In message <twig.1251478975.23...@swcp.com>, "Bill Larson" writes: > John Horne <john.ho...@plymouth.ac.uk> said: > > > Hello, > > > > I noticed one of the root servers stats > > ( http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl? > window=604800&plot=qtype_vs_invalid_tld&server=L-root ) of queried invalid > TLDs, as at the moment we have no 'local.' or 'lan.' zones configured. > Hence, any such queries from us go out to the Internet (sorry). > > > > I gather that these zones are used by MS and MAC servers to some extent, > > so I am wondering if it would be better to simply create an empty zone > > or one with a wildcard in it? Or does it make any difference? (I have no > > idea what the zones are used for.) > > The "*.local" names are used by MacOS X as an implementation of the "DNS > Service Discovery" (DNS-SD). I don't know anything special about the "lan" > name. > > For MacOS X, if the system makes a query for something of the > form "*.local", it does NOT go to a standard DNS server and the query is > kept locally on the LAN. (DNS-SD queries are normally not routed, although > they can be if you configure things that way.) > > Unless you are going to be performing queries for names of the > form "*.local" or "*.lan", I wouldn't suggest configuring these zones on > your server. The difference should be absolutely miniscule. > > > Whilst we have already configured zones for private (RFC 1918) zones, > > and several other 'local' type forward and reverse zones, would it be > > worth creating zones for 'belkin.', 'invalid.' and so on? Is that > > something that others do? > > Again, why bother, unless you are using these types of names such that there > would be legitimate queries for them. I don't believe this would be > considered a "common practice". > > If you really are worried that you are going to be querying the root servers > for these "invalid" names, you can alway simply watch for these DNS queries > on your network. If you see a significant number of these queries, then you > could try and set up zones to provide SOME type of answer for these > queries. Or, you could spend the same amount of time tracking down the > systems that are making these queries and fixing them at that end instead. > > > I came across the above web site of stats by accident, but can't seem to > > find stats from other root servers. Anyone know if there are other stats > > available? > > This information is nice but not critical to the operation of a DNS server. > There are also papers available discussing improperly configured DNS servers > and improper DNS queries and their impact on the root servers. A lot of > good information of this manner can be found at www.dns-oarc.net. > > Bill Larson > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
Or one can just configure your recursive server as a stealth slave of the root zone. You make a qery every hour or so and transfer it twice a day. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
