Invalid lan. and local. TLDs
Mark Andrews
marka at isc.org
Sat Aug 29 03:24:00 UTC 2009
In message <twig.1251478975.23669 at swcp.com>, "Bill Larson" writes:
> John Horne <john.horne at plymouth.ac.uk> said:
>
> > Hello,
> >
> > I noticed one of the root servers stats
> > ( http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?
> window=604800&plot=qtype_vs_invalid_tld&server=L-root ) of queried invalid
> TLDs, as at the moment we have no 'local.' or 'lan.' zones configured.
> Hence, any such queries from us go out to the Internet (sorry).
> >
> > I gather that these zones are used by MS and MAC servers to some extent,
> > so I am wondering if it would be better to simply create an empty zone
> > or one with a wildcard in it? Or does it make any difference? (I have no
> > idea what the zones are used for.)
>
> The "*.local" names are used by MacOS X as an implementation of the "DNS
> Service Discovery" (DNS-SD). I don't know anything special about the "lan"
> name.
>
> For MacOS X, if the system makes a query for something of the
> form "*.local", it does NOT go to a standard DNS server and the query is
> kept locally on the LAN. (DNS-SD queries are normally not routed, although
> they can be if you configure things that way.)
>
> Unless you are going to be performing queries for names of the
> form "*.local" or "*.lan", I wouldn't suggest configuring these zones on
> your server. The difference should be absolutely miniscule.
>
> > Whilst we have already configured zones for private (RFC 1918) zones,
> > and several other 'local' type forward and reverse zones, would it be
> > worth creating zones for 'belkin.', 'invalid.' and so on? Is that
> > something that others do?
>
> Again, why bother, unless you are using these types of names such that there
> would be legitimate queries for them. I don't believe this would be
> considered a "common practice".
>
> If you really are worried that you are going to be querying the root servers
> for these "invalid" names, you can alway simply watch for these DNS queries
> on your network. If you see a significant number of these queries, then you
> could try and set up zones to provide SOME type of answer for these
> queries. Or, you could spend the same amount of time tracking down the
> systems that are making these queries and fixing them at that end instead.
>
> > I came across the above web site of stats by accident, but can't seem to
> > find stats from other root servers. Anyone know if there are other stats
> > available?
>
> This information is nice but not critical to the operation of a DNS server.
> There are also papers available discussing improperly configured DNS servers
> and improper DNS queries and their impact on the root servers. A lot of
> good information of this manner can be found at www.dns-oarc.net.
>
> Bill Larson
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Or one can just configure your recursive server as a stealth slave
of the root zone. You make a qery every hour or so and transfer
it twice a day.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list