Impact of having loghost defined in DNS...?

[Danny Mayer]

At 12:31 AM 11/29/2004, Gregory Hicks wrote:

> > Date: Sun, 28 Nov 2004 19:19:38 -0500
> > From: Danny Mayer <mayer at gis.net>
> >
> > At 04:40 AM 11/28/2004, Gregory Hicks wrote:
> > >Greetings:
> > >
> > >Not sure if this is "on-topic" or not, but what would you expect the
> > >impact of defining "loghost" to be 127.0.0.1 via DNS...
> > >
> > >My db.127.0.0 PTR file already has
> > >
> > >1.0.0.127.IN-ADDR.ARPA.         IN  PTR   localhost.
> > >
> > >entered, and I don't see how any other name can be added to this when
> > >running under Bind 9.3...
> >
> > You can add as many records as you like. However there are no known
> > applications that ever look beyond the first record nor is it clear why
> > it would need to.
> >
> > >It would be possible to define loghost as
> > >
> > >loghost.example.com.    IN A 127.0.0.1
> > >localhost.example.com.  IN A 127.0.0.1
> > >
> > >in the main zone file, but I don't see any other way to do it other
> > >than defining the entry in the /etc/hosts file.
> >
> > Those are valid records. /etc/hosts only affects the local system.
> >
> > >Any thoughts on any potential impacts?
> >
> > No impact. It's not clear why you want to define a "loghost". Maybe
> > you should tell us the problem you are trying to solve instead
> > of this non-problem.
>
>I, and several others, were asked the following:
>
>What impact, if any, would there be if we were to add 'loghost' as an
>alias to 'localhost' in DNS/LDAP/NIS?
>
>My response to this was:
>
>"loghost" is generally, the "logging" host for syslogd via syslog.conf,
>so ...

That sounds more like a convention. It's not a standard name. You
can define anything you want in syslog.conf.

>"loghost" should be defined in /etc/hosts on each machine and should be
>an alias for the name/IP address of that particular machine.

Why? If it's always the local machine you may just as well use localhost
and define it in the DNS.

>It is OK to put the loghost entry on the 'localhost' entry on each
>machine.  Almost all current OSs make this as the default entry, but
>"loghost" should NOT be defined in LDAP/host/DNS.

Why not? LDAP/host/DNS doesn't care

>   The 127.0.0.1
>hostname/IP address is defined on each machine in /etc/hosts thusly:
>
>127.0.0.1 localhost
>
>This is the ONLY place that the entry is valid.

No, you can define it in DNS.

>   There is no "domain"
>for "localhost" that is a standard.  (Linux uses "localdomain" but this
>is ALSO only valid for the local machine since there is no TLD called
>"localdomain".)

Sure there is. I have a localhost domain on every machine on which
I've put up a nameserver. DNS doesn't care. I think you'll find
that everyone else does too. I don't use /etc/hosts on any machine
that I have control over. See this:

 >dig localhost A

; <<>> DiG 9.3.0 <<>> localhost A
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 321
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;localhost.                     IN      A

;; ANSWER SECTION:
localhost.              3600    IN      A       127.0.0.1

;; AUTHORITY SECTION:
localhost.              3600    IN      NS      localhost.

;; Query time: 270 msec
;; SERVER: 10.10.10.1#53(10.10.10.1)
;; WHEN: Mon Nov 29 19:58:23 2004
;; MSG SIZE  rcvd: 57

>However, if you DO define it in DNS, then the db.127.0.0 file on ALL
>dns servers should be updated...  However, the PTR records do not
>really allow for multiple names having the same IP address....

Not true. DNS doesn't care how many PTR records you have.
There aren't any applications that make use of more than one
record but then you haven't said why you need a PTR record
in the first place.


>when you look up "localhost" via DNS, you are NOT
>looking up "localhost" as the OS understands it.

Then you don't have it defined properly. It is ALWAYS recommended
that you have a localhost domain.

>   You are really
>looking up "localhost.example.com".  This is NOT the same NAME as
>"localhost" on each individual machine since "localhost" is tied by the
>OS (as in HARD-WIRED or HARD-CODED) to the loopback interface.

The usual recommendation is to add a localhost record to the domain
so that the DNS will return the record faster, but it's not a requirement.
DNS lookups otherwise take a little longer.


>You may get the same IP address by resolving the name from DNS instead
>of from /etc/files, but what you are resolving is NOT the same NAME
>that the OS uses...  In fact, if you do add it to DNS/LDAP, the name is
>no longer "loghost" (as is used in /etc/syslog.conf), but
>"loghost.cadence.com" since the ONLY db file you can add it to is
>db.cadence...  (There is no db.localhost available via DNS since there
>is no DOMAIN associated with the name...)

I have one as does everyone else:
zone "localhost"                IN      {type master;   file "db.localhost";};



>Defining the name at all in /etc/hosts on either the localhost entry or
>the machine hostname entry just 'defines' the name for the m4
>processing of syslog.conf.  At the point when this processing is taking
>place, DNS and LDAP has not yet been started.  The OS is relying on
>/etc/hosts for any IP address info.

The issue of the starting order is separate and is worth discussing.
I leave it to others to recommend a start order since syslog may need
DNS and DNS may need syslog depending on how they are configured.


>Some examples using "getent" and letting the OS resolve the IP
>address...

I have no idea what getent is but that really doesn't matter.

Danny