DNS Server Host's Network DNS Settings
kcd at chrysler.com
Fri Dec 21 22:48:15 UTC 2007
Steven Stromer wrote:
> This is probably a naive question, but what, if any relationship do the
> DNS settings of the host have to the BIND server that the host is
> hosting? (And no, this isn't a smart-as**d joke... I'm really wondering.)
> This is kind of a two part question, as I imagine the potential exists
> for both the host to send DNS queries to the local DNS service, and for
> the DNS service to ask its host for its DNS settings.
> My instinct is to think that the host will query the local DNS service
> if the host's network settings are so configured, and that, vice versa,
> the DNS never looks at the host's network settings.
Correct. The local resolution function and named need not have anything
to do with each other. You could have a server running named and using
some *other* box -- possibly even a non-BIND nameserver -- for its own
resolution. Or, as is more common, the local processes can use the local
nameserver for resolution (possibly a different instance or view than
the one which serves external clients).
> If my assumptions are correct, then a follow-up question would be, How
> should the local network DNS settings be configured on the host? 'Should
> the DNS entry be 127.0.0.1, the assigned lan IP of the host (as other
> hosts on the lan are configured), some other entry, such as 'localhost',
> or is there some unimaginable reason why the host should never be
> allowed to query the local DNS service?'
First of all, think about the chicken-and-egg problem inherent in using
a _name_ to find your _nameserver_. How do you resolve that name into an
address? One can't *assume* that another source of name-resolution (e.g.
/etc/hosts) is available for this function. This is why resolver configs
are one of the few things that are traditionally restricting to using IP
addresses and not names.
Having said that, there is a slight disagreement about the wisdom of
using 127.0.0.1 as a resolver address. Supposedly there was a bug in
some old versions of the BSD network code that caused problems with
127.0.0.1, and it's theoretically *possible* that the buggy code has
been inherited by even some modern OS'es. But we've been using 127.0.0.1
here for many years (mostly with Solaris, but also with SLES Linux and
some other platforms as well) and never had a problem with it. The
reason I prefer 127.0.0.1 is that sometimes our admins blindly copy
/etc/resolv.conf from one box to another (good help is so hard to find
these days). If you use 127.0.0.1 it's "portable".
More information about the bind-users