Strange resolution behavior with ndots:5

I’m looking to use Cloudflare to host my domain (lets say domain.net), which is the same as my internal net which is managed by pfSense. Whenever I move my domain over to Cloudflare, the resolvers in my K3s cluster stop working since it ships with a resolv.conf default of ndots:5. It works as I expect when my domain is hosted by google domains, e.g. nslookup google.com actually looks up google.com. But whenever I switch back to Cloudflare that same host would look up google.com.domain.net instead. Does anyone have any insight as to why that may be happening or how I could get similar behavior with Cloudflare? Here’s some of the test output I gathered:

With Cloudflare:

❯ nslookup -debug google.com
Server:         10.0.0.1
Address:        10.0.0.1#53

------------
    QUESTIONS:
        google.com.domain.net, type = A, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  domain.net
        origin = damian.ns.cloudflare.com
        mail addr = dns.cloudflare.com
        serial = 2269578432
        refresh = 10000
        retry = 2400
        expire = 604800
        minimum = 3600
        ttl = 2585
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
------------
    QUESTIONS:
        google.com.domain.net, type = AAAA, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  domain.net
        origin = damian.ns.cloudflare.com
        mail addr = dns.cloudflare.com
        serial = 2269578432
        refresh = 10000
        retry = 2400
        expire = 604800
        minimum = 3600
        ttl = 3405
    ADDITIONAL RECORDS:
------------
*** Can't find google.com.domain.net: No answer
❯ dig +ndots=5 +search google.com 

; <<>> DiG 9.16.24 <<>> +ndots +search google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19994
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.domain.net.                IN      A

;; AUTHORITY SECTION:
domain.net.            1943    IN      SOA     damian.ns.cloudflare.com. dns.cloudflare.com. 2269578432 10000 2400 604800 3600

;; Query time: 3 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Sat Feb 05 14:13:33 MST 2022
;; MSG SIZE  rcvd: 115

With Google*


❯ nslookup -debug google.com
Server:         10.0.0.1
Address:        10.0.0.1#53

------------
    QUESTIONS:
        google.com.domain.net, type = A, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  domain.net
        origin = ns-cloud-d1.googledomains.com
        mail addr = cloud-dns-hostmaster.google.com
        serial = 11
        refresh = 21600
        retry = 3600
        expire = 259200
        minimum = 300
        ttl = 64
    ADDITIONAL RECORDS:
------------
** server can't find google.com.domain.net: NXDOMAIN
Server:         10.0.0.1
Address:        10.0.0.1#53

------------
    QUESTIONS:
        google.com, type = A, class = IN
    ANSWERS:
    ->  google.com
        internet address = 142.250.190.110
        ttl = 212
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name:   google.com
Address: 142.250.190.110
------------
    QUESTIONS:
        google.com, type = AAAA, class = IN
    ANSWERS:
    ->  google.com
        has AAAA address 2607:f8b0:4009:80b::200e
        ttl = 133
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Name:   google.com
Address: 2607:f8b0:4009:80b::200e
❯ dig +ndots=5 +search google.com @8.8.8.8

; <<>> DiG 9.16.24 <<>> +ndots +search google.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25281
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             102     IN      A       142.250.72.78

;; Query time: 20 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 05 14:13:40 MST 2022
;; MSG SIZE  rcvd: 55

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.