Date: Thu, 18 Nov 1999 12:42:19 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: security@FreeBSD.ORG Subject: Re: [Systalk] localhost.org (fwd) Message-ID: <199911182042.MAA25511@gndrsh.dnsmgr.net> In-Reply-To: <199911181939.LAA22796@kithrup.com> from Sean Eric Fagan at "Nov 18, 1999 11:39:34 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> In article <199911181629.IAA85609.kithrup.freebsd.security@apollo.backplane.com> you write:
> > No, you are absolutely right. I was about to comment on that
> > myself. My domain is 'backplane.com' but the hostname I use for
> > my main machine is 'apollo.backplane.com', not 'backplane.com'.
> > I then simply route backplane.com's MX records and, of course,
> > www.backplane.com, to apollo.
>
> I think it may be necessary to document this better... it's something I've
> been doing for years, and never gave a thought to it. I "just knew" that the
> domain name shouldn't be used as an actual hostname.
It should be in a ``current best practices'' RFC some place, this and a
few other things like you shouldn't really ever assign an A record to
a 2nd level domain, but rather use MX, etc all. I don't know how many
A records on 2nd levels I've had to cleanup for folks, but it seems there
are folks out there who think this is the right thing to be doing :-(.
And to go alone with this thread it should be verboten to register
the domain names ``localhost'' or ``localnet'' as 2 level domains.
Infact the .com, .org, .net, .mil, .edu should already have an A
record of localhost and localnet in them, just like every other zone.
These are after all reserved names with special meanings.
IMNSO there should even be a set of TLD's, localhost. and localnet..
Another best practive often not done correctly is the reverse zome for
127.in-addr.arpa. Yes, thats right, I said 127.in-addr.arpa, not
0.0.127.in-addr.arpa. And that is where the error is made, even in the
bind documentation and in what FreeBSD distributes. Here is a proper
zone file:
;
; 127.in-addr.arpa
;
@ IN SOA gndrsh.dnsmgr.net. root.gndrsh.dnsmgr.net. (
1999031300 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS gndrsh.dnsmgr.net.
0.0.0 IN PTR localnet.dnsmgr.net.
IN A 255.0.0.0
1.0.0 IN PTR localhost.dnsmgr.net.
--
Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911182042.MAA25511>