Question Re: Windows Hosts and BIND

Kevin Darcy kcd at daimlerchrysler.com
Thu Mar 11 22:41:15 UTC 2004 

tnaves at linkwest.net wrote:

>
>On Thu, 11 Mar 2004, Kevin Darcy wrote:
>
>  
>
>>tnaves at linkwest.net wrote:
>>
>>    
>>
>>>Do you folks typically include all your Windows hosts as well as other
>>>hosts in your dns zones?  I noticed that if I did not include my Windows
>>>hosts in dns the NXDOAMIN incident went way up.  If I checked antivirus on
>>>a host using my web browser that would result in an NXDOMAIN.  Also if
>>>someone was using a MS Proxy Server each time he connects to the Internet
>>>would result in an NXDOMAIN.
>>>
>>>I was wondering what is best practice?
>>>
>>>      
>>>
>>Our historical practice here is to not include ordinary PC hosts in DNS.. 
>>However, some of the more modern management (e.g. remote-control) apps 
>>like to work with names instead of IP addresses even for PC devices. 
>>So's there's a certain amount of pressure to put everything into DNS.
>>
>>Having said that, though, I'm not sure why you're worrying so much about 
>>NXDOMAINs. NXDOMAIN is a *response*, not an error, like the word 
>>"non-existent", which is not problematic in and of itself; it depends on 
>>the context. It's perfectly normal and natural to have plenty of 
>>NXDOMAINs. While they are to a certain extent symptomatic of problems 
>>with other apps, i.e. why keeping looking up names you've already been 
>>told don't exist?, there's no way you can go through all of those apps 
>>and fix/optimize them all (unless you run exclusively Open Source 
>>software and have *lots* of time on your hands). Optimize what you can 
>>optimize, and leave the rest up to others...
>>    
>>
>
>I suppose, at my most altruistic, I would like to spare the root servers
>the burden of my looking up non-existant domains.
>
Perhaps I should add that we run an internal-root architecture, so 
sparing the (Internet) root servers is not one of my concerns. YMMV.

In my experience, a large proportion of NXDOMAINs is the result of 
searchlisted queries, which wouldn't end up being forwarded to the root 
servers anyway (since they'd be in domains for which your servers would 
be authoritative). Unless someone misspelled the actual searchlist...

As for misspellings of one's own domain names (you have no idea how 
frequently "daimlerchrysler.com" gets mistyped), I define the most 
common ones as authoritative zones on our mail servers in order to keep 
internal mail from accidentally leaking out.

- Kevin

More information about the bind-users mailing list