Disable DHCP search domain

mcfedr

I cannot work out how I can stop the dhcp server from sending a search domain?

I have no need for a search domain, and actually its quite a annoying, causing chrome to suggest that i am trying to connect to local servers all the time.

johnpoz

Well that would be on your client..  Yes it can be handed out via dhcp..  But your client is the one that does it, and even if your dhcp doesn't send domain.  Client would/could still send out any suffix that has been set on it, domain its in for example.

So for example my pfsense domain is local.lan - so it would send that out for the domain.  But since blank it doesn't send out any extra search domains.  But your client would/could still append local.lan to the queries.

so you could add just . for the append suffix vs parent, etc.

Could you show your client setting - I assume its windows and what is this extra suffix your seeing.

phil.davis

Yes, an ordinary (e.g. Windows) client on my network gets the domain name via DHCP from my pfSense domain name. I can change that in the DHCP Server web GUI, but I can't stop it from happening at all.
I can't see how to achieve that with the current web GUI. I have a feeling this has been discussed before. In theory it should be easy to provide an option on the web GUI to not hand out any domain name.

johnpoz

So you don't want local.lan handed to the dhcp client in my example at all..  They just did so you could not hand out gateway, I would think this would be sim.. can you put none in there?  That is what you do if you don't want gateway handed out.

edit:
well that just hands out none ;)

. doesn't work either.  Yeah sure that could be modified with like a checkbox or something to not hand out domain.  But to be honest must be a small portion of setups that would not want a domain at all handed out.

cmb

The search domain will be empty by default (and Windows ignores that setting entirely), the default domain ("Domain name" field in DHCP Server) is what would be relevant there.

@mcfedr:

I have no need for a search domain, and actually its quite a annoying, causing chrome to suggest that i am trying to connect to local servers all the time.

Under what circumstances?

You essentially always want a default domain, that's how your local name resolution will work. Even if you don't care about local name resolution, having it isn't a problem. If you try to browse to something that isn't resolvable, it will append the default domain and try again, but that's the nature of DNS and virtually every machine has a default domain and behaves that way.

johnpoz

^ agreed.. Could you show us example of what you think your browser is doing that is causing you problem..  The only time suffix should be appended is if you could not resolve what you asked for..  browsers never normally do that.

But I just fired up chrome and notice this nonsense?  Is this the sort of thing your seeing?

looks like chrome does it on purpose
https://isc.sans.edu/diary/Google+Chrome+and+%28weird%29+DNS+requests/10312

edit:  So there is a lot wrong with this sort of behavior if you ask me..  Found a way to disable it

Launch chrome with this.
–disable-background-networking

mcfedr

I dont think it is that normal to always have a default domain, if I use any run of the mill home router, there isn't a domain

At the moment chrome seems to be handling it better, but still on a more subtle level it happens

If i do ssh <name>for a name that doesnt exist, it will try and ssh to my pfsense box - this is because *.mydomain.com resolves to my pfsense box, and when i do 'ssh <name>' <name>gets changed to name.mydomain.com</name></name></name>

cmb

@mcfedr:

I dont think it is that normal to always have a default domain, if I use any run of the mill home router, there isn't a domain

It's absolutely normal to always have a default domain name. If you want name resolution without specifying a FQDN to function properly, it's a requirement.

Some home routers may default to no domain, but they also commonly don't register your hostnames in a way they can be resolved so they're not helping your name resolution anyway. In that case for Windows hosts you probably end up falling back to broadcast name resolution, which adds significant delays and probably occasional unreliability to local name resolution.

@mcfedr:

If i do ssh <name>for a name that doesnt exist, it will try and ssh to my pfsense box - this is because *.mydomain.com resolves to my pfsense box, and when i do 'ssh <name>' <name>gets changed to name.mydomain.com</name></name></name>

Which is precisely how DNS works. You never do an actual lookup for "name", it's "name" + default domain.

mcfedr

The trouble is that at the moment a look up for a no existent name gives the result of the pfsense box.

Really i don't want a look up for <name>to work, i would rather type out the full <name>.domain.com when i want that</name></name>

doktornotor

@mcfedr:

The trouble is that at the moment a look up for a no existent name gives the result of the pfsense box.

Your DNS is misconfigured. Has nothing to do with "search domain".