DNS classes
If you ever administered a DNS server you are probably familiar with the IN
(internet) class, as in
localhost IN A 127.0.0.1
where you define an IP address for the name localhost. As you may, or
may not, already know there are other classes defined (but hardly used) for
the DNS. Two of those are the Chaos class (CH) and the Hesiod (HS)
class. With these classes you can create some sort of parallel world
where you can also define names. This feature of the DNS isn’t exactly
in great use, but is is nice to know where they were used for.
Chaos⌗
The CH class has its use in the
Chaosnet, which is a network
implementation that didn’t make it, unlike the current Ethernet + TCP/IP
combo. If you want to read up on your knowledge of the Chaosnet protocol
this pdf is your friend.
Today the CH class is missused by BIND, for the following neat tricks:
dig CH @localhost version.bind TXT
Which yields:
...
;; QUESTION SECTION:
;version.bind. CH TXT
;; ANSWER SECTION:
version.bind. 0 CH TXT "9.5.1-P2"
;; AUTHORITY SECTION:
version.bind. 0 CH NS version.bind.
...
that shows the BIND version. Of course you can disable this so that
people cannot query you server’s version,
DNS Fingerprinting works much
better in that case.
And of course:
dig CH @localhost authors.bind TXT
which gives:
...
;; ANSWER SECTION:
authors.bind. 0 CH TXT "David Lawrence"
authors.bind. 0 CH TXT "Danny Mayer"
authors.bind. 0 CH TXT "Damien Neil"
authors.bind. 0 CH TXT "Matt Nelson"
authors.bind. 0 CH TXT "Michael Sawyer"
authors.bind. 0 CH TXT "Brian Wellington"
authors.bind. 0 CH TXT "Mark Andrews"
authors.bind. 0 CH TXT "James Brister"
authors.bind. 0 CH TXT "Ben Cottrell"
authors.bind. 0 CH TXT "Michael Graff"
authors.bind. 0 CH TXT "Andreas Gustafsson"
authors.bind. 0 CH TXT "Bob Halley"
...
So you know who to hit when the next bind bug hits your installation.
NSD also does this trick:
dig @ns4.nic.nl CH version.bind TXT
gives:
;; ANSWER SECTION:
version.bind. 0 CH TXT "NSD 3.0.7"
Hesiod⌗
The HS class has its origins Project Athena
(also see Wikipedia.
Which is a naming server ala nis or more recent ldap. With HS
class you can put user and group data in your DNS, so you can do
without an ldap server. The package hesiod still can be installed if
you want to play with this.
Putting passwords in your DNS may need to be a smart thing to do, so with hesiod you also want to use Kerberos.
I don’t know if there are any tricks BIND does with the HS class, esp.
since hesiod can still be used.
If you want to use the HS class in BIND you must tell that to BIND,
in your named.conf say:
zone "domain_name" hesiod {
type master;
filename "somewhere.db";
}
And in your zone file use HS instead of IN:
localhost HS A 127.0.0.1
Further reading⌗
Further reading in RFC2929 and in BIND reference manual.