What is the maximum limit of domains in a DNS search list?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL)
  • glibc

Issue

  • Need more than 6 domains in the /etc/resolv.conf search list.
  • Only the first 6 domains in the search path are looked up by the resolver.

Resolution

  • RHEL 6
    • The search list is currently limited to six domains with a total of 256 characters.
  • RHEL 7
    • Update to glibc-2.17-222.el7 (or newer) made available via RHSA-2018:0805
    • Update to man-pages-overrides-7.8.1-1.el7 (or newer) made available via RHBA-2020:1025 for the man resolv.conf search limit correction.
  • RHEL 8
    • Released with glibc-2.28-42.el8; therefore, does not have six search domain limit.
    • The man resolv.conf search limit correction is being tracked in: Bug 1928160 and is targeting the RHEL 8.5 release.

  • Note: Programs that do not make use of the glibc's resolver calls may have their own limitations. For example, bind-utils provided utilities like host, dig, or nslookup have a maximum of 8 search domains.

    # rpm -qf /usr/include/bind9/lwres/lwres.h
bind-devel-9.11.26-4.el8_4.x86_64

# grep define.*LWRES_CONFMAXSEARCH //usr/include/resolv.h /usr/include/bind9/lwres/lwres.h 
/usr/include/bind9/lwres/lwres.h:#define LWRES_CONFMAXSEARCH 8      /*%< max 8 domains in "search" entry */

Root Cause

In glibc 2.25 and earlier, the search list is limited to six domains with a total of 256 characters. Since RHEL 7 glibc-2.17-222.el7 & upstream glibc 2.26 the search list is unlimited. However, please note that additional search entries may add significant overhead to DNS processing; consider running a local caching resolver if the number of entries exceeds three.

Diagnostic Steps

On older versions of glibc the search list is limited to six domains with a total of 256 characters.

# rpm -qf /usr/include/resolv.h
glibc-headers-2.12-1.212.el6_10.3

# grep -e define.*MAXDNSRCH /usr/include/resolv.h 
# define MAXDNSRCH      6   /* max # domains in search path */

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

5 Comments

Log in to comment
Asaf Magen's picture Active Contributor 242 points
24 February 2014 3:29 PM

is there any workaround to this issue?

AC Newbie 5 points
3 July 2014 6:36 PM

Yes, we need a work around.

My windows workstation supports more than the RHEL server.

In a global enterprise environment this is imperative.

rhn-support-unadeem's picture Red Hat Active Contributor 395 points
7 July 2014 9:33 PM

I understand your problem Jeffery. I woudld advise investigating a work around with Red Hat Support at https://access.redhat.com/support/cases/new/ . I will also make sure the appropriate team reads your comment just in case. Thank you.

rh Newbie 5 points
11 July 2014 6:37 PM

We have the same problem, and we also need to increase the 256 max characters limit in resolv.conf.

DI Community Member 42 points
30 July 2020 3:18 PM

So, other than some specific programs that don't use the glibc resolver, the general 6 domain 256 character limit has been removed? If so it looks like man page still needs to be updated. Even on RHEL 8.2 RESOLV.CONF(5) still says "The search list is currently limited to six domains with a total of 256 characters."

Seem to keep seeing instances recently where man pages just don't seem to be getting updated and are not authoritative any longer. It causes a lot of unnecessary confusion.