They can, but it is possible to have a caching-only nameserver.
You are getting beyond my DNS experience here, but i think all that matters is how/where the names are validated… ie does a name have a valid IP address or is it a made-up name
1 Like
Mine too, perhaps someone else can chime in with authoritative information to answer my questions?
Agreed!
Additionally, the name/IP address should be compared to the registration information for the IP address to ferret out unregistered malicious sties (Is that possible/practical?)
Ernie
1 Like
I think that is done, but I am not sure.
I think packets with invalid addresses are not transmitted.
No - nearly all corporates have internal DNS - in many cases managed by Windows servers - and - I vastly prefer managing internal DNS entries using the Windows tools VS the HIDEOUS bind databases (I have one customer which uses a bastardised hybrid of both - and it’s a travesty and a nightmare - the mission critical stuff runs on bind on Solaris - yeah WTF?).
In most cases - “internal” DNS servers will resolve internal names they’re “AUTHORITIVE” for - and cache external DNS from servers “upstream” on the wild intertubes (but these are mostly well managed).
I used to run internal DNS server on my home LAN using a BananaPi - but - 'cause I DETEST configuring bind (it’s truly ugly) - I used “webmin”.
Anyway - that was before I realised how useful avahi / zeroconf / bonjour were - don’t need internal DNS servers now - in 95% of cases most of my stuff can be resolved with $HOSTNAME.local (as mentioned in another post - I have nearly 40 devices on my home LAN).
Give me Microsoft’s DNS system over hand editing bind database files anyday - and AWS “Route53” is pretty good too…
1 Like
Is there no other way of doing DNS in Linux?
I thought bind was deprecated years ago.?
1 Like
There could be - I don’t know…
But some “shops” that “invested” in bind - still run bind, and still manage bind “databases” (mostly just obtuse text files)…
The last time I was tasked with creating or updating some A record in bind - my “colleague” told me I’d done it wrong - but - most importantly - when I asked what I did wrong - he just pointed me at the obtuse, unfriendly and often wrong “UNIX wiki”…
It’s about time bind and the ugliness of it were consigned to extinction - IMHO…
This is what a typical bind “database” looks like :
And if you edit that - DO NOT forget to update the value for “serial” (i.e. the value BEFORE the “;” semicolon) and probably bounce the named daemon… It stinks…
VS what Microsoft gives you (believe me - it’s LIGHT years ahead of bind in human usability and functionality - and just seems to “work”) :
and you can edit / update the “TTL” if you want - but - I’ve never had to… e.g. some printer at some remote site several thousand kilometres away gets a new IP address from DHCP (dynamic Windows DHCP is supposed to update DNS) - I update the DNS entry and within less than 60 seconds - I can once again resolve that IP address (reverse lookup) to the DNS entry…
1 Like
This says there are several alternatives
That does not help with existing bind-committed sites of course.
Surely bind has a user-friendly frontend?
Maybe Probind
Maybe some of our much hyped modern DE’s have a DNS config item in their menues.
1 Like
There was lots of talk about the web, then web 2 last year all the press was around web 3 … now nothing !
Not sure how we gain …
1 Like
Exactly. Depends whether you believe in centralism.
Replacing the main central nameservers with some vague blockchain based community technology does not appeal to me.
3 Likes
I just suddenly remembered why I was wanting to run “internal” DNS on my home LAN - I was trying to get VMware vCenter running - I already had two ESX hosts (very low end) and wanted to learn vCenter…
But then I got a job, and one of my customers had vCenter and I didn’t really need to “learn” it as it mostly seemed pretty straightforward to me…
Anyway - vCenter would ONLY install if you had internal DNS (e.g. to point at the ESX hosts et cetera) - I couldn’t find a way to “hack” it to make it use /etc/hosts or Avahi / Bonjour / Zeroconf - and gave up… This was AFTER I’d decom’d my BananaPi running Webmin to manage bind…
2 Likes