Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Disable DHCP search domain

    DHCP and DNS
    5
    10
    3122
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcfedr last edited by

      I cannot work out how I can stop the dhcp server from sending a search domain?

      I have no need for a search domain, and actually its quite a annoying, causing chrome to suggest that i am trying to connect to local servers all the time.

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Well that would be on your client..  Yes it can be handed out via dhcp..  But your client is the one that does it, and even if your dhcp doesn't send domain.  Client would/could still send out any suffix that has been set on it, domain its in for example.

        So for example my pfsense domain is local.lan - so it would send that out for the domain.  But since blank it doesn't send out any extra search domains.  But your client would/could still append local.lan to the queries.

        so you could add just . for the append suffix vs parent, etc.

        Could you show your client setting - I assume its windows and what is this extra suffix your seeing.




        1 Reply Last reply Reply Quote 0
        • P
          phil.davis last edited by

          Yes, an ordinary (e.g. Windows) client on my network gets the domain name via DHCP from my pfSense domain name. I can change that in the DHCP Server web GUI, but I can't stop it from happening at all.
          I can't see how to achieve that with the current web GUI. I have a feeling this has been discussed before. In theory it should be easy to provide an option on the web GUI to not hand out any domain name.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            So you don't want local.lan handed to the dhcp client in my example at all..  They just did so you could not hand out gateway, I would think this would be sim.. can you put none in there?  That is what you do if you don't want gateway handed out.

            edit:
            well that just hands out none ;)

            . doesn't work either.  Yeah sure that could be modified with like a checkbox or something to not hand out domain.  But to be honest must be a small portion of setups that would not want a domain at all handed out.

            1 Reply Last reply Reply Quote 0
            • C
              cmb last edited by

              The search domain will be empty by default (and Windows ignores that setting entirely), the default domain ("Domain name" field in DHCP Server) is what would be relevant there.

              @mcfedr:

              I have no need for a search domain, and actually its quite a annoying, causing chrome to suggest that i am trying to connect to local servers all the time.

              Under what circumstances?

              You essentially always want a default domain, that's how your local name resolution will work. Even if you don't care about local name resolution, having it isn't a problem. If you try to browse to something that isn't resolvable, it will append the default domain and try again, but that's the nature of DNS and virtually every machine has a default domain and behaves that way.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                ^ agreed.. Could you show us example of what you think your browser is doing that is causing you problem..  The only time suffix should be appended is if you could not resolve what you asked for..  browsers never normally do that.

                But I just fired up chrome and notice this nonsense?  Is this the sort of thing your seeing?

                looks like chrome does it on purpose
                https://isc.sans.edu/diary/Google+Chrome+and+%28weird%29+DNS+requests/10312

                edit:  So there is a lot wrong with this sort of behavior if you ask me..  Found a way to disable it

                Launch chrome with this.
                –disable-background-networking


                1 Reply Last reply Reply Quote 0
                • M
                  mcfedr last edited by

                  I dont think it is that normal to always have a default domain, if I use any run of the mill home router, there isn't a domain

                  At the moment chrome seems to be handling it better, but still on a more subtle level it happens

                  If i do ssh <name>for a name that doesnt exist, it will try and ssh to my pfsense box - this is because *.mydomain.com resolves to my pfsense box, and when i do 'ssh <name>' <name>gets changed to name.mydomain.com</name></name></name>

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb last edited by

                    @mcfedr:

                    I dont think it is that normal to always have a default domain, if I use any run of the mill home router, there isn't a domain

                    It's absolutely normal to always have a default domain name. If you want name resolution without specifying a FQDN to function properly, it's a requirement.

                    Some home routers may default to no domain, but they also commonly don't register your hostnames in a way they can be resolved so they're not helping your name resolution anyway. In that case for Windows hosts you probably end up falling back to broadcast name resolution, which adds significant delays and probably occasional unreliability to local name resolution.

                    @mcfedr:

                    If i do ssh <name>for a name that doesnt exist, it will try and ssh to my pfsense box - this is because *.mydomain.com resolves to my pfsense box, and when i do 'ssh <name>' <name>gets changed to name.mydomain.com</name></name></name>

                    Which is precisely how DNS works. You never do an actual lookup for "name", it's "name" + default domain.

                    1 Reply Last reply Reply Quote 0
                    • M
                      mcfedr last edited by

                      The trouble is that at the moment a look up for a no existent name gives the result of the pfsense box.

                      Really i don't want a look up for <name>to work, i would rather type out the full <name>.domain.com when i want that</name></name>

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned last edited by

                        @mcfedr:

                        The trouble is that at the moment a look up for a no existent name gives the result of the pfsense box.

                        Your DNS is misconfigured. Has nothing to do with "search domain".

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        Products

                        • Platform Overview
                        • TNSR
                        • pfSense Plus
                        • Appliances

                        Services

                        • Training
                        • Professional Services

                        Support

                        • Subscription Plans
                        • Contact Support
                        • Product Lifecycle
                        • Documentation

                        News

                        • Media Coverage
                        • Press
                        • Events

                        Resources

                        • Blog
                        • FAQ
                        • Find a Partner
                        • Resource Library
                        • Security Information

                        Company

                        • About Us
                        • Careers
                        • Partners
                        • Contact Us
                        • Legal
                        Our Mission

                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                        Subscribe to our Newsletter

                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                        © 2021 Rubicon Communications, LLC | Privacy Policy