Description

If performing an NS lookup while having a resolv.conf containing a search option where the last value is a single ., the net.LookupNS function fails to perform the lookup, because the search line parser can't figure out what to do with a single dot, and simple appends it to the address it's trying to look up, resulting in net.Lookup looking up domain.com...

As far as I can tell, while somewhat nonsensical, search . should be perfectly legal to have in resolv.conf, and indeed system resolvers don't seem to mind it.

The specific search line is put there by systemd-resolved, it seems. I can't tell you exactly why, but I can tell you that I get no search domains from the DHCP server.

What version of Go are you using?

1.16.15, 1.17.9, 1.18.1, 1.18.4

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

$ go env
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/adam/.cache/go-build"
GOENV="/home/adam/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/adam/Go/pkg/mod"
GONOPROXY="github.com/Vivino/*"
GONOSUMDB="github.com/Vivino/*"
GOOS="linux"
GOPATH="/home/adam/Go"
GOPRIVATE="github.com/Vivino/*"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/home/adam/godist/go1.18.4/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/home/adam/godist/go1.18.4/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18.4"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2286452031=/tmp/go-build -gno-record-gcc-switches"

What did you do?

• Have search . in /etc/resolv.conf (or any search line where the last item is a lone .)
• Perform NS lookup of non-existing domain, e.g.

   ns, err := net.LookupNS("non-existing-domain.com")
   if err != nil {
   	log.Fatal(err)
   }
   log.Println(ns)

What did you expect to see?

lookup non-existing-domain.com on 127.0.0.53:53: no such host

What did you see instead?

lookup non-existing-domain.com on 127.0.0.53:53: cannot marshal DNS message

Suggested solution

Two trivial ways solve this, none of which are particularly pretty. But since my knowledge of the codebase is limited, there are likely better ways, so for illustrative purposes, here goes:

1. In src/net/dnsclient_unix.go:481, add

if suffix == "." {
	continue
}

2. Or, in src/net/dnsconfig_unix.go:89, change the iteration to

case "search":
	conf.search = make([]string, 0, len(f)-1)
	for i := 0; i < len(f)-1; i++ {
	val := ensureRooted(f[i+1])
	if val == "." {
		continue
	}
	conf.search = append(conf.search, val)
}

I do think this is probably a corner case, but since this is being thrust into resolv.conf by a widely used local resolver (and I'm not entirely sure it's not their fault, and it might well be), I think it might warrant if nothing else a cursory look.