Thomas Eizinger
Thomas Eizinger
 We never receive a DNS query for `foo`, only for the previous `foo.baz` and `foo.foo` after.
Sending DNS queries for hosts is something that the local configuration needs to opt-in to and as far as I can see, we'd have to mangle the user's `resolvectl.conf` for...
I did suspect that this was platform-specific because I hit the same issue when debugging Brian's "gateway sidecar" thing where the service in question was a single-label domain configured in...
Also, note that `dig` by default ignores search domains (you have to opt-in with `+search`).
On Linux, if I set an explicit search domain in with resolvctl, I receive DNS queries that have the domain name appended: ``` [nix-shell:~]$ host bar bar.my.company has address 72.52.179.175...
Perhaps another resource type? I can confirm that this works: 1. Set a custom search domain on our TUN adapter: ``` Link 47 (tun-firezone) Current Scopes: DNS mDNS/IPv4 mDNS/IPv6 Protocols:...
I added a policy to give you access to that resource. Can you try hacking in the search domain in the adapter settings? https://developer.apple.com/documentation/networkextension/nednssettings/1406658-searchdomains?changes=l_4&language=objc
> Hm, not seeing the Resource in my Client on staging? I added it to the `jamil` group: https://app.firez.one/firezone/policies/f43bc10a-238c-49a7-bd85-0467b39f1dad
> The issue I fear with setting this in the Client is that it deviates the convention of keeping DNS configuration local to the Gateways. The search domain configuration might...
One thing that I believe we should fix separately is that we don't disable LLMNR. That results in lookups for unknown hosts (that don't match any other search domains) to...