> I have a subdomain prod.mydomain.com today all of our internal > resources that use this prod subdomain stopped being able to reach > eachother. I believe the issue is related to the release of .prod as > a TLD. Is there a way I can block this TLD or point it back to my > environment? > > Currently, I have added mdots:2 to resolv.conf as a workaround.
i think you probably mean ndots not mdots. that's a fine workaround as long as you control all your stub resolvers (which is where the ndots logic runs) and they are all running the BIND stub resolver (for which ndots is a unique feature; see RFC 1535 for the history). a likely better workaround is to use DNS RPZ (so, you'll need BIND 9.9 or later on your recursive servers) and put in a local rule like "*.PROD CNAME ." to cause all of the search-path logic of all your stub resolvers (whether they have ndots logic, or not) to never see the PROD TLD, and thus, fall through to your local PROD.EXAMPLE.COM names. sadly, i think a lot of people in a lot of places are going to do this to a lot of the new GTLD's. but the new GTLD's have been on greased rails since inception, and no amount of warnings about this kind of damage did more than slow things down briefly. so, the hounds of DNS hell are now loose. good thing we have RPZ i guess. vixie _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users