[avahi] Multicast DNS and the Unicast .local Domain

Aldrin Martoq amartoq at dcc.uchile.cl
Tue Jun 23 14:27:23 PDT 2009

On Sat, Jun 20, 2009 at 5:02 AM, Carsten<carsten at strotmann.de> wrote:
>> I don´t think that your solution is the best for the presented
>> problem; everyone can´t afford a DNS Server and make the internet
>> better. If we are really using .local as a standard for LAN
>> communications, then we should fix the resolv libraries instead.
> I'm not proposing that everyone should run a DNS Server to make the
> Internet better. Not everyone operates an DNS Server, however (almost)
> everyone is using an resolving DNS Server (home users use their ISPs DNS
> resolvers, enterprise users use the DNS resolvers), and the operators
> might have a ".local" unicast DNS Zone for the purpose to stop ".local"
> requests to bubble up to the Internet Root DNS Server.

Hi Carsten, I guess I didn't explain myself very well. Take for example BCP 32:

It explicitly defines .test .example .localhost an other TLD's as invalid.

What I really want is that .local be defined as THE TLD for zeroconf,
and even further: as recommendation that any resolv library ignore the

> Fixing the resolv library will not help, because the issue mostly
> happens with operating systems that have no MDNS and will also never
> updated (like old OS/2, Win NT, older Linux, embedded OS etc). The
> average user cannot tell if "example.local" is a valid DNS name in his
> environment or not, because the average user does not know if MDNS is
> enabled in the network he/she is working in. The User learns while
> working in an network with MDNS enabled, that he/she can address
> machines with a ".local" name and then will use this learned pattern
> even in non-MDNS networks (resulting in bogus DNS requests going to the
> root DNS).

Of course, there will be operating systems that are/will not be
updated; but that shouldn't limit us where we should go from now...

So "let's fix the resolvers" means "let's use .local exclusively for zeroconf".

>> About avahi behavior, I guess a configurable option like
>> --skip-dns-check should fix your [unwanted by developers for good
>> reasons] setup. If such an option doesn´t exist, you have the code and
>> maybe send a patch.
> My personal setup was use as an example, stopping pseudo TLD Domains at
> the resolver level is kind of recommended practice. The code to fix is
> the code published on the Avahi Wiki, it's not something to be fixed in
> the Avahi Codebase.
> Basically the snipped below should be enhanced to distinguish empty
> ".local" zones  (good) from used zones (not good).
> if host -t SOA local. > /dev/null 2> /dev/null ; then
>    # Hoho! There is a domain .local in unicast DNS! Let's disable Avahi!
> I will try to get feedback on this matter from a DNS related community
> and come back with an suggestion on a possible enhancement to the init
> script code presented in the wiki.

Well, If that code is in the init script it doesn't change too much...
Instead of --skip-dns-check, you can try something like
"SKIP_DNS_CHECK=FALSE" as default in some /etc/defaults/avahi config
or similar; and propose that.


Aldrin Martoq

More information about the avahi mailing list