From 26096f5ea24a948ec02d9f49d6c89203fdd2b3b6 Mon Sep 17 00:00:00 2001
From: casjay <git-admin@casjaysdev.pro>
Date: Fri, 5 Jun 2026 14:33:50 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20resolv.conf:=20add=20searc?=
 =?UTF-8?q?h=20.=20and=20ndots:0=20to=20block=20domain=20search=20?=
 =?UTF-8?q?=F0=9F=90=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

--domainname on the container sets the kernel domainname, which c-ares
uses to infer a search domain even when /etc/resolv.conf has no search
line. This caused c-ares to query github.com.casjay.work AAAA and get
the host's own IPv6 address, routing all outbound HTTPS to the local
nginx instead of the real server.
Adding 'search .' and 'options ndots:0' explicitly disables search
domain inference regardless of the kernel domainname setting.
- rootfs/usr/local/etc/resolv.conf: add search . and options ndots:0

rootfs/usr/local/etc/resolv.conf
---
 rootfs/usr/local/etc/resolv.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rootfs/usr/local/etc/resolv.conf b/rootfs/usr/local/etc/resolv.conf
index b48f4bc..7b7a70b 100644
--- a/rootfs/usr/local/etc/resolv.conf
+++ b/rootfs/usr/local/etc/resolv.conf
@@ -2,3 +2,5 @@ nameserver 1.1.1.1
 nameserver 1.0.0.1
 nameserver 8.8.8.8
 nameserver 8.8.4.4
+search .
+options ndots:0