Bug#55032: Bind should support RFC2606

Sat, 05 Sep 2015 12:27:42 -0700 

Kai Henningsen wrote:
> Bind comes with local zones for localhost, 127.* and so on. This is good.
> 
> Bind should also have local zones for the domains in RFC 2606, though:
> .test
> .example
> .invalid
> .localhost
> .example.{com,net,org}

Hi,

Since this bug was filed, BIND9 has replaced BIND8 in the Debian
archive, and RFC 2606 has been updated by RFC 6761.

BIND has a "built-in empty zones" feature that causes queries for
certain zones to be answered locally, without recursion.  The list of
built-in empty zones can be found here:

http://sources.debian.net/src/bind9/1:9.9.5.dfsg-12/bin/named/server.c/#L238-L351

It does not include any zones listed in this bug report.

The bind9 package ships with a zone file with default content for
".localhost".  Taking the other zones in your list:

.test

  RFC 6761 §6.2 says:

   4.  Caching DNS servers SHOULD recognize test names as special and
       SHOULD NOT, by default, attempt to look up NS records for them,
       or otherwise query authoritative DNS servers in an attempt to
       resolve test names.  Instead, caching DNS servers SHOULD, by
       default, generate immediate negative responses for all such
       queries.  This is to avoid unnecessary load on the root name
       servers and other name servers.  Caching DNS servers SHOULD offer
       a configuration option (disabled by default) to enable upstream
       resolving of test names, for use in networks where test names are
       known to be handled by an authoritative DNS server in said
       private network.

.invalid

  RFC 6761 §6.4 says:

   4.  Caching DNS servers SHOULD recognize "invalid" names as special
       and SHOULD NOT attempt to look up NS records for them, or
       otherwise query authoritative DNS servers in an attempt to
       resolve "invalid" names.  Instead, caching DNS servers SHOULD
       generate immediate NXDOMAIN responses for all such queries.  This
       is to avoid unnecessary load on the root name servers and other
       name servers.

.example, .example.com, .example.net, .example.org

  RFC 6761 §6.5 says:

   4.  Caching DNS servers SHOULD NOT recognize example names as special
       and SHOULD resolve them normally.

So, .test and .invalid should probably be added to BIND9's default list
of built-in empty zones, while the example names definitely should not.

I've submitted a request to the upstream bug tracker to add .test and
.invalid to the list of built-in empty zones (ISC-Bugs #40607).

-- 
Robert Edmonds
[email protected]

Reply via email to