localhost name lookup
Emmanuel Fusté
manu.fuste at gmail.com
Tue Jan 14 21:47:35 UTC 2025
Le 14/01/2025 à 16:56, Lee a écrit :
> On Tue, Jan 14, 2025 at 9:06 AM Petr Špaček wrote:
>> ....
>> It does not serve 'legitimate' purpose by itself, it just lowers cost of
>> leaked nonsense queries.
>>
>> I guess it applies to most (all?) special-use names: The local
>> authoritative zone is to defined to cut down the nonsense traffic which
>> is leaking to the network. In the ideal world none of this would be
>> necessary.
I strongly second this.
> Two questions:
>
> Should bind answer when asked for an A record for random.name.localhost?
No. The A and AAA record avoid breaking anything and the zone definition
cut leaking request.
Theses leaks should not have happened in the first place (RFC6761
software compliance) but ...
All other type or subdomain requests are non sense and the answer must
be empty (other localhost rrtype) or NXDOMAIN (any subdomain type)
otherwise you will introduce a new behavior that sommes will rely on. It
will violate RFC6761 6.3.6.
localhost is defined as a (local) hostname of the loopback interface,
not a domain name.
>
> If so, does the ISC ship a db.local with a wildcard - eg.
> --- cut here ---
> @ IN NS localhost.
> @ IN A 127.0.0.1
> @ IN AAAA ::1
>
> * IN A 127.0.0.1
> IN AAAA ::1
> --- cut here ---
>
> to answer for any .localhost name?
Don't please. See RFC6761
Emmanuel.
More information about the bind-users
mailing list