d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e99bdb9937
freebsd-dev/contrib/bind9/doc/draft/draft-kato-dnsop-local-zones-00.txt
Tom Rhodes b1e4bd53e0 Vender import of BIND 9.3.0rc4.
2004-09-19 01:30:24 +00:00

296 lines
8.4 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Internet Engineering Task Force Akira Kato, WIDE
INTERNET-DRAFT Paul Vixie, ISC
Expires: August 24, 2003 February 24, 2003
Operational Guidelines for "local" zones in the DNS
draft-kato-dnsop-local-zones-00.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.''
To view the list Internet-Draft Shadow Directories, see
http://www.ietf.org/shadow.html.
Distribution of this memo is unlimited.
The internet-draft will expire in 6 months. The date of expiration will
be August 24, 2003.
Abstract
A large number of DNS queries regarding to the "local" zones are sent
over the Internet in every second. This memo describes operational
guidelines to reduce the unnecessary DNS traffic as well as the load of
the Root DNS Servers.
1. Introduction
While it has yet been described in a RFC, .local is used to provide a
local subspace of the DNS tree. Formal delegation process has not been
completed for this TLD. In spite of this informal status, .local has
been used in many installations regardless of the awareness of the
users. Usually, the local DNS servers are not authoritative to the
.local domain, they end up to send queries to the Root DNS Servers.
There are several other DNS zones which describe the "local"
information. .localhost has been used to describe the localhost for
more than a couple of decades and virtually all of the DNS servers are
configured authoritative for .localhost and its reverse zone .127.in-
KATO Expires: August 24, 2003 [Page 1]
DRAFT DNS local zones February 2003
addr.arpa. However, there are other "local" zones currently used in the
Internet or Intranets connected to the Internet through NATs or similar
devices.
At a DNS server of an university in Japan, half of the DNS queries sent
to one of the 13 Root DNS Servers were regarding to the .local. At
another DNS Server running in one of the Major ISPs in Japan, the 1/4
were .local. If those "local" queries are able to direct other DNS
servers than Root, or they can be resolved locally, it contributes the
reduction of the Root DNS Servers.
2. Rationale
Any DNS queries regarding to "local" names should not be sent to the DNS
servers on the Internet.
3. Operational Guidelines
Those queries should be processed at the DNS servers internal to each
site so that the severs respond with NXDOMAIN rather than sending
queries to the DNS servers outside.
The "local" names have common DNS suffixes which are listed below:
3.1. Local host related zones:
Following two zones are described in [Barr, 1996] and .localhost is also
defined in [Eastlake, 1999] .
o .localhost
o .127.in-addr.arpa
Following two zones are for the loopback address in IPv6 [Hinden, 1998]
. While the TLD for IPv6 reverse lookup is .arpa as defined in [Bush,
2001] , the old TLD .int has been used for this purpose for years
[Thomson, 1995] and many implementations still use .int. So it is
suggested that both zones should be provided for each IPv6 reverse
lookup zone for a while.
o 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int
o 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
3.2. Locally created name space
While the use of .local has been proposed in several Internet-Drafts, it
has not been described in any Internet documents with formal status.
However, the amount of the queries for .local is much larger than
others, it is suggested to resolve the following zone locally:
KATO Expires: August 24, 2003 [Page 2]
DRAFT DNS local zones February 2003
o .local
3.3. Private or site-local addresses
The following IPv4 "private" addresses [Rekhter, 1996] and IPv6 site-
local addresses [Hinden, 1998] should be resolved locally:
o 10.in-addr.arpa
o 16.172.in-addr.arpa
o 17.172.in-addr.arpa
o 18.172.in-addr.arpa
o 19.172.in-addr.arpa
o 20.172.in-addr.arpa
o 21.172.in-addr.arpa
o 22.172.in-addr.arpa
o 23.172.in-addr.arpa
o 24.172.in-addr.arpa
o 25.172.in-addr.arpa
o 26.172.in-addr.arpa
o 27.172.in-addr.arpa
o 28.172.in-addr.arpa
o 29.172.in-addr.arpa
o 30.172.in-addr.arpa
o 31.172.in-addr.arpa
o 168.192.in-addr.arpa
o c.e.f.ip6.int
o d.e.f.ip6.int
o e.e.f.ip6.int
o f.e.f.ip6.int
o c.e.f.ip6.arpa
o d.e.f.ip6.arpa
o e.e.f.ip6.arpa
o f.e.f.ip6.arpa
3.4. Link-local addresses
The link-local address blocks for IPv4 [IANA, 2002] and IPv6 [Hinden,
1998] should be resolved locally:
o 254.169.in-addr.arpa
o 8.e.f.ip6.int
o 9.e.f.ip6.int
o a.e.f.ip6.int
o b.e.f.ip6.int
o 8.e.f.ip6.arpa
o 9.e.f.ip6.arpa
o a.e.f.ip6.arpa
o b.e.f.ip6.arpa
KATO Expires: August 24, 2003 [Page 3]
DRAFT DNS local zones February 2003
4. Suggestions to developers
4.1. Suggestions to DNS software implementors
In order to avoid unnecessary traffic, it is suggested that DNS software
implementors provide configuration templates or default configurations
so that the names described in the previous section are resolved locally
rather than sent to other DNS servers in the Internet.
4.2. Suggestions to developers of NATs or similar devices
There are many NAT or similar devices available in the market.
Regardless of the availability of DNS Servers in those devices, it is
suggested that those devices are able to filter the DNS traffic or
respond to the DNS traffic related to "local" zones by configuration
regardless of its ability of DNS service. It is suggested that this
functionality is activated by default.
5. IANA Consideration
While .local TLD has yet defined officially, there are substantial
queries to the Root DNS Servers as of writing. About 1/4 to 1/2% of the
traffic sent to the Root DNS Servers are related to the .local zone.
Therefore, while it is not formally defined, it is suggested that IANA
delegates .local TLD to an organization.
The AS112 Project [Vixie, ] serves authoritative DNS service for RFC1918
address and the link-local address. It has several DNS server instances
around the world by using BGP Anycast [Hardie, 2002] . So the AS112
Project is one of the candidates to host the .local TLD.
Authors' addresses
Akira Kato
The University of Tokyo, Information Technology Center
2-11-16 Yayoi Bunkyo
Tokyo 113-8658, JAPAN
Tel: +81 3-5841-2750
Email: kato@wide.ad.jp
Paul Vixie
Internet Software Consortium
950 Charter Street
Redwood City, CA 94063, USA
Tel: +1 650-779-7001
Email: vixie@isc.org
KATO Expires: August 24, 2003 [Page 4]
DRAFT DNS local zones February 2003
References
To be filled
References
Barr, 1996.
D. Barr, "Common DNS Operational and Configuration Errors" in RFC1912
(February 1996).
Eastlake, 1999.
D. Eastlake, "Reserved Top Level DNS Names" in RFC2606 (June 1999).
Hinden, 1998.
R. Hinden and S. Deering, "IP Version 6 Addressing Architecture" in
RFC2373 (July 1998).
Bush, 2001.
R. Bush, "Delegation of IP6.ARPA" in RFC3152 (August 2001).
Thomson, 1995.
S. Thomson and C. Huitema, "DNS Extensions to support IP version 6" in
RFC1886 (December 1995).
Rekhter, 1996.
Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear,
"Address Allocation for Private Internets" in RFC1918 (February 1996).
IANA, 2002.
IANA, "Special-Use IPv4 Addresses" in RFC3330 (September 2002).
Vixie, .
P. Vixie, "AS112 Project" in AS112. http://www.as112.net/.
Hardie, 2002.
T. Hardie, "Distributing Authoritative Name Servers via Shared Unicast
Addresses" in RFC3258 (April 2002).
KATO Expires: August 24, 2003 [Page 5]
Reference in New Issue View Git Blame Copy Permalink