Why does getent default to .station if no TLD is specified?

Question

With my current setup, I have a dnsmasq instance operating on my home server (Void Linux) and 3 GNU/Linux devices that use it as default dns (1 Manjaro, 1 Arch, 1 Linux Mint 20.1).

Due to seemingly unrelated issues, I was testing the mdns name resolution with getent, and I noticed, both by looking at dnsmasq logs and running strace getent, that getent would automatically append the .station Top Level Domain if the domain wasn't already specified.

getent hosts home-server results in

dnsmasq[24671]: query[AAAA] home-server.station from 192.168.0.6
dnsmasq[24671]: forwarded home-server.station to 9.9.9.9
dnsmasq[24671]: query[AAAA] home-server.station from 192.168.0.6
dnsmasq[24671]: forwarded home-server.station to 9.9.9.9
dnsmasq[24671]: query[AAAA] home-server.station from 192.168.0.6
dnsmasq[24671]: forwarded home-server.station to 9.9.9.9
dnsmasq[24671]: forwarded home-server.station to 95.216.24.230
dnsmasq[24671]: forwarded home-server.station to 89.233.43.71
dnsmasq[24671]: forwarded home-server.station to 78.46.244.143
dnsmasq[24671]: forwarded home-server.station to 146.255.56.98
dnsmasq[24671]: forwarded home-server.station to 78.46.244.143
dnsmasq[24671]: forwarded home-server.station to 146.255.56.98
dnsmasq[24671]: forwarded home-server.station to 78.46.244.143
dnsmasq[24671]: forwarded home-server.station to 146.255.56.98
dnsmasq[24671]: forwarded home-server.station to 45.90.57.121
dnsmasq[24671]: forwarded home-server.station to 80.67.169.40
dnsmasq[24671]: forwarded home-server.station to 104.244.78.231
dnsmasq[24671]: reply home-server.station is NXDOMAIN
dnsmasq[24671]: query[AAAA] home-server from 192.168.0.6

On the dnsmasq log and

socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 4
setsockopt(4, SOL_IP, IP_RECVERR, [1], 4) = 0
connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.100")}, 16) = 0
poll([{fd=4, events=POLLOUT}], 1, 0)    = 1 ([{fd=4, revents=POLLOUT}])
sendto(4, "\2\17\1\0\0\1\0\0\0\0\0\0\vhome-server\7station"..., 37, MSG_NOSIGNAL, NULL, 0) = 3

Calling getent with strace.

I wasn't able to find any information regarding the .station TLD.

Does anyone know why does getent have this default behavior, and where does the .station come from?

My /etc/nsswitch.conf hosts line on Manjaro

hosts: files mymachines mdns4_minimal [NOTFOUND=return] resolve dns mdns4 myhostname

On Mint

hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname

Is `.station` the domain name that your DHCP server has given you? — Kusalananda, May 03 '21 at 10:44
I'm using a Vodafone Power Station that by default responds at the `http://vodafone.station/` name. However I don't understand how it would influence `getent`'s behavior. I'm not sure how to check if it gave my devices names — Mek101, May 03 '21 at 10:53
Because `mdns4_minimal` provides a minimal zeroconf (aka Rendezvous, aka Bonjour) lookup service for nsswitch. Your vodafone power station is probably publishing it to the local LAN. Zeroconf, of course, is short-hand for "Screw up my network with semi-random, unreliable, undiagnosable, unfixable garbage". Thanks, Apple. And avahi. And nss-mdns. — cas, May 03 '21 at 11:28
Try removing `mdns4_minimal [NOTFOUND=return]` and `mdns4` from the hosts entry in `/etc/nsswitch.conf` — cas, May 03 '21 at 11:30
@cas Still happens even without `mdns4_minimal [NOTFOUND=return]` — Mek101, May 03 '21 at 11:32

score 3 · Accepted Answer · answered May 03 '21 at 12:20

getent hosts does what the hosts line of nsswitch.conf tells it to do. The strace indicates it's sending a unicast DNS query to 192.168.0.100.

You have two hostname resolution services that could use unicast DNS: resolve and dns. One or both of these have apparently been configured, probably by your DHCP client, to use station as your DNS default domain.

For resolve, run resolvectl status. For dns, run cat /etc/resolv.conf. This should tell you which of the DNS resolution services has the station domain configured.

(Unless resolve is configured to not use regular DNS, the use of both resolve and dns together is a bit of a belt-and-suspenders configuration: normally you would need only one or the other.)

If you are using NetworkManager to configure your network interfaces and are using DHCP, you might look at the newest *.lease file (or equivalent; this may depend on which DHCP client NetworkManager is configured to use) in /var/lib/NetworkManager to see which DHCP server actually gave you the IP address and which additional DHCP options came along with it.

Another way to see the DHCP options given by the DHCP server would be to run nmcli c show to list the configured connections, find the name of the active connection, and then use nmcli c show <name of active connection> | grep DHCP..OPTION.

Since Vodafone Power Station is your router, it most likely also acts as a DHCP server for your home network. .station is probably just its factory default setting for the DNS domain, and it propagates that setting to all its DHCP clients. It can probably be changed from the router's settings.

Yup, the power station configured NetworkManager to use the `.station` domain name, which is then used by the `dns` option in `/etc/nsswitch.conf`, thank you! — Mek101, May 03 '21 at 13:26

score 1 · Answer 2 · answered May 03 '21 at 11:44

Due to the unrelated issue, I ended up checking /etc/resolv.conf, which is created by NetworkManager on all the distros I use as clients.

According to @Kusalananda 's suggestion, it seems that the Vodafone Power Station causes network manger to add the search station option to the file and it's ip address as a DNS server; removing such line causes the http://vodafone.station name resolution to fail on Firefox (which is weird in itself, because the name is still resolved by the station's DNS)

Why does getent default to .station if no TLD is specified?

2 Answers2