Using Named without having to set domain name

ipinlnd · Oct 8, 2016

Hi,
Is there a way to define a nameserver (using named) without creating a domain name. This way, on client, I don't need to write the domain name in /etc/resolv.conf and just the ip address would work (Just like how we do it with 8.8.8.8 or 4.2.2.4).
The problem with having to set the domain name is that I can't easily forward the query to other nameservers.
Also when we set domain name on client and query, the packet would concatenate domain name to the host name.
Thanks

`Orum · Oct 9, 2016

I'm not entirely sure I understand the issue from how you described it. However, the following are true:

You don't have to create a domain name if all you want to do is run a recursive nameserver.
You can, via DHCP (or manually if you so choose), define which nameservers clients are supposed to use, and this is always defined by an IP address (otherwise clients would have issues bootstrapping DNS). This is independent from defining a DNS suffix. These appear as "nameserver a.b.c.d" in /etc/resolv.conf.
A DNS suffix is primarily used to simplify things on a LAN or within an administrative boundary. For example, if I have a really long domain name, supercalifragilisticexpialidocious.example, and I want to ssh to another host on my network foo.supercalifragilisticexpialidocious.example from my machine, bar.supercalifragilisticexpialidocious.example, and I define the DNS suffix to be supercalifragilisticexpialidocious.example, all I have to do is type ssh foo instead of the whole fully qualified domain name. This is why you see concatenation, and this is by design. If the client receives NXDOMAIN on the query, then the client simply tries the request again without the suffix. These appear as "search foobar.example" in /etc/resolv.conf, and can also be delivered via DHCP.

Does that answer your question?

kpa · Oct 9, 2016

Because of the way the name resolution works the only way to have those short names working is to have a domain (or search list) set in resolv.conf(5). This file is the only place where you can tell the resolver(3) subsystem that something needs to be slapped at the tail end of a name if it doesn't resolve trough hosts(5) or trough DNS *) as it is.

In other words, the short names must be first expanded to be resolvable trough DNS, just like with the DNS suffix example in the post above this one.

*) Very unlikely because the only "short" names DNS really resolves are the top level domains.

Juha Nurmela · Oct 9, 2016

Not the only, also LOCALDOMAIN in enviroment.

ipinlnd · Oct 11, 2016

`Orum said:
I'm not entirely sure I understand the issue from how you described it. However, the following are true:

You don't have to create a domain name if all you want to do is run a recursive nameserver.

You can, via DHCP (or manually if you so choose), define which nameservers clients are supposed to use, and this is always defined by an IP address (otherwise clients would have issues bootstrapping DNS). This is independent from defining a DNS suffix. These appear as "nameserver a.b.c.d" in /etc/resolv.conf.

A DNS suffix is primarily used to simplify things on a LAN or within an administrative boundary. For example, if I have a really long domain name, supercalifragilisticexpialidocious.example, and I want to ssh to another host on my network foo.supercalifragilisticexpialidocious.example from my machine, bar.supercalifragilisticexpialidocious.example, and I define the DNS suffix to be supercalifragilisticexpialidocious.example, all I have to do is type ssh foo instead of the whole fully qualified domain name. This is why you see concatenation, and this is by design. If the client receives NXDOMAIN on the query, then the client simply tries the request again without the suffix. These appear as "search foobar.example" in /etc/resolv.conf, and can also be delivered via DHCP.

Does that answer your question?

Thanks
Actually I don't have problem with using nameservers as client. My problem is creating a recursive nameserver. The only way I know is to use named, and for that, i MUST have a domain name which is not what I have in mind. I want to BE the nameserver, and only by IP address.

kpa said:
Because of the way the name resolution works the only way to have those short names working is to have a domain (or search list) set in resolv.conf(5). This file is the only place where you can tell the resolver(3) subsystem that something needs to be slapped at the tail end of a name if it doesn't resolve trough hosts(5) or trough DNS *) as it is.

In other words, the short names must be first expanded to be resolvable trough DNS, just like with the DNS suffix example in the post above this one.

*) Very unlikely because the only "short" names DNS really resolves are the top level domains.

So you're saying there's no way to use named for my purpose? If so, then is there any other software I can use?

kpa · Oct 11, 2016

ipinlnd said:
So you're saying there's no way to use named for my purpose? If so, then is there any other software I can use?

No, BIND follows the DNS standard and one of the cornerstones of the standard is that the names it resolves have the full hierarchy, the host part (which is not needed for every query such as NS queries) and the domain name. Technically you can override the root zone ( the "." zone ) with your own version that has only the short names of your own choice but that will then remove all of the official top level domains from view and that will disable DNS resolution of all domains other than the ones you've made up yourself.

You will find that all the other DNS authoritative servers and forwarders also follow the same standard and don't offer any sort of "short name" capability unless you hack the root zone to contain the short names as I described above.

SirDice · Oct 11, 2016

ipinlnd said:
My problem is creating a recursive nameserver. The only way I know is to use named, and for that, i MUST have a domain name which is not what I have in mind.

No, that's not correct. You can configure named to be a caching only DNS server (this is actually the default configuration). Besides that unbound will do exactly the same and is built-in on FreeBSD 10 and higher.

ipinlnd · Oct 12, 2016

SirDice said:
No, that's not correct. You can configure named to be a caching only DNS server (this is actually the default configuration). Besides that unbound will do exactly the same and is built-in on FreeBSD 10 and higher.

But doesn't "caching only", just forward the query and not resolve it on its own?

SirDice · Oct 12, 2016

That depends on the configuration. If you enable forward only then, yes, it will simply forward the request to an upstream DNS server. If this option isn't enabled it will try to resolve on its own.

Code:

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
        forwarders {
                127.0.0.1;
        };
*/

// If the 'forwarders' clause is not empty the default is to 'forward first'
// which will fall back to sending a query from your local server if the name
// servers in 'forwarders' do not have the answer.  Alternatively you can
// force your name server to never initiate queries of its own by enabling the
// following line:
//      forward only;

Note that these options are turned off in the default configuration.

ipinlnd · Oct 12, 2016

SirDice said:
That depends on the configuration. If you enable forward only then, yes, it will simply forward the request to an upstream DNS server. If this option isn't enabled it will try to resolve on its own.

Code:

// If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 127.0.0.1; }; */ // If the 'forwarders' clause is not empty the default is to 'forward first' // which will fall back to sending a query from your local server if the name // servers in 'forwarders' do not have the answer. Alternatively you can // force your name server to never initiate queries of its own by enabling the // following line: // forward only;

Note that these options are turned off in the default configuration.

And should I add my hosts in /etc/hosts file for this to work? Or is there other files for this?
I'm sorry for asking all of this, but the https://www.freebsd.org/doc/handbook/network-dns.html manual, has only a two line description for caching servers and nothing more! -_-

SirDice · Oct 12, 2016

Why add hosts to /etc/hosts if you're going to use DNS? They both serve the same purpose. Name resolving works by checking /etc/hosts, then DNS (assuming a default nsswitch.conf(5)).

If you need to add hosts to /etc/hosts (for your own internal machines for example), why not set up a fictitious, internal only, DNS zone? You don't need to "register" an internal domain and it won't be accessible from the internet.

My home network has everything registered in a DNS zone called 'dicelan.home'. Only my internal machines are able to resolve hosts within that domain. My BIND configuration allows internal machines to resolve the internal domain and provides recursive lookups for everything else on the internet.

Using Named without having to set domain name

ipinlnd

`Orum

kpa

Juha Nurmela

ipinlnd

kpa

SirDice

Administrator

ipinlnd

SirDice

Administrator

ipinlnd

SirDice

Administrator