From 72fe4eb95ac62126f83cde5bb4cb3ec6433f94c2 Mon Sep 17 00:00:00 2001 From: casjay Date: Fri, 5 Jun 2026 14:31:40 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20resolv.conf:=20add=20searc?= =?UTF-8?q?h=20.=20and=20ndots:0=20to=20block=20domain=20search=20?= =?UTF-8?q?=F0=9F=90=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --domainname on the container sets the kernel domainname, which c-ares uses to infer a search domain even when /etc/resolv.conf has no search line. This caused c-ares to query github.com.casjay.work AAAA and get the host's own IPv6 address, routing all outbound HTTPS to the local nginx instead of the real server. Adding 'search .' and 'options ndots:0' explicitly disables search domain inference regardless of the kernel domainname setting. - rootfs/usr/local/etc/resolv.conf: add search . and options ndots:0 rootfs/usr/local/etc/resolv.conf --- rootfs/usr/local/etc/resolv.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/usr/local/etc/resolv.conf b/rootfs/usr/local/etc/resolv.conf index b48f4bc..7b7a70b 100644 --- a/rootfs/usr/local/etc/resolv.conf +++ b/rootfs/usr/local/etc/resolv.conf @@ -2,3 +2,5 @@ nameserver 1.1.1.1 nameserver 1.0.0.1 nameserver 8.8.8.8 nameserver 8.8.4.4 +search . +options ndots:0