In /etc/resolv.conf, what exactly does the "search" configuration option do?

If I have the option set as the domain name of the server itself, does that mean the server itself is used first to lookup domain names before querying the external internet? i.e. /etc/hosts will be queried?

For example:

search  example.com

From man resolv.conf

The search list is normally determined from the local domain name; by default, it contains only the local domain name. This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found. For environments with multiple subdomains please read options ndots:n below to avoid man-in-the-middle attacks and unnecessary traffic for the root-dns-servers. Note that this process may be slow and will generate a lot of network traffic if the servers for the listed domains are not local, and that queries will time out if no server is available for one of the domains.

The search list is currently limited to six domains with a total of 256 characters.

To summarize the above, assuming no change from the defaults mentioned above, if something gets to the resolver that has no dots in it, the resolver will try adding example.com to it.

So lets say you just type http://somesite/somedocument.html in your browser. The resolver will catch that and first try to resolve somesite.example.com - equivalent if you actually typed http://somesite.example.com/somedocument.html - before trying what you actually requested.

This is helpful if you are part of a LAN environment that has its own DNS server so that people can type simple names to reach local resources. If you don't have a home or corporate LAN with your own DNS server it's nothing you really have to worry about.


To explain, consider the entry in /etc/hosts as below:

192.168.1.10     web.example.com

Now, if I want to ping #ping web.example.com it will serve the request, But what if I do #ping web, it will say "temporary failure..." and won't serve the request.

So to serve the request, I have to write an entry in /etc/resolve.conf as search example.com.

(Yeah, we can also append in /etc/hosts file).

Now if you do the ping web, it will append example.com to your request and serve.