Invalid lan. and local. TLDs
wllarso at swcp.com
Fri Aug 28 17:02:55 UTC 2009
John Horne <john.horne at plymouth.ac.uk> said:
> I noticed one of the root servers stats
> ( http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?
window=604800&plot=qtype_vs_invalid_tld&server=L-root ) of queried invalid
TLDs, as at the moment we have no 'local.' or 'lan.' zones configured.
Hence, any such queries from us go out to the Internet (sorry).
> I gather that these zones are used by MS and MAC servers to some extent,
> so I am wondering if it would be better to simply create an empty zone
> or one with a wildcard in it? Or does it make any difference? (I have no
> idea what the zones are used for.)
The "*.local" names are used by MacOS X as an implementation of the "DNS
Service Discovery" (DNS-SD). I don't know anything special about the "lan"
For MacOS X, if the system makes a query for something of the
form "*.local", it does NOT go to a standard DNS server and the query is
kept locally on the LAN. (DNS-SD queries are normally not routed, although
they can be if you configure things that way.)
Unless you are going to be performing queries for names of the
form "*.local" or "*.lan", I wouldn't suggest configuring these zones on
your server. The difference should be absolutely miniscule.
> Whilst we have already configured zones for private (RFC 1918) zones,
> and several other 'local' type forward and reverse zones, would it be
> worth creating zones for 'belkin.', 'invalid.' and so on? Is that
> something that others do?
Again, why bother, unless you are using these types of names such that there
would be legitimate queries for them. I don't believe this would be
considered a "common practice".
If you really are worried that you are going to be querying the root servers
for these "invalid" names, you can alway simply watch for these DNS queries
on your network. If you see a significant number of these queries, then you
could try and set up zones to provide SOME type of answer for these
queries. Or, you could spend the same amount of time tracking down the
systems that are making these queries and fixing them at that end instead.
> I came across the above web site of stats by accident, but can't seem to
> find stats from other root servers. Anyone know if there are other stats
This information is nice but not critical to the operation of a DNS server.
There are also papers available discussing improperly configured DNS servers
and improper DNS queries and their impact on the root servers. A lot of
good information of this manner can be found at www.dns-oarc.net.
More information about the bind-users