<div dir="ltr">Hi Robert.<div>Having localhost in /etc/hosts works if both of these conditions are satisfied, I think:</div><div>1) The client asking the question is on the same box.</div><div>2) /etc/nsswitch.conf has been configured to look in hosts first, DNS second</div><div><br></div><div>If the client is local but nsswitch says to do DNS first then nameserver entries in /etc/resolv.conf determine where queries are sent, which could be a local instance of BIND.</div><div><br></div><div>If the local BIND is authoritative for localhost/.local etc. then it should respond in microseconds. I don't know how this would compare with a lookup into hosts. I suspect hosts would be slower since it requires disc access? Unless hosts is cached?. Honestly, I don't know the answer to that one.</div><div><br></div><div>If the client is remote it won't go anywhere near hosts, so it might be useful to have localhost in DNS anyway?</div><div><br></div><div>My 2p.</div><div>Cheers, Greg</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Tue, 14 Jan 2025 at 11:56, Robert Wagner <<a href="mailto:rwagner@tesla.net">rwagner@tesla.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1466290092084750497">
<div dir="ltr">
<div>All,<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:14pt;color:rgb(0,0,0)">
I wanted to better understand the use-case of having a DNS server provide localhost lookup. I think every OS has a hosts file with localhost set for 127.0.0.1. This is an instantaneous resolution for localhost, rather than going through the process of setting
of a network connection or worse (TCP socket with TLS).</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:14pt;color:rgb(0,0,0)">
Offhand, having a DNS server resolve this seems like unnecessary traffic.</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:14pt;color:rgb(0,0,0)">
I would be interested in the timing difference between having curl.localhost in the hosts file versus your DNS server. </div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:14pt;color:rgb(0,0,0)">
This may also allow your localhost resolution and services to continue should something prevent you from reaching the DNS server (or network delays) - thus improving uptime. </div>
<div id="m_-1466290092084750497Signature">
<div id="m_-1466290092084750497divtagdefaultwrapper" dir="ltr" style="font-size:14pt;font-family:Calibri,Helvetica,sans-serif;color:rgb(0,0,0)">
</div>
</div>
<div id="m_-1466290092084750497appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="m_-1466290092084750497divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> bind-users <<a href="mailto:bind-users-bounces@lists.isc.org" target="_blank">bind-users-bounces@lists.isc.org</a>> on behalf of Eric <<a href="mailto:eric@digitalert.net" target="_blank">eric@digitalert.net</a>><br>
<b>Sent:</b> Sunday, January 12, 2025 9:39 PM<br>
<b>To:</b> Lee <<a href="mailto:ler762@gmail.com" target="_blank">ler762@gmail.com</a>><br>
<b>Cc:</b> <a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a> <<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a>><br>
<b>Subject:</b> Re: localhost name lookup</font>
<div> </div>
</div>
<div><font size="2"><span style="font-size:11pt">
<div>This email originated from outside of TESLA<br>
<br>
Do not click links or open attachments unless you recognize the sender and know the content is safe.<br>
<br>
I did, but my thought would be it's up to the dns admin to define those zone configurations as you have done. I may be wrong though.<br>
<br>
<br>
<br>
Jan 12, 2025 6:36:03 PM Lee <<a href="mailto:ler762@gmail.com" target="_blank">ler762@gmail.com</a>>:<br>
<br>
> On Sun, Jan 12, 2025 at 5:15 PM Eric wrote:<br>
>><br>
>> That is means that the 'domain' is reserved and can be used locally. It doesn't specify all records in that namespace / domain will resolve to 127.0.01.<br>
>><br>
>> Think of it like .com<br>
>><br>
>> If you want every A record in *.localhost to resolve to 127.0.0.1 what you did will do that.<br>
><br>
> Did you look at the RFC?<br>
><br>
> 4. Caching DNS servers SHOULD recognize localhost names as special<br>
> and SHOULD NOT attempt to look up NS records for them, or<br>
> otherwise query authoritative DNS servers in an attempt to<br>
> resolve localhost names. Instead, caching DNS servers SHOULD,<br>
> for all such address queries, generate an immediate positive<br>
> response giving the IP loopback address...<br>
><br>
> 5. Authoritative DNS servers SHOULD recognize localhost names as<br>
> special and handle them as described above for caching DNS<br>
> servers.<br>
><br>
> So OK.. SHOULD isn't the same as MUST so bind as configured isn't<br>
> violating that RFC. But is there a _good_ reason to not follow the<br>
> SHOULD recommendation?<br>
><br>
> Thanks,<br>
> Lee<br>
><br>
>><br>
>> Jan 12, 2025 4:38:09 PM Lee:<br>
>><br>
>>> Excuse my ignorance, but<br>
>>><br>
>>> <a href="https://datatracker.ietf.org/doc/html/rfc6761#section-6.3" target="_blank">https://datatracker.ietf.org/doc/html/rfc6761#section-6.3</a><br>
>>><br>
>>> The domain "localhost." and any names falling within ".localhost."<br>
>>> are special in the following ways:<br>
>>><br>
>>> sure seems to mean that if I lookup curlmachine.localhost I should get<br>
>>> a 127.0.0.1 or ::1 address returned. Correct?<br>
>>><br>
>>> I had to change my db.local file to<br>
>>><br>
>>> $ cat db.local<br>
>>> ;<br>
>>> ; BIND data file for local loopback interface<br>
>>> ;<br>
>>> $TTL 604800<br>
>>> @ IN SOA localhost. root.localhost. (<br>
>>> 3 ; Serial<br>
>>> 604800 ; Refresh<br>
>>> 86400 ; Retry<br>
>>> 2419200 ; Expire<br>
>>> 604800 ) ; Negative Cache TTL<br>
>>> ;<br>
>>> @ IN NS localhost.<br>
>>> @ IN A 127.0.0.1<br>
>>> @ IN AAAA ::1<br>
>>><br>
>>> * IN A 127.0.0.1<br>
>>> IN AAAA ::1<br>
>>><br>
>>><br>
>>> to make localhost and curl.localhost work.<br>
>>><br>
>>> Is this wrong? and if so, why?<br>
>>><br>
>>> TIA,<br>
>>> Lee<br>
>>> --<br>
>>> Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
>>><br>
>>> ISC funds the development of this software with paid support subscriptions. Contact us at
<a href="https://www.isc.org/contact/" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
>>><br>
>>><br>
>>> bind-users mailing list<br>
>>> <a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
>>> <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
--<br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at
<a href="https://www.isc.org/contact/" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</div>
</span></font></div>
</div>
-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</div></blockquote></div>