[avahi] Multicast DNS and the Unicast .local Domain
Lennart Poettering
lennart at poettering.net
Wed Jul 22 14:24:43 PDT 2009
On Mon, 13.07.09 10:14, Carsten Strotmann (private) (carsten at strotmann.de) wrote:
> Recent BIND 9 implementations create certain "virtual" zones even if no
> zone of that name is specified in the DNS Servers configuration. These
> zones are for example the zones for the loopback and RFC 1918 private IP
> Address reverse zones.
>
> When queried for the SOA of these zones, BIND returns a valid SOA with a
> serial number of "0".
>
> It might be a solution to configure a ".local" unicast domain that is
> created to stop ".local" queries to leak out to the Internet with a
> serial of '0' and have the Avahi startup script to check against this
> SOA serial value.
>
> A ".local" unicast domain used locally in a LAN would have a serial
> number != 0.
>
> So if Avahi detects a ".local" unicast zone, it can check against the
> serial number. If serial is "0", Ahavi can start without creating an
> issue for the ".local" DNS lookups. If the serial is != 0, Avahi can
> stop with an warning message to not conflict with a ".local" unicast
> zone in use.
Sounds like a good idea. Could you please bring this to the attention
of the Debian/Ubuntu folks who ship that .local detection script? (To
my knowledge the other distros still don't, though they should)
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the avahi
mailing list