> > 1. tcpdump -i any 'port domain' > Shouldn't we also confirm here the hostname being queried? It should be the one without a final dot, right? And without the search domain appended.
There is no concept of "final dot" in DNS queries. At the low, protocol level, all queries are always absolute / fully qualified. Each DNS client maintains its search domain configuration separately and privately, and all the search domain logic happens entirely in user space libraries. tcpdump can't see whether search domains were used or not. Unfortunately, the search domain logic seems highly configurable and variable over time, across resolvers on the same machine (even at the same time), etc. So it seems quite hard to predict how many search domains will be used / how many DNS queries will be issued, it could vary across systems and/or over time. > > => observe the NXDOMAIN noise over a couple few minutes > Observe where, in the nmcli terminal, tcpdump one, or logs? In tcpdump and journactl -f (3rd terminal). nmcli doesn't know anything about this. nmcli is only a testing means. > What is an indication that things are ok, and what is an indication that they > aren't? > [...] > but I'm sorry, this test plan is not descriptive enough: I'm afraid the problem is worse: I feel like the requirements are not clearly defined and/or prioritized in the first place. What is most important: minimizing DNS traffic? Or just minimizing logging noise? Or babysitting "enterprise" firewalls that don't understand DNS? Or worse "ossifications"[*]. You can't have it all. Among others, it depends on which ossifications are acceptable versus not. None of those trade-offs is up to me :-) This being said, you could probably have the best of both worlds by (1) supporting multiple URLs (NM change) and (2) querying with a final dot first, and then without one if the first query failed due to some ossified firewall. This NM change would help in other situations, see above. [*] https://lwn.net/Articles/745590/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2148643 Title: [SRU] connectivity-check.ubuntu.com URL change? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2148643/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
