Duplicate domain name in DNS queryVerbose DNS query to see DNS query order?Why is my computer trying to send...

Can I perform Umrah while on a Saudi Arabian visit e-visa

Should I reveal productivity tricks to peers, or keep them to myself in order to be more productive than the others?

Is there such thing as plasma (from reentry) creating lift?

This fell out of my toilet when I unscrewed the supply line. What is it?

What determines the top speed in ice skating?

Abuse of Illusory Reality

What ways are there to bypass spell resistance?

How stable are PID loops really?

How to find an internship in OR/Optimization?

Does "Op. cit." stand for "opus citatum" or "opere citato"?

A sentient carnivorous species trying to preserve life. How could they find a new food source?

Why are engines with carburetors hard to start in cold weather?

Why did a young George Washington sign a document admitting to assassinating a French military officer?

Can massive damage kill you while at 0 HP?

Canceling a color specification

D&D Monsters and Copyright

"Es gefällt ihm." How to identify similar exceptions?

Why is matter-antimatter asymmetry surprising, if asymmetry can be generated by a random walk in which particles go into black holes?

Why is there no logical not operator (!!) in C-style languages?

Transiting through Switzerland by coach with lots of cash

How do lasers measure short distances (<1cm) when electronics are too slow for time-of-flight to work?

What do you call the fallacy of thinking that some action A will guarantee some outcome B, when in reality B depends on multiple other conditions?

How to make a gift without seeming creepy?

Meaning/translation of title "The Light Fantastic" By Terry Pratchett



Duplicate domain name in DNS query


Verbose DNS query to see DNS query order?Why is my computer trying to send ICMP type 3 to OpenDNS?DNS reverse queryReverse dns using dns server of domainIs this my hostname and DNS domain name?To get domain name from ip in Reverse DNS DigDNS query response logging






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{
margin-bottom:0;
}








0















I found out strange duplicate domain name in the DNS queries during tcpdump capturing on my RedHat server. It did not do any impact on my DNS names resolving.



But it's not clear why my server sends such request in DNS query ==> my.domainspec.com.domainspec.com.domainspec.com. In general it should be
just my.domainspec.com



info from tcpdump:



12:17:28.431208 IP (tos 0x0, ttl 64, id 57779, offset 0, flags [DF], proto UDP (17), length 97)
my.domainspec.com.33953 > ns1.entry.com.domain: [bad udp cksum 0xcb8a -> 0x6e04!] 63367+ A? my.domainspec.com.domainspec.com.domainspec.com. (69)`
`12:17:28.431718 IP (tos 0x0, ttl 64, id 61601, offset 0, flags [none], proto UDP (17), length 148)
ns1.entry.com.domain > my.domainspec.com.33953: [udp sum ok] 63367 NXDomain* q: A? my.domainspec.com.domainspec.com.domainspec.com. 0/1/0 ns: domainspec.com. SOA ns1.entry.com. postmaster.domainspec.com. 2018012732 600 300 2592000 900 (120)


info from nsswitch.conf:



 grep "hosts" /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname


info from /etc/hosts:



193.48.203.195  my.domainspec.com


info from /etc/resolv.conf:



 # Generated by NetworkManager
search domainspec.com
nameserver 8.8.8.8


Please note. I've used fake domain names and IPs for the example.



Could someone explain what the reason for the duplicate domain name in DNS query is? Any help is really appreciated.










share|improve this question



























  • Good that you tell us it is fake, because the tcpdump and resolv.conf, and even nameserverdo not match.

    – Rui F Ribeiro
    Feb 7 '18 at 15:36













  • Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use example.com, or .example TLD next time.

    – Patrick Mevzek
    Feb 7 '18 at 15:47


















0















I found out strange duplicate domain name in the DNS queries during tcpdump capturing on my RedHat server. It did not do any impact on my DNS names resolving.



But it's not clear why my server sends such request in DNS query ==> my.domainspec.com.domainspec.com.domainspec.com. In general it should be
just my.domainspec.com



info from tcpdump:



12:17:28.431208 IP (tos 0x0, ttl 64, id 57779, offset 0, flags [DF], proto UDP (17), length 97)
my.domainspec.com.33953 > ns1.entry.com.domain: [bad udp cksum 0xcb8a -> 0x6e04!] 63367+ A? my.domainspec.com.domainspec.com.domainspec.com. (69)`
`12:17:28.431718 IP (tos 0x0, ttl 64, id 61601, offset 0, flags [none], proto UDP (17), length 148)
ns1.entry.com.domain > my.domainspec.com.33953: [udp sum ok] 63367 NXDomain* q: A? my.domainspec.com.domainspec.com.domainspec.com. 0/1/0 ns: domainspec.com. SOA ns1.entry.com. postmaster.domainspec.com. 2018012732 600 300 2592000 900 (120)


info from nsswitch.conf:



 grep "hosts" /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname


info from /etc/hosts:



193.48.203.195  my.domainspec.com


info from /etc/resolv.conf:



 # Generated by NetworkManager
search domainspec.com
nameserver 8.8.8.8


Please note. I've used fake domain names and IPs for the example.



Could someone explain what the reason for the duplicate domain name in DNS query is? Any help is really appreciated.










share|improve this question



























  • Good that you tell us it is fake, because the tcpdump and resolv.conf, and even nameserverdo not match.

    – Rui F Ribeiro
    Feb 7 '18 at 15:36













  • Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use example.com, or .example TLD next time.

    – Patrick Mevzek
    Feb 7 '18 at 15:47














0












0








0








I found out strange duplicate domain name in the DNS queries during tcpdump capturing on my RedHat server. It did not do any impact on my DNS names resolving.



But it's not clear why my server sends such request in DNS query ==> my.domainspec.com.domainspec.com.domainspec.com. In general it should be
just my.domainspec.com



info from tcpdump:



12:17:28.431208 IP (tos 0x0, ttl 64, id 57779, offset 0, flags [DF], proto UDP (17), length 97)
my.domainspec.com.33953 > ns1.entry.com.domain: [bad udp cksum 0xcb8a -> 0x6e04!] 63367+ A? my.domainspec.com.domainspec.com.domainspec.com. (69)`
`12:17:28.431718 IP (tos 0x0, ttl 64, id 61601, offset 0, flags [none], proto UDP (17), length 148)
ns1.entry.com.domain > my.domainspec.com.33953: [udp sum ok] 63367 NXDomain* q: A? my.domainspec.com.domainspec.com.domainspec.com. 0/1/0 ns: domainspec.com. SOA ns1.entry.com. postmaster.domainspec.com. 2018012732 600 300 2592000 900 (120)


info from nsswitch.conf:



 grep "hosts" /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname


info from /etc/hosts:



193.48.203.195  my.domainspec.com


info from /etc/resolv.conf:



 # Generated by NetworkManager
search domainspec.com
nameserver 8.8.8.8


Please note. I've used fake domain names and IPs for the example.



Could someone explain what the reason for the duplicate domain name in DNS query is? Any help is really appreciated.










share|improve this question
















I found out strange duplicate domain name in the DNS queries during tcpdump capturing on my RedHat server. It did not do any impact on my DNS names resolving.



But it's not clear why my server sends such request in DNS query ==> my.domainspec.com.domainspec.com.domainspec.com. In general it should be
just my.domainspec.com



info from tcpdump:



12:17:28.431208 IP (tos 0x0, ttl 64, id 57779, offset 0, flags [DF], proto UDP (17), length 97)
my.domainspec.com.33953 > ns1.entry.com.domain: [bad udp cksum 0xcb8a -> 0x6e04!] 63367+ A? my.domainspec.com.domainspec.com.domainspec.com. (69)`
`12:17:28.431718 IP (tos 0x0, ttl 64, id 61601, offset 0, flags [none], proto UDP (17), length 148)
ns1.entry.com.domain > my.domainspec.com.33953: [udp sum ok] 63367 NXDomain* q: A? my.domainspec.com.domainspec.com.domainspec.com. 0/1/0 ns: domainspec.com. SOA ns1.entry.com. postmaster.domainspec.com. 2018012732 600 300 2592000 900 (120)


info from nsswitch.conf:



 grep "hosts" /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname


info from /etc/hosts:



193.48.203.195  my.domainspec.com


info from /etc/resolv.conf:



 # Generated by NetworkManager
search domainspec.com
nameserver 8.8.8.8


Please note. I've used fake domain names and IPs for the example.



Could someone explain what the reason for the duplicate domain name in DNS query is? Any help is really appreciated.







rhel dns






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 51 mins ago









muru

45k5 gold badges111 silver badges185 bronze badges




45k5 gold badges111 silver badges185 bronze badges










asked Feb 7 '18 at 15:17









fuserfuser

3561 gold badge12 silver badges21 bronze badges




3561 gold badge12 silver badges21 bronze badges
















  • Good that you tell us it is fake, because the tcpdump and resolv.conf, and even nameserverdo not match.

    – Rui F Ribeiro
    Feb 7 '18 at 15:36













  • Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use example.com, or .example TLD next time.

    – Patrick Mevzek
    Feb 7 '18 at 15:47



















  • Good that you tell us it is fake, because the tcpdump and resolv.conf, and even nameserverdo not match.

    – Rui F Ribeiro
    Feb 7 '18 at 15:36













  • Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use example.com, or .example TLD next time.

    – Patrick Mevzek
    Feb 7 '18 at 15:47

















Good that you tell us it is fake, because the tcpdump and resolv.conf, and even nameserverdo not match.

– Rui F Ribeiro
Feb 7 '18 at 15:36







Good that you tell us it is fake, because the tcpdump and resolv.conf, and even nameserverdo not match.

– Rui F Ribeiro
Feb 7 '18 at 15:36















Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use example.com, or .example TLD next time.

– Patrick Mevzek
Feb 7 '18 at 15:47





Provide the true names involved without useless obfuscation, even more when it is confusing and not using the appropriate values (as detailed in RFC2606, use example.com, or .example TLD next time.

– Patrick Mevzek
Feb 7 '18 at 15:47










1 Answer
1






active

oldest

votes


















1
















You are describing pretty much normal, known and documented behaviour.



What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).



The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.



The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".



As in:



search domainspec.com. domain.com. example.com.


In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:



ping www.example.com.


or



ping www.cnn.com.


From man resolv.conf(5)




search Search list for host-name lookup.



          The search list is normally determined from the local domain
name; by default, it contains only the local domain name.
This may be changed by listing the desired domain search path
following the search keyword with spaces or tabs separating
the names. Resolver queries having fewer than ndots dots
(default is 1) in them will be attempted using each component
of the search path in turn until a match is found. For
environments with multiple subdomains please read options
ndots:n below to avoid man-in-the-middle attacks and
unnecessary traffic for the root-dns-servers. Note that this
process may be slow and will generate a lot of network traffic
if the servers for the listed domains are not local, and that
queries will time out if no server is available for one of the
domains.

The search list is currently limited to six domains with a
total of 256 characters.






share|improve this answer





























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });















    draft saved

    draft discarded
















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f422559%2fduplicate-domain-name-in-dns-query%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1
















    You are describing pretty much normal, known and documented behaviour.



    What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).



    The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.



    The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".



    As in:



    search domainspec.com. domain.com. example.com.


    In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:



    ping www.example.com.


    or



    ping www.cnn.com.


    From man resolv.conf(5)




    search Search list for host-name lookup.



              The search list is normally determined from the local domain
    name; by default, it contains only the local domain name.
    This may be changed by listing the desired domain search path
    following the search keyword with spaces or tabs separating
    the names. Resolver queries having fewer than ndots dots
    (default is 1) in them will be attempted using each component
    of the search path in turn until a match is found. For
    environments with multiple subdomains please read options
    ndots:n below to avoid man-in-the-middle attacks and
    unnecessary traffic for the root-dns-servers. Note that this
    process may be slow and will generate a lot of network traffic
    if the servers for the listed domains are not local, and that
    queries will time out if no server is available for one of the
    domains.

    The search list is currently limited to six domains with a
    total of 256 characters.






    share|improve this answer
































      1
















      You are describing pretty much normal, known and documented behaviour.



      What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).



      The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.



      The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".



      As in:



      search domainspec.com. domain.com. example.com.


      In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:



      ping www.example.com.


      or



      ping www.cnn.com.


      From man resolv.conf(5)




      search Search list for host-name lookup.



                The search list is normally determined from the local domain
      name; by default, it contains only the local domain name.
      This may be changed by listing the desired domain search path
      following the search keyword with spaces or tabs separating
      the names. Resolver queries having fewer than ndots dots
      (default is 1) in them will be attempted using each component
      of the search path in turn until a match is found. For
      environments with multiple subdomains please read options
      ndots:n below to avoid man-in-the-middle attacks and
      unnecessary traffic for the root-dns-servers. Note that this
      process may be slow and will generate a lot of network traffic
      if the servers for the listed domains are not local, and that
      queries will time out if no server is available for one of the
      domains.

      The search list is currently limited to six domains with a
      total of 256 characters.






      share|improve this answer






























        1














        1










        1









        You are describing pretty much normal, known and documented behaviour.



        What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).



        The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.



        The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".



        As in:



        search domainspec.com. domain.com. example.com.


        In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:



        ping www.example.com.


        or



        ping www.cnn.com.


        From man resolv.conf(5)




        search Search list for host-name lookup.



                  The search list is normally determined from the local domain
        name; by default, it contains only the local domain name.
        This may be changed by listing the desired domain search path
        following the search keyword with spaces or tabs separating
        the names. Resolver queries having fewer than ndots dots
        (default is 1) in them will be attempted using each component
        of the search path in turn until a match is found. For
        environments with multiple subdomains please read options
        ndots:n below to avoid man-in-the-middle attacks and
        unnecessary traffic for the root-dns-servers. Note that this
        process may be slow and will generate a lot of network traffic
        if the servers for the listed domains are not local, and that
        queries will time out if no server is available for one of the
        domains.

        The search list is currently limited to six domains with a
        total of 256 characters.






        share|improve this answer















        You are describing pretty much normal, known and documented behaviour.



        What it happens is when the resolver is not able to resolve a DNS name, it will try to resolve it appending all the domains in your search directive to the original query on turns (if it does not got a match in middle-process).



        The process is a bit convoluted in itself, and several search domains can be combined due to the recursive nature of the process.



        The way to somewhat minimize/avoid the domain expansion, when resolving DNS names, is in the search directive (or wherever you configure your search domains), or even at applicational level, terminating the DNS/domain names with a ".".



        As in:



        search domainspec.com. domain.com. example.com.


        In addition, as an example, when doing a ping, domain search expansion can also be avoided in a case-by-case basis:



        ping www.example.com.


        or



        ping www.cnn.com.


        From man resolv.conf(5)




        search Search list for host-name lookup.



                  The search list is normally determined from the local domain
        name; by default, it contains only the local domain name.
        This may be changed by listing the desired domain search path
        following the search keyword with spaces or tabs separating
        the names. Resolver queries having fewer than ndots dots
        (default is 1) in them will be attempted using each component
        of the search path in turn until a match is found. For
        environments with multiple subdomains please read options
        ndots:n below to avoid man-in-the-middle attacks and
        unnecessary traffic for the root-dns-servers. Note that this
        process may be slow and will generate a lot of network traffic
        if the servers for the listed domains are not local, and that
        queries will time out if no server is available for one of the
        domains.

        The search list is currently limited to six domains with a
        total of 256 characters.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 56 mins ago

























        answered Feb 7 '18 at 15:38









        Rui F RibeiroRui F Ribeiro

        41.7k16 gold badges97 silver badges158 bronze badges




        41.7k16 gold badges97 silver badges158 bronze badges


































            draft saved

            draft discarded



















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f422559%2fduplicate-domain-name-in-dns-query%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Taj Mahal Inhaltsverzeichnis Aufbau | Geschichte | 350-Jahr-Feier | Heutige Bedeutung | Siehe auch |...

            Baia Sprie Cuprins Etimologie | Istorie | Demografie | Politică și administrație | Arii naturale...

            Nicolae Petrescu-Găină Cuprins Biografie | Opera | In memoriam | Varia | Controverse, incertitudini...