 at 15:38
Rui F RibeiroRui F Ribeiro
41.7k16 gold badges97 silver badges158 bronze badges
answered Feb 7 '18 at 15:38
Rui F RibeiroRui F Ribeiro
41.7k16 gold badges97 silver badges158 bronze badges
41.7k16 gold badges97 silver badges158 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f422559%2fduplicate-domain-name-in-dns-query%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Good that you tell us it is fake, because the
tcpdumpandresolv.conf, and evennameserverdo not match.– Rui F Ribeiro
Feb 7 '18 at 15:36
Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use
example.com, or.exampleTLD next time.– Patrick Mevzek
Feb 7 '18 at 15:47