Impact of having loghost defined in DNS...?

Kevin Darcy kcd at daimlerchrysler.com
Wed Dec 1 00:50:54 UTC 2004 

Danny Mayer wrote:

>At 12:31 AM 11/29/2004, Gregory Hicks wrote:
>
>  
>
>>>Date: Sun, 28 Nov 2004 19:19:38 -0500
>>>From: Danny Mayer <mayer at gis.net>
>>>
>>>At 04:40 AM 11/28/2004, Gregory Hicks wrote:
>>>      
>>>
>>>>Greetings:
>>>>
>>>>Not sure if this is "on-topic" or not, but what would you expect the
>>>>impact of defining "loghost" to be 127.0.0.1 via DNS...
>>>>
>>>>My db.127.0.0 PTR file already has
>>>>
>>>>1.0.0.127.IN-ADDR.ARPA.         IN  PTR   localhost.
>>>>
>>>>entered, and I don't see how any other name can be added to this when
>>>>running under Bind 9.3...
>>>>        
>>>>
>>>You can add as many records as you like. However there are no known
>>>applications that ever look beyond the first record nor is it clear why
>>>it would need to.
>>>
>>>      
>>>
>>>>It would be possible to define loghost as
>>>>
>>>>loghost.example.com.    IN A 127.0.0.1
>>>>localhost.example.com.  IN A 127.0.0.1
>>>>
>>>>in the main zone file, but I don't see any other way to do it other
>>>>than defining the entry in the /etc/hosts file.
>>>>        
>>>>
>>>Those are valid records. /etc/hosts only affects the local system.
>>>
>>>      
>>>
>>>>Any thoughts on any potential impacts?
>>>>        
>>>>
>>>No impact. It's not clear why you want to define a "loghost". Maybe
>>>you should tell us the problem you are trying to solve instead
>>>of this non-problem.
>>>      
>>>
>>I, and several others, were asked the following:
>>
>>What impact, if any, would there be if we were to add 'loghost' as an
>>alias to 'localhost' in DNS/LDAP/NIS?
>>
>>My response to this was:
>>
>>"loghost" is generally, the "logging" host for syslogd via syslog.conf,
>>so ...
>>    
>>
>
>That sounds more like a convention. It's not a standard name. You
>can define anything you want in syslog.conf.
>
>  
>
>>"loghost" should be defined in /etc/hosts on each machine and should be
>>an alias for the name/IP address of that particular machine.
>>    
>>
>
>Why? If it's always the local machine you may just as well use localhost
>and define it in the DNS.
>
>  
>
>>It is OK to put the loghost entry on the 'localhost' entry on each
>>machine.  Almost all current OSs make this as the default entry, but
>>"loghost" should NOT be defined in LDAP/host/DNS.
>>    
>>
>
>Why not? LDAP/host/DNS doesn't care
>
>  
>
>>  The 127.0.0.1
>>hostname/IP address is defined on each machine in /etc/hosts thusly:
>>
>>127.0.0.1 localhost
>>
>>This is the ONLY place that the entry is valid.
>>    
>>
>
>No, you can define it in DNS.
>
>  
>
>>  There is no "domain"
>>for "localhost" that is a standard.  (Linux uses "localdomain" but this
>>is ALSO only valid for the local machine since there is no TLD called
>>"localdomain".)
>>    
>>
>
>Sure there is. I have a localhost domain on every machine on which
>I've put up a nameserver. DNS doesn't care. I think you'll find
>that everyone else does too. I don't use /etc/hosts on any machine
>that I have control over. See this:
>
> >dig localhost A
>
>; <<>> DiG 9.3.0 <<>> localhost A
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 321
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;localhost.                     IN      A
>
>;; ANSWER SECTION:
>localhost.              3600    IN      A       127.0.0.1
>
>;; AUTHORITY SECTION:
>localhost.              3600    IN      NS      localhost.
>
>;; Query time: 270 msec
>;; SERVER: 10.10.10.1#53(10.10.10.1)
>;; WHEN: Mon Nov 29 19:58:23 2004
>;; MSG SIZE  rcvd: 57
>
>  
>
>>However, if you DO define it in DNS, then the db.127.0.0 file on ALL
>>dns servers should be updated...  However, the PTR records do not
>>really allow for multiple names having the same IP address....
>>    
>>
>
>Not true. DNS doesn't care how many PTR records you have.
>There aren't any applications that make use of more than one
>record but then you haven't said why you need a PTR record
>in the first place.
>
>
>  
>
>>when you look up "localhost" via DNS, you are NOT
>>looking up "localhost" as the OS understands it.
>>    
>>
>
>Then you don't have it defined properly. It is ALWAYS recommended
>that you have a localhost domain.
>
Who recommends this? We don't define a localhost domain on *any* of our 
servers AFAIK, and I haven't heard that this has caused any negative 
effects.

>>  You are really
>>looking up "localhost.example.com".  This is NOT the same NAME as
>>"localhost" on each individual machine since "localhost" is tied by the
>>OS (as in HARD-WIRED or HARD-CODED) to the loopback interface.
>>    
>>
>
>The usual recommendation is to add a localhost record to the domain
>so that the DNS will return the record faster, but it's not a requirement.
>DNS lookups otherwise take a little longer.
>
I think you haven't understood the previous poster's point. Some OS'es 
(Solaris for sure) *intercept* the name "localhost" in the 
system-resolver routines and resolve it to the loopback address, 
*regardless* of what DNS resolves the name to and *regardless* of 
whether or in what order DNS is used as a resolution mechanism. On such 
boxes, it's totally pointless to define the name "localhost" in DNS, 
since it'll never get queried. For that matter, it's pointless to define 
it in /etc/hosts either. "loghost" is a different matter entirely.

>>You may get the same IP address by resolving the name from DNS instead
>>of from /etc/files, but what you are resolving is NOT the same NAME
>>that the OS uses...  In fact, if you do add it to DNS/LDAP, the name is
>>no longer "loghost" (as is used in /etc/syslog.conf), but
>>"loghost.cadence.com" since the ONLY db file you can add it to is
>>db.cadence...  (There is no db.localhost available via DNS since there
>>is no DOMAIN associated with the name...)
>>    
>>
>
>I have one as does everyone else:
>zone "localhost"                IN      {type master;   file "db.localhost";};
>

>>Defining the name at all in /etc/hosts on either the localhost entry or
>>the machine hostname entry just 'defines' the name for the m4
>>processing of syslog.conf.  At the point when this processing is taking
>>place, DNS and LDAP has not yet been started.  The OS is relying on
>>/etc/hosts for any IP address info.
>>    
>>
>
>The issue of the starting order is separate and is worth discussing.
>I leave it to others to recommend a start order since syslog may need
>DNS and DNS may need syslog depending on how they are configured.
>
named typically and by convention uses syslog for logging. syslogd 
typically and by convention (at least on Solaris) uses the name 
"loghost" for determining where to send log messages. So, in the typical 
and conventional setup, since you want to capture any log messages 
associated with named startup failures, you want syslogd to start before 
named, and this requires that the name "loghost" resolve without the 
benefit of DNS. The most straightforward way to accomplish that is to 
put the name in /etc/hosts. Since we don't get into fancy syslogging 
around here, I've *never* seen loghost refer to anything but the local 
host, and since the local host is in /etc/hosts anyway (for 
bootstrapping reasons), it's not a big deal to just have "loghost" be an 
alias to it.

>>Some examples using "getent" and letting the OS resolve the IP
>>address...
>>    
>>
>
>I have no idea what getent is but that really doesn't matter.
>
It's just a command-line utility to look up information in various 
system files (passwd, group, hosts, ipnodes, services, protocols, 
ethers, networks or netmasks). Essentially all that output was saying 
was that the name "loghost" is defined in the /etc/hosts files of 
various machines on the previous poster's network. That doesn't prove 
universality, of course.

- Kevin

More information about the bind-users mailing list