diff --git a/CHANGES b/CHANGES
index 45d1751f76..469f8e4ef4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,10 @@
3646. [bug] Journal filename string could be set incorrectly,
causing garbage in log messages. [RT #34738]
+3640. [bug] ndots was not being checked when searching. Only
+ continue searching on NXDOMAIN responses. Add the
+ ability to specify ndots to nslookup. [RT #34711]
+
3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
in a key zone. [RT #34238]
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 4b9158b8d8..cb90361444 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -1881,6 +1881,9 @@ static isc_boolean_t
next_origin(dig_query_t *query) {
dig_lookup_t *lookup;
dig_searchlist_t *search;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_result_t result;
INSIST(!free_now);
@@ -1893,6 +1896,19 @@ next_origin(dig_query_t *query) {
* about finding the next entry.
*/
return (ISC_FALSE);
+
+ /*
+ * Check for a absolute name or ndots being met.
+ */
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ result = dns_name_fromstring2(name, query->lookup->textname, NULL,
+ 0, NULL);
+ if (result == ISC_R_SUCCESS &&
+ (dns_name_isabsolute(name) ||
+ (int)dns_name_countlabels(name) > ndots))
+ return (ISC_FALSE);
+
if (query->lookup->origin == NULL && !query->lookup->need_search)
/*
* Then we just did rootorg; there's nothing left.
@@ -3398,7 +3414,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
if (!l->doing_xfr || l->xfr_q == query) {
- if (msg->rcode != dns_rcode_noerror &&
+ if (msg->rcode == dns_rcode_nxdomain &&
(l->origin != NULL || l->need_search)) {
if (!next_origin(query) || showsearch) {
printmessage(query, msg, ISC_TRUE);
diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
index 3f5b82fd29..ab8066656c 100644
--- a/bin/dig/nslookup.c
+++ b/bin/dig/nslookup.c
@@ -442,8 +442,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
dns_name_format(query->lookup->name,
nametext, sizeof(nametext));
printf("** server can't find %s: %s\n",
- (msg->rcode != dns_rcode_nxdomain) ? nametext :
- query->lookup->textname, rcode_totext(msg->rcode));
+ nametext, rcode_totext(msg->rcode));
debug("returning with rcode == 0");
/* the lookup failed */
@@ -502,8 +501,8 @@ show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
printf(" %s\t\t%s\n",
usesearch ? "search" : "nosearch",
recurse ? "recurse" : "norecurse");
- printf(" timeout = %d\t\tretry = %d\tport = %d\n",
- timeout, tries, port);
+ printf(" timeout = %d\t\tretry = %d\tport = %d\tndots = %d\n",
+ timeout, tries, port, ndots);
printf(" querytype = %-8s\tclass = %s\n", deftype, defclass);
printf(" srchlist = ");
for (listent = ISC_LIST_HEAD(search_list);
@@ -574,6 +573,14 @@ set_tries(const char *value) {
tries = n;
}
+static void
+set_ndots(const char *value) {
+ isc_uint32_t n;
+ isc_result_t result = parse_uint(&n, value, 128, "ndots");
+ if (result == ISC_R_SUCCESS)
+ ndots = n;
+}
+
static void
setoption(char *opt) {
if (strncasecmp(opt, "all", 4) == 0) {
@@ -654,6 +661,8 @@ setoption(char *opt) {
nofail=ISC_FALSE;
} else if (strncasecmp(opt, "nofail", 3) == 0) {
nofail=ISC_TRUE;
+ } else if (strncasecmp(opt, "ndots=", 6) == 0) {
+ set_ndots(&opt[6]);
} else {
printf("*** Invalid option: %s\n", opt);
}
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
index f4d497b399..3f7d1f6fb8 100644
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -409,6 +409,17 @@ nslookup -query=hinfo -timeout=10
+
+ ndots=number
+
+
+ Set the number of dots (label separators) in a domain
+ that will disable searching. Absolute names always
+ stop searching.
+
+
+
+
retry=number