What is a "search domain"?

I never thought about the search domain setting in my network settings. It was set to fritz.box (cause I use one of their routers) and I never knew why. It was just… there.

Because of a toot by Katze, I got a bit hooked what that thing called actually is.

What’s the search domain?

Basically, if you have a search domain set, like my router did it, you can resolve arbitrary, uh, subdomains. It’s useful for company networks and especially internal DNS systems.

For example: If you set the search domain to acme.org, people can resolve meow.acme.org by simply entering meow in their browser. The domain would be resolved like this:

1. ooooh, you don’t have a top level domain on this request. Imma ask acme.org to resolve this.
2. acme.org responded with 10.0.13.12.
3. I can send my request to 10.0.13.12, yaay! :3

Can I use that for my own network?

Theoretically yes. Practically, it’s complicated. The reason for that is DNS rebinding, a method of DNS spoofing. The technical details are explained in the linked Wikipedia article.

However, as a safety precaution, certain routers, like my beloved (ahem) Fritz!Box do have a filter for such DNS requests. Even if I’d set the A record for home.jasminchen.dev to 192.168.178.100, the router would block such DNS requests.

With DNS over HTTPS (DoH) or DNS over TLS (DoT), I could easily circumvent such filters. But that’s something to explore on another day.