What is the purpose 0.in-addr.arpa and 255.in-addr.arpa in bind's default configuration?
The purpose of the default local zones in BIND is to stop queries for those IP ranges from leaking out onto the global internet, and to reduce load on the root name servers, per RFC 6303 "Locally Served DNS Zones".
From the introduction to that RFC:
This recommendation is made because data has shown that significant leakage of queries for these namespaces is occurring, despite instructions to restrict them, and because it has therefore become necessary to deploy sacrificial nameservers to protect the immediate
parent nameservers for these zones from excessive, unintentional query load [AS112] [RFC6304] [RFC6305]. There is every expectation that the query load will continue to increase unless steps are taken as outlined here.Additionally, queries from clients behind badly configured firewalls that allow outgoing queries for these namespaces, but drop the responses, put a significant load on the root servers (forward zones but not reverse zones are configured). They also cause operational load for the root server operators, as they have to reply to enquiries about why the root servers are "attacking" these clients.
This should be considered the definitive reference, not least because the RFC was written by Mark Andrews, one of the main developers working on BIND.
See also the IANA Registry of Locally Served Zones, which contains the list of all (reverse) zones that should be served like this.
Since the release of BIND 9.9 in 2011, BIND9 automatically creates the default local zones at startup time, unless explicitly turned off with the empty-zones-enable
flag in the named.conf
file.
The IANA registry is tracked by ISC and new entries added to the current BIND sources as and when they appear.
This from here (an MS page, but still relevant):
Reverse lookup zones enable the DNS server to be authoritative, that is, to know the answer in advance and to respond immediately to the most common name queries, eliminating unnecessary recursive queries. In accordance with pertinent Requests for Comments (RFCs), by default, the DNS server is authoritative for three reverse lookup zones:
0.in-addr.arpa (0.0.0.0) 127.in-addr.arpa (127.0.0.1 - loopback) 255.in-addr.arpa (255. 255. 255. 255 - broadcast)
In other words; the DNS server will not query an Internet based DNS server for those addresses (as they are all local addresses).