localhost name lookup

Tue Jan 14 15:36:19 UTC 2025

On Sun, Jan 12, 2025 at 9:39 PM Eric wrote:
>
> I did, but my thought would be it's up to the dns admin to define those zone configurations as you have done. I may be wrong though.

I may be wrong also - which is why I'm asking :)

There seems to be a long list of things bind tries to serve locally to
prevent them from hitting the root servers - eg.

14-Jan-2025 10:18:56.740 general: info: received control channel
command 'reload'
14-Jan-2025 10:18:56.740 general: info: loading configuration from
'/etc/bind/named.conf'
14-Jan-2025 10:18:56.756 general: info: reading built-in trust anchors
from file '/etc/bind/bind.keys'
14-Jan-2025 10:18:56.756 general: info: looking for GeoIP2 databases
in '/usr/share/GeoIP'
14-Jan-2025 10:18:56.756 general: info: using default UDP/IPv4 port
range: [32768, 60999]
14-Jan-2025 10:18:56.756 general: info: using default UDP/IPv6 port
range: [32768, 60999]
14-Jan-2025 10:18:56.756 general: info: sizing zone task pool based on 16 zones
14-Jan-2025 10:18:56.756 security: info: obtaining root key for view
_default from '/etc/bind/bind.keys'
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 10.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
16.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
17.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
18.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
19.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
20.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
21.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
22.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
23.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
24.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
25.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
26.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
27.172.IN-ADDR.ARPA
14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone:
28.172.IN-ADDR.ARPA
   ... etc ...

lookups for 10.0.0.0/8, 172.16.0.0/12, etc. shouldn't hit the root
name servers and with all those automatic empty zones they don't.

The way I read rfc6761, foo.localhost should resolve to 127.0.0.1 (or
::1 for an aaaa lookup).  Am I wrong?

If I'm not wrong, why isn't *.localhost included as one of the zones
that's configured by default?

Thanks
Lee

>
>
>
> Jan 12, 2025 6:36:03 PM Lee:
>
> > On Sun, Jan 12, 2025 at 5:15 PM Eric wrote:
> >>
> >> That is means that the 'domain' is reserved and can be used locally. It doesn't specify all records in that namespace / domain will resolve to 127.0.01.
> >>
> >> Think of it like .com
> >>
> >> If you want every A record in *.localhost to resolve to 127.0.0.1 what you did will do that.
> >
> > Did you look at the RFC?
> >
> >    4.  Caching DNS servers SHOULD recognize localhost names as special
> >        and SHOULD NOT attempt to look up NS records for them, or
> >        otherwise query authoritative DNS servers in an attempt to
> >        resolve localhost names.  Instead, caching DNS servers SHOULD,
> >        for all such address queries, generate an immediate positive
> >        response giving the IP loopback address...
> >
> >    5.  Authoritative DNS servers SHOULD recognize localhost names as
> >        special and handle them as described above for caching DNS
> >        servers.
> >
> > So OK.. SHOULD isn't the same as MUST so bind as configured isn't
> > violating that RFC.  But is there a _good_ reason to not follow the
> > SHOULD recommendation?
> >
> > Thanks,
> > Lee
> >
> >>
> >> Jan 12, 2025 4:38:09 PM Lee:
> >>
> >>> Excuse my ignorance, but
> >>>
> >>> https://datatracker.ietf.org/doc/html/rfc6761#section-6.3
> >>>
> >>>    The domain "localhost." and any names falling within ".localhost."
> >>>    are special in the following ways:
> >>>
> >>> sure seems to mean that if I lookup curlmachine.localhost I should get
> >>> a 127.0.0.1 or ::1 address returned.  Correct?
> >>>
> >>> I had to change my db.local file to
> >>>
> >>> $ cat db.local
> >>> ;
> >>> ; BIND data file for local loopback interface
> >>> ;
> >>> $TTL    604800
> >>> @       IN      SOA     localhost. root.localhost. (
> >>>                               3         ; Serial
> >>>                          604800         ; Refresh
> >>>                           86400         ; Retry
> >>>                         2419200         ; Expire
> >>>                          604800 )       ; Negative Cache TTL
> >>> ;
> >>> @       IN      NS      localhost.
> >>> @       IN      A       127.0.0.1
> >>> @       IN      AAAA    ::1
> >>>
> >>> *       IN      A       127.0.0.1
> >>>         IN      AAAA    ::1
> >>>
> >>>
> >>> to make localhost and curl.localhost work.
> >>>
> >>> Is this wrong?  and if so, why?
> >>>
> >>> TIA,
> >>> Lee
> >>> --
> >>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> >>>
> >>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> >>>
> >>>
> >>> bind-users mailing list
> >>> bind-users at lists.isc.org
> >>> https://lists.isc.org/mailman/listinfo/bind-users