resolv.conf question

I have a home network set up and am in the process of successfully using
a Linux box as a gateway to the wider world. And I have some questions,
starting with these:

I've seen examples of resolv.conf files with domain and search in them,
examples with trailing '.' and without, and examples (and instructions)
to use only search, or only domain. Should I declare my home 'domain'
and search the ISPs, or search both? If searching both, is correct
syntax to use a trailing '.' on the first entry and not on the last? Is
there a limit on the number of nameservers I can list, and should I list
127.0.0.1?

Thanks,
Geoff.

On Tue, 24 Feb 2004 11:26:16 -0500, Geoff Wheeler wrote:

> I have a home network set up and am in the process of successfully using a
> Linux box as a gateway to the wider world. And I have some questions,
> starting with these:
>
> I've seen examples of resolv.conf files with domain and search in them,
> examples with trailing '.' and without, and examples (and instructions) to
> use only search, or only domain. Should I declare my home 'domain' and
> search the ISPs, or search both? If searching both, is correct syntax to
> use a trailing '.' on the first entry and not on the last? Is there a
> limit on the number of nameservers I can list, and should I list
> 127.0.0.1?

You will see a lot of incorrect resolv.confs which still work The
resolver is very tolerant.

You should use either domain or search, not both. As the main difference
is that domain can only take one value while search can take many, IMO
search is always preferable. None of the values requires a trailing ".".

Put whatever domains you want the resolver to attempt to add to
unqualified names on the search directive. If you want to resolve names in
your ISP's domain without qualifying them then put them in. I've never
seen the point myself.

You can list up to 3 nameservers. They are used sequentially; the second
is only queried if the first fails to respond at all. It is *not* queried
if the first responds with a "does not exist" (NXDOMAIN). This differs
from the non standard compliant behaviour of the Windows resolver in case
you're used to that.

If you have a local nameserver and it resolves correctly on the Internet
then put 127.0.0.1 (or 0.0.0.0) first. Note that it is expected that all
the nameservers you list return the same answers to all queries (except
for transient effects caused by caching). If they don't strange things may
happen. So if you have a local nameserver which hosts your own private
domain(s), don't list your ISP's nameservers at all, as they won't resolve
them. Instead either configure your local server to forward to the ISP
nameservers or set it up as an independent server with a root cache hints
file, whichever is faster (this mainly depends on how fast your ISP's
servers are; they have a better cache than yours but may be slow). If a
nameserver has a local version of a domain it will refrain from forwarding
queries for it to its forwarders, even if you use "forward only", which
IMO is not intuitive.

You can also do a hybrid of the two with "forward first". This will try
the ISP servers and if they don't answer in a timely fashion do it itself.

Personally I use my own nameservers exclusively and don't touch my ISP's
at all. But this is because their servers are pants (or, in the US, they
suck).

Regards, Ian