Invalid lan. and local. TLDs

Mark Andrews marka at
Sat Aug 29 03:24:00 UTC 2009

In message <twig.1251478975.23669 at>, "Bill Larson" writes:
> John Horne <john.horne at> said:
> > Hello,
> > 
> > I noticed one of the root servers stats
> > (
> window=604800&plot=qtype_vs_invalid_tld&server=L-root ) of queried invalid 
> TLDs, as at the moment we have no 'local.' or 'lan.' zones configured. 
> Hence, any such queries from us go out to the Internet (sorry).
> > 
> > I gather that these zones are used by MS and MAC servers to some extent,
> > so I am wondering if it would be better to simply create an empty zone
> > or one with a wildcard in it? Or does it make any difference? (I have no
> > idea what the zones are used for.)
> The "*.local" names are used by MacOS X as an implementation of the "DNS 
> Service Discovery" (DNS-SD).  I don't know anything special about the "lan" 
> name.
> For MacOS X, if the system makes a query for something of the 
> form "*.local", it does NOT go to a standard DNS server and the query is 
> kept locally on the LAN.  (DNS-SD queries are normally not routed, although 
> they can be if you configure things that way.)
> Unless you are going to be performing queries for names of the 
> form "*.local" or "*.lan", I wouldn't suggest configuring these zones on 
> your server.  The difference should be absolutely miniscule.
> > Whilst we have already configured zones for private (RFC 1918) zones,
> > and several other 'local' type forward and reverse zones, would it be
> > worth creating zones for 'belkin.', 'invalid.' and so on? Is that
> > something that others do?
> Again, why bother, unless you are using these types of names such that there 
> would be legitimate queries for them.  I don't believe this would be 
> considered a "common practice".
> If you really are worried that you are going to be querying the root servers 
> for these "invalid" names, you can alway simply watch for these DNS queries 
> on your network.  If you see a significant number of these queries, then you 
> could try and set up zones to provide SOME type of answer for these 
> queries.  Or, you could spend the same amount of time tracking down the 
> systems that are making these queries and fixing them at that end instead.
> > I came across the above web site of stats by accident, but can't seem to
> > find stats from other root servers. Anyone know if there are other stats
> > available?
> This information is nice but not critical to the operation of a DNS server.  
> There are also papers available discussing improperly configured DNS servers 
> and improper DNS queries and their impact on the root servers.  A lot of 
> good information of this manner can be found at
> Bill Larson
> _______________________________________________
> bind-users mailing list
> bind-users at

Or one can just configure your recursive server as a stealth slave
of the root zone.   You make a qery every hour or so and transfer
it twice a day.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list