Linux – In /etc/resolv.conf, what exactly does the “search” configuration option do


If I have the option set as the domain name of the server itself, does that mean the server itself is used first to lookup domain names before querying the external internet? i.e. /etc/hosts will be queried?

For example:


Best Answer

From man resolv.conf

The search list is normally determined from the local domain name; by default, it contains only the local domain name. This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found. For environments with multiple subdomains please read options ndots:n below to avoid man-in-the-middle attacks and unnecessary traffic for the root-dns-servers. Note that this process may be slow and will generate a lot of network traffic if the servers for the listed domains are not local, and that queries will time out if no server is available for one of the domains.

The search list is currently limited to six domains with a total of 256 characters.

To summarize the above, assuming no change from the defaults mentioned above, if something gets to the resolver that has no dots in it, the resolver will try adding to it.

So lets say you just type http://somesite/somedocument.html in your browser. The resolver will catch that and first try to resolve - equivalent if you actually typed - before trying what you actually requested.

This is helpful if you are part of a LAN environment that has its own DNS server so that people can type simple names to reach local resources. If you don't have a home or corporate LAN with your own DNS server it's nothing you really have to worry about.