DNS Server Host's Network DNS Settings

Kevin Darcy kcd at chrysler.com
Fri Dec 21 22:48:15 UTC 2007 

Steven Stromer wrote:
> This is probably a naive question, but what, if any relationship do the 
> DNS settings of the host have to the BIND server that the host is 
> hosting? (And no, this isn't a smart-as**d joke... I'm really wondering.)
>
> This is kind of a two part question, as I imagine the potential exists 
> for both the host to send DNS queries to the local DNS service, and for 
> the DNS service to ask its host for its DNS settings.
>
> My instinct is to think that the host will query the local DNS service 
> if the host's network settings are so configured, and that, vice versa, 
> the DNS never looks at the host's network settings.
>   
Correct. The local resolution function and named need not have anything 
to do with each other. You could have a server running named and using 
some *other* box -- possibly even a non-BIND nameserver -- for its own 
resolution. Or, as is more common, the local processes can use the local 
nameserver for resolution (possibly a different instance or view than 
the one which serves external clients).
> If my assumptions are correct, then a follow-up question would be, How 
> should the local network DNS settings be configured on the host? 'Should 
> the DNS entry be 127.0.0.1, the assigned lan IP of the host (as other 
> hosts on the lan are configured), some other entry, such as 'localhost', 
> or is there some unimaginable reason why the host should never be 
> allowed to query the local DNS service?'
>   
First of all, think about the chicken-and-egg problem inherent in using 
a _name_ to find your _nameserver_. How do you resolve that name into an 
address? One can't *assume* that another source of name-resolution (e.g. 
/etc/hosts) is available for this function. This is why resolver configs 
are one of the few things that are traditionally restricting to using IP 
addresses and not names.

Having said that, there is a slight disagreement about the wisdom of 
using 127.0.0.1 as a resolver address. Supposedly there was a bug in 
some old versions of the BSD network code that caused problems with 
127.0.0.1, and it's theoretically *possible* that the buggy code has 
been inherited by even some modern OS'es. But we've been using 127.0.0.1 
here for many years (mostly with Solaris, but also with SLES Linux and 
some other platforms as well) and never had a problem with it. The 
reason I prefer 127.0.0.1 is that sometimes our admins blindly copy 
/etc/resolv.conf from one box to another (good help is so hard to find 
these days). If you use 127.0.0.1 it's "portable".

                                                                         
                              - Kevin

More information about the bind-users mailing list