Allow to turn off wildcard subdomains feature

[miminar]

There are applications using DNS that don't expect all possible subdomains of a guest to resolve to the guest.

For example OpenShift, running in a VM, replaces container's /etc/resolv.conf with entries like:

search default.svc.rhel7-ose.vm svc.rhel7-ose.vm rhel7-ose.vm brq.redhat.com vm
nameserver 10.0.2.2
options ndots:5

Where rhel7-ose.vm is a hostname of the guest. With the ndots:5 option applied, most of the resolutions (where the number of dots in a resolved name is less or equal to 5) are done relative to the search names. And since the landrush has the wildcard feature on, most of the lookups actually resolve to the guest IP.

So for example during nslookup github.com inside such an container, will result in a fully qualified name github.com.default.svc.rhel7-ose.vm and the guest IP.

Please allow for disablement of the wildcard feature.

[hferentschik]

Can you give some exact steps to re-produce this? Also are we talking about selective disablement of wildcard resolution (aka just on the guest or just for a (configured) numbers of hosts)?

Thinking of the context of OpenShift, wildcard resolution is a huge benefit when it comes to making applications (routes) visible on the host. I for sure don't want to loose this.

[hferentschik]

For example OpenShift, running in a VM, replaces container's /etc/resolv.conf with entries like

Hmm, I am trying to verify this using ADB and CDK both of which running Openshift, however in a containerized version. There are no changes to /etc/resolv.conf. I assume you are running Openshift natively on the VM?

[tobru]

I can confirm this behaviour when installing OpenShift Origin 1.3.0 with the Advanced Installation method (Ansible) using the containerized version. So an option to disable the wildcard feature would be very usefull for this usecase.