Public DNS - recursion no - Access to the Internet
Barry Margolin
barmar at alum.mit.edu
Mon Feb 19 01:16:40 UTC 2007
In article <er9j13$14fi$1 at sf1.isc.org>,
Pascal Hambourg <pascal.mail at plouf.fr.eu.org> wrote:
> Barry Margolin a ecrit :
> > Pascal Hambourg <pascal.mail at plouf.fr.eu.org> wrote:
> >>>
> >>>Quote:
> >>>"You can also configure the resolver to query the host's local nameserver
> >>>using either the local host's IP address or the zero address. The zero
> >>>address, 0.0.0.0, is interpreted by most TCP/IP implementations to mean
> >>>"this host."
> >>
> >>This is a wrong use of "this host". According to RFC 1700 and RFC 3330,
> >>addresses in 0.0.0.0/8, including 0.0.0.0, may only be used as source
> >>addresses, not destination addresses.
> >
> > That only refers to using it on the network, it has nothing to do with
> > configuration files.
>
> It has to do with both, when an address in a configuration file is meant
> to be used on the network. Isn't a nameserver address in resolv.conf
> meant to be used on the network ?
Not in the case of 0.0.0.0.
>
> > The reason it didn't work for him was that he only put 127.0.0.1 in his
> > allow-recursion ACL.
>
> No, the reason was that "allow-recursion" was kept to "no".
>
> > But when you use 0.0.0.0 in your named.conf,
>
> 0.0.0.0 was not used in named.conf but in resolv.conf.
That's what I meant to write.
>
> > it
> > doesn't send from/to 127.0.0.1, it sends to one of the machine's real
> > NIC addresses,
>
> Do you mean that 0.0.0.0 as a nameserver address in resolv.conf is legal
> and means "any local address" ?
Yes. Read the above quote from "DNS & BIND".
>
> > and in this case the source address is also that NIC address.
>
> IMHO it depends on the default source adress selected by the IP stack.
> Is there any requirement in RFCs saying that the default source adress
> must be identical to the destination address ?
I believe RFC 1122 says that the default source address should be the
outgoing interface. When sending to your own address, the outgoing
interface is the one whose address you're sending to, so the source and
destination addresses will be the same.
However, since nothing is going on the wire the RFC's don't *really*
apply. But most stacks work this way.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list