| Subject: | Add "test.", "invalid." to built-in empty zones |
| Date: | Fri, 4 Sep 2015 14:01:20 -0400 |
| To: | bind9-bugs@isc.org |
| From: | "Robert Edmonds" <edmonds@debian.org> |
Hi,
According to the BIND 9 ARM, named has a default list of empty zones:
These are for zones that should normally be answered locally and
which queries should not be sent to the Internet's root servers.
This list doesn't appear to include the "test." or "invalid." domains
from RFC 6761 "Special-Use Domain Names". The behavior specified for
these domains appears to match the behavior provided by BIND's empty
zone functionality, so (IMO) these two domains should be added to the
list.
[...]
6.2. Domain Name Reservation Considerations for "test."
[...]
4. Caching DNS servers SHOULD recognize test names as special and
SHOULD NOT, by default, attempt to look up NS records for them,
or otherwise query authoritative DNS servers in an attempt to
resolve test names. Instead, caching DNS servers SHOULD, by
default, generate immediate negative responses for all such
queries. This is to avoid unnecessary load on the root name
servers and other name servers. Caching DNS servers SHOULD offer
a configuration option (disabled by default) to enable upstream
resolving of test names, for use in networks where test names are
known to be handled by an authoritative DNS server in said
private network.
[...]
6.4. Domain Name Reservation Considerations for "invalid."
[...]
4. Caching DNS servers SHOULD recognize "invalid" names as special
and SHOULD NOT attempt to look up NS records for them, or
otherwise query authoritative DNS servers in an attempt to
resolve "invalid" names. Instead, caching DNS servers SHOULD
generate immediate NXDOMAIN responses for all such queries. This
is to avoid unnecessary load on the root name servers and other
name servers.
[...]
--
Robert Edmonds
edmonds@debian.org