Subject: Re: defining 'localhost' (was: CVS commit: src/usr.sbin/ntp/ntptrace)
To: Matthias Scheler <tron@zhadum.de>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 12/31/2003 04:30:55 
[ On Monday, December 29, 2003 at 16:51:31 (+0000), Matthias Scheler wrote: ]
> Subject: Re: CVS commit: src/usr.sbin/ntp/ntptrace
>
> In article <Pine.NEB.4.58.0312281144190.207@seduction.immanent.net>,
> 	Frederick Bruckman <fredb@immanent.net> writes:
> > Ah. I don't get that error because I have localhost in my nameserver:
> > 
> >   # host localhost
> >   localhost.immanent.net has address 127.0.0.1
> >   localhost.immanent.net has address ::1
> > 
> > but that's a hack, too.
> 
> No, it's actually a recommendation in some RFC - don't ask me for the number.

Well, yes, but the recommendation is that it should _not_ be done quite
like Frederick shows above.

See the end for a pointer to a complete ready-to-use solution, and/or
read on for more detailed explanation.

All you really need to provide DNS for your loopback address is a
"localhost" zone that contains at minimum the following three records:

	localhost.              IN      SOA     localhost. hostmaster.localhost. (
	                        2003073113      ;serial number (version)
	                        28800   ;slave refresh period (8 hours)
	                        7200    ;slave retry interval (2 hours)
	                        14515200        ;slave expire time (24 weeks)
	                        57600   ;negative response TTL (16 hours)
	                        )
	localhost.              IN      NS      localhost.
	localhost.              IN      A       127.0.0.1

This is as per RFC 1912, which is really just an informational document.
(note that BCP 32, aka RFC 2606, does reserve the TLD "localhost")

You may want a "localhost.mydomain.example" CNAME to get around bugs in
the many programs that think they're smarter than they actually are.
For example I have:

	localhost.weird.com.    IN      CNAME   localhost.

However as per the discussion in RFC 1912 you don't really want to
include your local domain name on the actual hostname pointing to the
loopback address.

You might also want this one for IPv6 support:

	localhost.              IN      AAAA    ::1

And for helping out netstat and similar tools with RFC 1101 compatible
names you'll want these records as well:

	  loopback-net.localhost. 	IN      A       127.0.0.0

	loopback-bcast.localhost.       IN      A       127.255.255.255

You'll probably also want a corresponding reverse zone too (or three
zones if you want zone cuts at all the octet levels as I do):

	      127.in-addr.arpa. IN      NS      localhost.

	    0.127.in-addr.arpa. IN      NS      localhost.

	  0.0.127.in-addr.arpa. IN      NS      localhost.

	1.0.0.127.in-addr.arpa. IN      PTR     localhost.

and for the RFC 1101 names:

	0.0.0.127.in-addr.arpa. IN      A       255.0.0.0
	0.0.0.127.in-addr.arpa. IN      PTR     loopback-net.localhost.

	    255.127.in-addr.arpa.       IN      NS      localhost.

	255.255.127.in-addr.arpa.       IN      NS      localhost.

    255.255.255.127.in-addr.arpa.       IN      PTR     loopback-bcast.localhost.


There are some other "local" zones that you should have too (also
documented in RFC 1912), and then there are the tricks to speed up
queries for RFC 1918 related records....

A complete set of BIND config and zone files providing these and the
other basic zones needed for building a "turn-key" local caching server
can be found here:

	ftp://ftp.weird.com/pub/local/named-sample-conf.src.shar

-- 
						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>          Secrets of the Weird <woods@weird.com>