• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Disable DHCP search domain

Scheduled Pinned Locked Moved DHCP and DNS
10 Posts 5 Posters 4.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mcfedr
    last edited by Jan 30, 2015, 1:19 PM

    I cannot work out how I can stop the dhcp server from sending a search domain?

    I have no need for a search domain, and actually its quite a annoying, causing chrome to suggest that i am trying to connect to local servers all the time.

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Jan 30, 2015, 4:30 PM

      Well that would be on your client..  Yes it can be handed out via dhcp..  But your client is the one that does it, and even if your dhcp doesn't send domain.  Client would/could still send out any suffix that has been set on it, domain its in for example.

      So for example my pfsense domain is local.lan - so it would send that out for the domain.  But since blank it doesn't send out any extra search domains.  But your client would/could still append local.lan to the queries.

      so you could add just . for the append suffix vs parent, etc.

      Could you show your client setting - I assume its windows and what is this extra suffix your seeing.

      domainname.png
      domainname.png_thumb
      suffix.png
      suffix.png_thumb

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by Jan 30, 2015, 5:47 PM

        Yes, an ordinary (e.g. Windows) client on my network gets the domain name via DHCP from my pfSense domain name. I can change that in the DHCP Server web GUI, but I can't stop it from happening at all.
        I can't see how to achieve that with the current web GUI. I have a feeling this has been discussed before. In theory it should be easy to provide an option on the web GUI to not hand out any domain name.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Jan 30, 2015, 6:22 PM Jan 30, 2015, 6:18 PM

          So you don't want local.lan handed to the dhcp client in my example at all..  They just did so you could not hand out gateway, I would think this would be sim.. can you put none in there?  That is what you do if you don't want gateway handed out.

          edit:
          well that just hands out none ;)

          . doesn't work either.  Yeah sure that could be modified with like a checkbox or something to not hand out domain.  But to be honest must be a small portion of setups that would not want a domain at all handed out.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by Jan 30, 2015, 7:57 PM

            The search domain will be empty by default (and Windows ignores that setting entirely), the default domain ("Domain name" field in DHCP Server) is what would be relevant there.

            @mcfedr:

            I have no need for a search domain, and actually its quite a annoying, causing chrome to suggest that i am trying to connect to local servers all the time.

            Under what circumstances?

            You essentially always want a default domain, that's how your local name resolution will work. Even if you don't care about local name resolution, having it isn't a problem. If you try to browse to something that isn't resolvable, it will append the default domain and try again, but that's the nature of DNS and virtually every machine has a default domain and behaves that way.

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Jan 30, 2015, 9:29 PM Jan 30, 2015, 9:09 PM

              ^ agreed.. Could you show us example of what you think your browser is doing that is causing you problem..  The only time suffix should be appended is if you could not resolve what you asked for..  browsers never normally do that.

              But I just fired up chrome and notice this nonsense?  Is this the sort of thing your seeing?

              looks like chrome does it on purpose
              https://isc.sans.edu/diary/Google+Chrome+and+%28weird%29+DNS+requests/10312

              edit:  So there is a lot wrong with this sort of behavior if you ask me..  Found a way to disable it

              Launch chrome with this.
              –disable-background-networking

              chrome.png
              chrome.png_thumb

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • M
                mcfedr
                last edited by Oct 2, 2015, 3:15 PM

                I dont think it is that normal to always have a default domain, if I use any run of the mill home router, there isn't a domain

                At the moment chrome seems to be handling it better, but still on a more subtle level it happens

                If i do ssh <name>for a name that doesnt exist, it will try and ssh to my pfsense box - this is because *.mydomain.com resolves to my pfsense box, and when i do 'ssh <name>' <name>gets changed to name.mydomain.com</name></name></name>

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by Oct 3, 2015, 12:45 AM

                  @mcfedr:

                  I dont think it is that normal to always have a default domain, if I use any run of the mill home router, there isn't a domain

                  It's absolutely normal to always have a default domain name. If you want name resolution without specifying a FQDN to function properly, it's a requirement.

                  Some home routers may default to no domain, but they also commonly don't register your hostnames in a way they can be resolved so they're not helping your name resolution anyway. In that case for Windows hosts you probably end up falling back to broadcast name resolution, which adds significant delays and probably occasional unreliability to local name resolution.

                  @mcfedr:

                  If i do ssh <name>for a name that doesnt exist, it will try and ssh to my pfsense box - this is because *.mydomain.com resolves to my pfsense box, and when i do 'ssh <name>' <name>gets changed to name.mydomain.com</name></name></name>

                  Which is precisely how DNS works. You never do an actual lookup for "name", it's "name" + default domain.

                  1 Reply Last reply Reply Quote 0
                  • M
                    mcfedr
                    last edited by Oct 5, 2015, 1:24 PM

                    The trouble is that at the moment a look up for a no existent name gives the result of the pfsense box.

                    Really i don't want a look up for <name>to work, i would rather type out the full <name>.domain.com when i want that</name></name>

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned
                      last edited by Oct 5, 2015, 1:27 PM

                      @mcfedr:

                      The trouble is that at the moment a look up for a no existent name gives the result of the pfsense box.

                      Your DNS is misconfigured. Has nothing to do with "search domain".

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received