Search domains are evil

Leave a reply

Or, how I learned to trick OS X into showing my web site no matter what domain was entered into the browser.

I’ve been having a lot of trouble lately with my web site appearing randomly while I was browsing the web. For a long time I figured I’d just live with the pain. However, it seemed to be happening more and more lately so I decided to find the source of the problem.

At first I thought it might be something about my network setup. My network isn’t particularly complex, but I do run my own server at home. I tried a number of configurations but still continued to have problems. So I moved on to the next possible culprit, my wireless router/DSL modem. I began to wonder if maybe it was doing something weird with the DNS resolutions. I changed many settings on the router and tried manually entering name servers on my local machine. Nothing.

Finally I did some basic name resolution testing using nslookup and dig. I started to see a pattern. Whenever the problem occurred the affected web sites’ name resolutions appeared to be timing out. A clue! But where to go from here? How to determine what was going on with the DNS? And why was nslookup timing out when Safari was showing my own web site?

Well, if you want to see what’s going on with your network you really need to watch the TCP traffic. The easiest way to do that? Wireshark. There is no native OS X port of Wireshark, so I decided to brave the world of running unix apps on the Mac. So first … off to MacPorts to get an application manager. The setup of MacPorts was not terribly difficult, but the installer didn’t do it’s job so I had to perform a little command-line hacking as indicated in the documentation (nothing beyond my means or I wouldn’t have even gotten this far).

Once I had Wireshark up and running I was having problems with it taking down my wireless connection. A little hint on the Wireshark-users list archive pointed me in the correct direction. I set a default capture device and started capturing traffic. Then I waited for my web site to appear when it wasn’t supposed to. Afterwards I looked at the traffic to and from the DNS server. Things atarted out looking good, and I noticed the name resolution was indeed timing out. Then I noticed that another resolution attempt was being performed with “.local” appended to the domain. That timed out. Then “.eclecitcgeek.com” was appended.

What the … ? D’oh! I had my answer. A quick trip to the network setting for my wireless card showed that the TCP/IP tab had “local” and “eclecticgeek.com” entered into the “Search Domains” section. So obvious. When the name resolution was timing out OS X started checking the search domains to see if a match could be found. I have a catch-all resolution set for eclecticgeek.com and so it always returns my site. Boo on me. I removed the search domains and expect to not have my site respond to random requests anymore.

Of course, though I have been able to identify and solve the problem with my web site showing up randomly, this leaves the question of the DNS timeouts. Solve one problem and run into another … feh!

Update 2008-08-22:
Even after removing the search domains I was having some problems. I had a domain specified in the DHCP settings and I believe that OS X was using that as a search domain. I have removed that option and will keep my fingers crossed.