2

I see that querying hosts in the local domain foo.local some nameservers (e.g. knot resolver) return an authority section containing things like

foo.local.     10800   IN      SOA     foo.local. nobody.invalid. 1 3600 1200 604800 10800

Others (e.g. google) return things like

.                       86389   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2021111002 1800 900 604800 86400

What is the correct one? The question is relevant, because in the first case further caching nameservers happily seems to convert the authority section into a soa record (systemd-resolved does) as in

host -t foo.local
foo.local has SOA record foo.local. nobody.invalid. 1 3600 1200 604800 10800

that does not look right and that confuses nss-mdns into thinking that .local is used as a DNS managed domain rather than for mDNS.

callegar
  • 123
  • 3
  • 2
    `local.` is reserved for mDNS and shouldn't leak outside of local networks. See §22 if RFC 6762. It is not a global TLD in the IANA root. – Patrick Mevzek Nov 10 '21 at 22:32
  • The fact is that local. goes to dns all the time, at least in linux, because of how mDNS resolution is done there. In fact, the very first thing that the mDNS resolver does in the nss-mdns implementation is to query DNS to verify if local. is by any chance under DNS authority. This is so that neither nss-mdns nor Avahi need to be disabled to allow .local queries to be served from unicast DNS in case one has a local network with this specific setup. See https://github.com/lathiat/nss-mdns. The question was directed at identifying a potential bug confusing the linux mDNS client. – callegar Nov 11 '21 at 06:09

0 Answers0