On Sun, Jan 12, 2025 at 9:39 PM Eric wrote: > > I did, but my thought would be it's up to the dns admin to define those zone > configurations as you have done. I may be wrong though.
I may be wrong also - which is why I'm asking :) There seems to be a long list of things bind tries to serve locally to prevent them from hitting the root servers - eg. 14-Jan-2025 10:18:56.740 general: info: received control channel command 'reload' 14-Jan-2025 10:18:56.740 general: info: loading configuration from '/etc/bind/named.conf' 14-Jan-2025 10:18:56.756 general: info: reading built-in trust anchors from file '/etc/bind/bind.keys' 14-Jan-2025 10:18:56.756 general: info: looking for GeoIP2 databases in '/usr/share/GeoIP' 14-Jan-2025 10:18:56.756 general: info: using default UDP/IPv4 port range: [32768, 60999] 14-Jan-2025 10:18:56.756 general: info: using default UDP/IPv6 port range: [32768, 60999] 14-Jan-2025 10:18:56.756 general: info: sizing zone task pool based on 16 zones 14-Jan-2025 10:18:56.756 security: info: obtaining root key for view _default from '/etc/bind/bind.keys' 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 10.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 16.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 17.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 18.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 19.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 20.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 21.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 22.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 23.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 24.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 25.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 26.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 27.172.IN-ADDR.ARPA 14-Jan-2025 10:18:56.756 zoneload: info: automatic empty zone: 28.172.IN-ADDR.ARPA ... etc ... lookups for 10.0.0.0/8, 172.16.0.0/12, etc. shouldn't hit the root name servers and with all those automatic empty zones they don't. The way I read rfc6761, foo.localhost should resolve to 127.0.0.1 (or ::1 for an aaaa lookup). Am I wrong? If I'm not wrong, why isn't *.localhost included as one of the zones that's configured by default? Thanks Lee > > > > Jan 12, 2025 6:36:03 PM Lee: > > > On Sun, Jan 12, 2025 at 5:15 PM Eric wrote: > >> > >> That is means that the 'domain' is reserved and can be used locally. It > >> doesn't specify all records in that namespace / domain will resolve to > >> 127.0.01. > >> > >> Think of it like .com > >> > >> If you want every A record in *.localhost to resolve to 127.0.0.1 what you > >> did will do that. > > > > Did you look at the RFC? > > > > 4. Caching DNS servers SHOULD recognize localhost names as special > > and SHOULD NOT attempt to look up NS records for them, or > > otherwise query authoritative DNS servers in an attempt to > > resolve localhost names. Instead, caching DNS servers SHOULD, > > for all such address queries, generate an immediate positive > > response giving the IP loopback address... > > > > 5. Authoritative DNS servers SHOULD recognize localhost names as > > special and handle them as described above for caching DNS > > servers. > > > > So OK.. SHOULD isn't the same as MUST so bind as configured isn't > > violating that RFC. But is there a _good_ reason to not follow the > > SHOULD recommendation? > > > > Thanks, > > Lee > > > >> > >> Jan 12, 2025 4:38:09 PM Lee: > >> > >>> Excuse my ignorance, but > >>> > >>> https://datatracker.ietf.org/doc/html/rfc6761#section-6.3 > >>> > >>> The domain "localhost." and any names falling within ".localhost." > >>> are special in the following ways: > >>> > >>> sure seems to mean that if I lookup curlmachine.localhost I should get > >>> a 127.0.0.1 or ::1 address returned. Correct? > >>> > >>> I had to change my db.local file to > >>> > >>> $ cat db.local > >>> ; > >>> ; BIND data file for local loopback interface > >>> ; > >>> $TTL 604800 > >>> @ IN SOA localhost. root.localhost. ( > >>> 3 ; Serial > >>> 604800 ; Refresh > >>> 86400 ; Retry > >>> 2419200 ; Expire > >>> 604800 ) ; Negative Cache TTL > >>> ; > >>> @ IN NS localhost. > >>> @ IN A 127.0.0.1 > >>> @ IN AAAA ::1 > >>> > >>> * IN A 127.0.0.1 > >>> IN AAAA ::1 > >>> > >>> > >>> to make localhost and curl.localhost work. > >>> > >>> Is this wrong? and if so, why? > >>> > >>> TIA, > >>> Lee > >>> -- > >>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > >>> from this list > >>> > >>> ISC funds the development of this software with paid support > >>> subscriptions. Contact us at https://www.isc.org/contact/ for more > >>> information. > >>> > >>> > >>> bind-users mailing list > >>> bind-users@lists.isc.org > >>> https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
