working smarter and harder?
I wanted to be able to go to gemini.thebackupbox.net on my desktop, and have the hostname resolve to the internal IP of the computer hosting it, while still returning the WAN IP address to the rest of the internet.
I also didn't want to do split-horizon DNS, and while NAT hairpinning could almost the same effect, it would cause the source IP to be wrong.
I've been duplicating a bunch of records between /etc/hosts and unbound config and that gets annoying. While re-reading an old blog post
I ran with the idea again of having the search domain contain subdomains that are normally FQDNs so that I could enter "gemini.thebackupbox.net" and my computers would first ask for "gemini.thebackupbox.net.[search.domain]" and use that if it exists, while the client programs would still be considering the hostname to be just gemini.thebackupbox.net, which makes all of the SSL verification happy.
I originally just set the search domain to be thebackupbox.net and added an A record for gemini.thebackupbox.net.thebackupbox.net.
but then noticed that when I wanted to use a hostname with nothing added, it'd try the WAN-record, which isn't what I'd want. I still want to be able to `ssh batou` and get to the LAN IP of host batou. So I added ANOTHER part to the search domain and extra A records so now I'm using a search domain of lan.thebackupbox.net and A records like batou.thebackupbox.net.lan.thebackupbox.net. Then I tried it.
And it didn't work.
Trying to resolve just batou would return the LAN IP, but trying to resolve batou.thebackupbox.net would return the WAN IP. I figured there was /something/ in the code that did the search domain stuff that was counting '.'s to avoid having to search when it expects the user meant a FQDN but didn't type the trailing '.'. After a while of looking through gnu code, pointed in the right direction by
I eventually found the place that starts trying to append the search domain
and found the "ndots" thing which sounded like the '.' limit I imagined existed. Searched for "ndots linux resolve dns" and found some reddit thread about it.
set options ndots:4 in my computers' /etc/resolv.conf and now it works.
Now, preferably I'd be able to set this search domain and ndots from DHCP somehow so that anything that gets an IP on this part of the network just works, but I haven't tested those yet.