From owner-freebsd-security Thu Nov 18 12:42:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 2394915459 for ; Thu, 18 Nov 1999 12:42:21 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id MAA25511 for security@FreeBSD.ORG; Thu, 18 Nov 1999 12:42:19 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199911182042.MAA25511@gndrsh.dnsmgr.net> Subject: Re: [Systalk] localhost.org (fwd) In-Reply-To: <199911181939.LAA22796@kithrup.com> from Sean Eric Fagan at "Nov 18, 1999 11:39:34 am" To: security@FreeBSD.ORG Date: Thu, 18 Nov 1999 12:42:19 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > In article <199911181629.IAA85609.kithrup.freebsd.security@apollo.backplane.com> you write: > > No, you are absolutely right. I was about to comment on that > > myself. My domain is 'backplane.com' but the hostname I use for > > my main machine is 'apollo.backplane.com', not 'backplane.com'. > > I then simply route backplane.com's MX records and, of course, > > www.backplane.com, to apollo. > > I think it may be necessary to document this better... it's something I've > been doing for years, and never gave a thought to it. I "just knew" that the > domain name shouldn't be used as an actual hostname. It should be in a ``current best practices'' RFC some place, this and a few other things like you shouldn't really ever assign an A record to a 2nd level domain, but rather use MX, etc all. I don't know how many A records on 2nd levels I've had to cleanup for folks, but it seems there are folks out there who think this is the right thing to be doing :-(. And to go alone with this thread it should be verboten to register the domain names ``localhost'' or ``localnet'' as 2 level domains. Infact the .com, .org, .net, .mil, .edu should already have an A record of localhost and localnet in them, just like every other zone. These are after all reserved names with special meanings. IMNSO there should even be a set of TLD's, localhost. and localnet.. Another best practive often not done correctly is the reverse zome for 127.in-addr.arpa. Yes, thats right, I said 127.in-addr.arpa, not 0.0.127.in-addr.arpa. And that is where the error is made, even in the bind documentation and in what FreeBSD distributes. Here is a proper zone file: ; ; 127.in-addr.arpa ; @ IN SOA gndrsh.dnsmgr.net. root.gndrsh.dnsmgr.net. ( 1999031300 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum IN NS gndrsh.dnsmgr.net. 0.0.0 IN PTR localnet.dnsmgr.net. IN A 255.0.0.0 1.0.0 IN PTR localhost.dnsmgr.net. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message