How to allow set Host file dns query priorities in BIND
kcd at chrysler.com
Wed Feb 23 17:19:56 UTC 2011
On 2/23/2011 4:57 AM, Eivind Olsen wrote:
>> is there any option in BIND to give priority to HOST file before
>> connecting it to internet ISP or local zone?
> No. BIND doesn't read/use the hosts file.
> What you _can_ do is configure BIND to believe it's authoritative for
> those zones, but I'd not recommend doing this unless you have a very good
> reason. And if your Internet connection goes down, does it really matter
> whether you can do lookups, if you can't make the connections anyway?
I hear that reasoning a lot, but it's actually a fallacy. Some
applications/subsystems differentiate between "host not found" errors
(considered "permanent") and "cannot connect" errors (considered
"temporary" and retryable). In fact, those might be very different code
paths, and the app/subsystem behavior might differ wildly.
Unless one intimately knows the failure behavior of
*every*single*app*and*subsystem* in one's environment (which in a
large/complex environment is a constantly moving target, since new apps
and subsystems are being implemented all the time), one should err on
the side of safety and ensure that DNS resolution still works even if
the resources that the address (A/AAAA) records point to is unavailable.
One should also bear in mind that DNS isn't only used for obtaining
address records for purposes of immediate client/server connection. Data
mining, resource location, and general information retrieval functions
are often implemented in DNS, and the availability of these functions
shouldn't necessarily be made dependent on the up/down status of some
arbitrary network link. It's also possible that an app could make a
lookup, and as long as the TTL on the records hasn't expired,
legitimately attempt a connection at some _later_ time. Not everything
To answer the original poster's question: BIND doesn't control whether a
process uses the hosts file for its lookup or not, that's usually an
OS-configuration thing (see, e.g.
More information about the bind-users