"localhost." domain returning NXDOMAIN

80 views

Skip to first unread message

Paul Haldane

unread,

Dec 17, 2015, 9:21:22 PM12/17/15

to public-dns-discuss

RFC6761 says (section 6.3) ...

The domain "localhost." and any names falling within ".localhost."
are special in the following ways:
...
4. Caching DNS servers SHOULD recognize localhost names as special
and SHOULD NOT attempt to look up NS records for them, or
otherwise query authoritative DNS servers in an attempt to
resolve localhost names. Instead, caching DNS servers SHOULD,
for all such address queries, generate an immediate positive
response giving the IP loopback address, ...

However when I try "localhost." against 8.8.8.8 I get NXDOMAIN ...

nph9@goat$ dig +noquestion localhost. @8.8.8.8

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> +noquestion localhost. @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17566
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; AUTHORITY SECTION:
.                       1010    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2015121701 1800 900 604800 86400

There doesn't seem to be any consensus amongst the public DNS servers I've tried about this, for example Level 3 seem to follow the RFC ...


nph9@goat$ dig +noquestion localhost. @resolver1.level3.net.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> +noquestion localhost. @resolver1.level3.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41135
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; ANSWER SECTION:
localhost.              86400   IN      A       127.0.0.1

I suspect that most of the time this doesn't matter because devices "know" the mapping between localhost and 127.0.0.1 but there are some devices (HP m176n series of MFPs seems to be an example) which don't. With the m176n a NXDOMAIN response to localhost lookup leads to repeated queries for the same thing (I was seeing over 1000 requests/second from a single device).

Have I interpreted these results correctly?

If so does Google's public DNS service deliberately not follow the RFC? And if so why? I'm especially interested because I've just changed our local caching servers to return 127.0.0.1 for localhost. rather than NXDOMAIN.

Paul

Reply all

Reply to author

Forward

0 new messages