[Unbound-users] Replacing /etc/hosts aliases with local-data: directive

Chris Smith fixie at chrissmith.org
Tue Mar 29 15:23:56 UTC 2011


On Sat, Mar 26, 2011 at 6:30 AM, Carsten Strotmann <unbound at strotmann.de> wrote:
> you are right, if these queries would only go towards a carefully
> configured resolving DNS Server that terminates this local domain, the
> names will no leak.
>
> However experience shows that the names will show up inside the payload
> of network data (badly designed protocols that embed names in the
> payload) and as an result of this will be looked up in different
> networks where you do not have the control over the DNS and the local
> names are not terminated on the resolving DNS Server.

In my cases, and possibly for others, the DNS is under control but not
all of the client systems (independent agents working in the office
with their own computers). When using a sub-domain of the registered
SLD failed host queries are then retried by the clients with the
parent domain (SLD) creating extra traffic/noise/work. Whereas using a
private TLD like ".office", ".soho", etc. eliminates that issue. Of
course, using the registered SLD directly would also eliminate the
parent lookup but (again in my cases) these are small businesses where
the registered domains public DNS info are served externally (by the
hosting site or registrar) and not used for internal systems on
private addresses.

And as the SLD (ex: "businessname.office") is a (as Windows calls it)
connection specific DNS suffix, and temporary - DHCP assigned when in
the building, it should not be problematic.

Chris



More information about the Unbound-users mailing list