Invalid lan. and local. TLDs

Mark Andrews marka at isc.org
Sat Aug 29 03:24:00 UTC 2009 

In message <twig.1251478975.23669 at swcp.com>, "Bill Larson" writes:
> John Horne <john.horne at plymouth.ac.uk> said:
> 
> > Hello,
> > 
> > I noticed one of the root servers stats
> > ( http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?
> window=604800&plot=qtype_vs_invalid_tld&server=L-root ) of queried invalid 
> TLDs, as at the moment we have no 'local.' or 'lan.' zones configured. 
> Hence, any such queries from us go out to the Internet (sorry).
> > 
> > I gather that these zones are used by MS and MAC servers to some extent,
> > so I am wondering if it would be better to simply create an empty zone
> > or one with a wildcard in it? Or does it make any difference? (I have no
> > idea what the zones are used for.)
> 
> The "*.local" names are used by MacOS X as an implementation of the "DNS 
> Service Discovery" (DNS-SD).  I don't know anything special about the "lan" 
> name.
> 
> For MacOS X, if the system makes a query for something of the 
> form "*.local", it does NOT go to a standard DNS server and the query is 
> kept locally on the LAN.  (DNS-SD queries are normally not routed, although 
> they can be if you configure things that way.)
> 
> Unless you are going to be performing queries for names of the 
> form "*.local" or "*.lan", I wouldn't suggest configuring these zones on 
> your server.  The difference should be absolutely miniscule.
> 
> > Whilst we have already configured zones for private (RFC 1918) zones,
> > and several other 'local' type forward and reverse zones, would it be
> > worth creating zones for 'belkin.', 'invalid.' and so on? Is that
> > something that others do?
> 
> Again, why bother, unless you are using these types of names such that there 
> would be legitimate queries for them.  I don't believe this would be 
> considered a "common practice".
> 
> If you really are worried that you are going to be querying the root servers 
> for these "invalid" names, you can alway simply watch for these DNS queries 
> on your network.  If you see a significant number of these queries, then you 
> could try and set up zones to provide SOME type of answer for these 
> queries.  Or, you could spend the same amount of time tracking down the 
> systems that are making these queries and fixing them at that end instead.
> 
> > I came across the above web site of stats by accident, but can't seem to
> > find stats from other root servers. Anyone know if there are other stats
> > available?
> 
> This information is nice but not critical to the operation of a DNS server.  
> There are also papers available discussing improperly configured DNS servers 
> and improper DNS queries and their impact on the root servers.  A lot of 
> good information of this manner can be found at www.dns-oarc.net.
> 
> Bill Larson
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

Or one can just configure your recursive server as a stealth slave
of the root zone.   You make a qery every hour or so and transfer
it twice a day.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list