# DNS classes If you ever administered a DNS server you are probably familiar with the `IN` (internet) class, as in localhost IN A 127.0.0.1 where you define an IP address for the name `localhost`. As you may, or may not, already know there are other classes defined (but hardly used) for the DNS. Two of those are the Chaos class (`CH`) and the Hesiod (`HS`) class. With these classes you can create some sort of parallel world where you can also define names. This feature of the DNS isn't exactly in great use, but is is nice to know where they were used for. # Chaos The `CH` class has its use in the [Chaosnet](http://en.wikipedia.org/wiki/Chaosnet), which is a network implementation that didn't make it, unlike the current Ethernet + TCP/IP combo. If you want to read up on your knowledge of the Chaosnet protocol [this pdf is your friend](http://dspace.mit.edu/bitstream/handle/1721.1/6353/AIM-628.pdf?sequence=2). Today the `CH` class is *missused* by BIND, for the following neat tricks: dig CH @localhost version.bind TXT Which yields: ... ;; QUESTION SECTION: ;version.bind. CH TXT ;; ANSWER SECTION: version.bind. 0 CH TXT "9.5.1-P2" ;; AUTHORITY SECTION: version.bind. 0 CH NS version.bind. ... that shows the `BIND` version. Of course you can disable this so that people cannot query you server's version, [DNS Fingerprinting](http://code.google.com/p/fpdns/) works *much* better in that case. And of course: dig CH @localhost authors.bind TXT which gives: ... ;; ANSWER SECTION: authors.bind. 0 CH TXT "David Lawrence" authors.bind. 0 CH TXT "Danny Mayer" authors.bind. 0 CH TXT "Damien Neil" authors.bind. 0 CH TXT "Matt Nelson" authors.bind. 0 CH TXT "Michael Sawyer" authors.bind. 0 CH TXT "Brian Wellington" authors.bind. 0 CH TXT "Mark Andrews" authors.bind. 0 CH TXT "James Brister" authors.bind. 0 CH TXT "Ben Cottrell" authors.bind. 0 CH TXT "Michael Graff" authors.bind. 0 CH TXT "Andreas Gustafsson" authors.bind. 0 CH TXT "Bob Halley" ... So you know who to hit when the [next bind bug](http://www.google.nl/search?q=bind+exploit) hits your installation. [NSD](http://www.nlnetlabs.nl/projects/nds) also does this trick: dig @ns4.nic.nl CH version.bind TXT gives: ;; ANSWER SECTION: version.bind. 0 CH TXT "NSD 3.0.7" # Hesiod The `HS` class has its origins Project Athena (also see [Wikipedia](http://en.wikipedia.org/wiki/Hesiod_(name_service)). Which is a naming server ala `nis` or more recent `ldap`. With `HS` class you can put user and group data *in your DNS*, so you can do without an ldap server. The package `hesiod` still can be installed if you want to play with this. Putting passwords in your DNS may need to be a smart thing to do, so with hesiod you also want to use Kerberos. I don't know if there are any tricks BIND does with the `HS` class, esp. since `hesiod` can still be used. If you want to use the `HS` class in BIND you must tell that to BIND, in your `named.conf` say: zone "domain_name" hesiod { type master; filename "somewhere.db"; } And in your zone file use `HS` instead of `IN`: localhost HS A 127.0.0.1 # Further reading Further reading in [RFC2929](http://www.faqs.org/rfcs/rfc2929.html) and in [BIND reference manual](http://docs.chayer.org/Bind9.3.3/Bv9ARM.ch09.html).