Invalid lan. and local. TLDs

Bill Larson wllarso at
Fri Aug 28 17:02:55 UTC 2009

John Horne <john.horne at> said:

> Hello,
> I noticed one of the root servers stats
> (
window=604800&plot=qtype_vs_invalid_tld&server=L-root ) of queried invalid 
TLDs, as at the moment we have no 'local.' or 'lan.' zones configured. 
Hence, any such queries from us go out to the Internet (sorry).
> I gather that these zones are used by MS and MAC servers to some extent,
> so I am wondering if it would be better to simply create an empty zone
> or one with a wildcard in it? Or does it make any difference? (I have no
> idea what the zones are used for.)

The "*.local" names are used by MacOS X as an implementation of the "DNS 
Service Discovery" (DNS-SD).  I don't know anything special about the "lan" 

For MacOS X, if the system makes a query for something of the 
form "*.local", it does NOT go to a standard DNS server and the query is 
kept locally on the LAN.  (DNS-SD queries are normally not routed, although 
they can be if you configure things that way.)

Unless you are going to be performing queries for names of the 
form "*.local" or "*.lan", I wouldn't suggest configuring these zones on 
your server.  The difference should be absolutely miniscule.

> Whilst we have already configured zones for private (RFC 1918) zones,
> and several other 'local' type forward and reverse zones, would it be
> worth creating zones for 'belkin.', 'invalid.' and so on? Is that
> something that others do?

Again, why bother, unless you are using these types of names such that there 
would be legitimate queries for them.  I don't believe this would be 
considered a "common practice".

If you really are worried that you are going to be querying the root servers 
for these "invalid" names, you can alway simply watch for these DNS queries 
on your network.  If you see a significant number of these queries, then you 
could try and set up zones to provide SOME type of answer for these 
queries.  Or, you could spend the same amount of time tracking down the 
systems that are making these queries and fixing them at that end instead.

> I came across the above web site of stats by accident, but can't seem to
> find stats from other root servers. Anyone know if there are other stats
> available?

This information is nice but not critical to the operation of a DNS server.  
There are also papers available discussing improperly configured DNS servers 
and improper DNS queries and their impact on the root servers.  A lot of 
good information of this manner can be found at

Bill Larson

More information about the bind-users mailing list