resolv.conf doesn't contain search domain

NLnetLabs / dnssec-trigger

Dnssec trigger enables the end-host to use DNSSEC protection for the DNS traffic.

https://nlnetlabs.nl/projects/dnssec-trigger/

BSD 3-Clause "New" or "Revised" License

26 stars 9 forks source link

resolv.conf doesn't contain search domain #6

Open ghost opened 4 years ago

ghost commented 4 years ago

OS: Debian sid using NetworkManager with dns=unbound

resolv.conf contains:

# Generated by dnssec-trigger-script
nameserver 127.0.0.1

when it should contain

# Generated by dnssec-trigger-script
nameserver 127.0.0.1
search local.test

ghost commented 4 years ago

This is probably a bug in the dnssec-trigger dispatcher script.

pemensik commented 4 years ago

This is in fact intentional. We think remote configuration can use search domain to track your activities on internet. It does redirect search domains to specified name servers, but leaves search empty.

set_search_domains=yes in /etc/dnssec.conf would return expected behaviour back, at the cost of potential leaks of queries.

reqa commented 2 years ago

When set_search_domains=yes is set in /etc/dnssec.conf and a specific search domain is configured via /etc/dnssec-trigger/dnssec-trigger.conf, that search domain is ignored and instead other domain names, probably from DHCP are written to /etc/resolv.conf.

Unless.. you run dnssec-trigger-control-setup again and systemctl restart dnssec-triggerd, and then set_search_domains=yes doesn't seem to be required either.

Until.. you systemctl restart unbound, then the search option is gone again from /etc/resolv.conf.

(Ubuntu 20.04.4 LTS)