However, in many cases when the DHCP and DNS configurations have inconsistencies, the LDNS may direct the DHCP client to a place outside the local scope, resulting in leakage of private DNS updates to the global network.In the example shown above, the LDNS is not configured with a local zone for 168.192.
The LDNS thus iteratively sends the SOA request, starting with a root DNS server, and eventually returns the server (step 8).
Over 97% of DNS updates that leak onto the global Internet come from Microsoft Windows operating systems (see companion paper on The Windows of Private DNS Updates).
When installed from a package, the configuration files for BIND9 are located in (that’s “name-d”, as in the daemon controlling the naming service, not “named” as in the past tense verb), which really just functions as a container and references the other three configuration files: Default contents oflink1 2 3 4 5 6 7 8 9 10 11 // This is the primary configuration file for the BIND DNS server named. for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file.
// // If you are just adding zones, please do that in /etc/bind/local include "/etc/bind/options"; include "/etc/bind/local"; include "/etc/bind/default-zones"; As the file says in the comments, this isn’t the place to do any actual work.
DNS and DHCP are like peas and carrots, as the saying goes—DHCP hands out the addresses, but doesn’t communicate to other network hosts who has what address; DNS knows how to correlate names to addresses but doesn’t hand out addresses itself.