Le 14/01/2025 à 16:56, Lee a écrit :
On Tue, Jan 14, 2025 at 9:06 AM Petr Špaček wrote:
....
It does not serve 'legitimate' purpose by itself, it just lowers cost of
leaked nonsense queries.
I guess it applies to most (all?) special-use names: The local
authoritative zone is to defined to cut down the nonsense traffic which
is leaking to the network. In the ideal world none of this would be
necessary.
I strongly second this.
Two questions:
Should bind answer when asked for an A record for random.name.localhost?
No. The A and AAA record avoid breaking anything and the zone definition
cut leaking request.
Theses leaks should not have happened in the first place (RFC6761
software compliance) but ...
All other type or subdomain requests are non sense and the answer must
be empty (other localhost rrtype) or NXDOMAIN (any subdomain type)
otherwise you will introduce a new behavior that sommes will rely on. It
will violate RFC6761 6.3.6.
localhost is defined as a (local) hostname of the loopback interface,
not a domain name.
If so, does the ISC ship a db.local with a wildcard - eg.
--- cut here ---
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
* IN A 127.0.0.1
IN AAAA ::1
--- cut here ---
to answer for any .localhost name?
Don't please. See RFC6761
Emmanuel.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
