Reject of W2K gc._msdcs...

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Thu Mar 30 05:32:59 UTC 2000 

> Still catching up on old mail, but this one ran on until recently ...
> 
> On Fri, Feb 25, 2000 at 07:04:43PM -0700, Craig Mason wrote:
> > Today I tried Mark's suggestion. I added a zone for _msdcs.example.com an
> d
> > put in the check-names ignore statement into the config file's info on th
> at
> > zone. Killed and restarted named... no effect. Still got the error messag
> e
> > about rejecting.
> 
> Of course you did.  When I tell you why, you will also say,
> "Elementary."  ;-)
> 
> There is no name with an underscore in it being inserted into zone
> "_msdcs.example.com".  So it does not need this statement.
> 
> There IS a name with an underscore in it being inserted into zone
> "example.com".  So, as you found, it does need this statement.
> 
> ;-)
> 
> Somebody tried to pin this onto another MS bug ... nope.
> 
> I don't think you need to declare zone "_msdcs" on your server.  If you
> don't, then it will just declare "gc._msdcs" in zone "example.com".
> Then again, there is that bug that consolidates parent and child zones,
> so maybe it doesn't matter anyway.  ;-/  Perhaps another reason for the
> above?
> 

	Actually it is a MS bug in that you *have* defined the zone
	then it is attempting to add data to the parent zone.  The
	only valid reason for adding records to the parent zone which 
	belong in the child zone is to add glue.  gc._msdcs.example.com
	is not a server for _msdcs.example.com so it should not be added
	to example.com if you have delegated _msdcs.example.com.

	The reason we are doing this in the first place is that MS
	are attempting to create a host with a illegal hostname
	and we are wanting to quarantine this badness to the _msdcs
	area and not let it spread over the whole of example.com.

	MS is not looking at the delegated zone structure.  It is just
	assuming that there are not delegations occuring.  This behaviour
	is bad.

	Mark

	[ This is the interpretation of events I get from the feedback
	to suggestions made.  I have not tried to do this myself. ]

> -- > Joe Yao                               jsdy at cospo.osis.gov
- Joseph S. D. Ya > o > COSPO/OSIS Computer Support
EMT-B >
-----------------------------------------------------------------------
> This message is not an official statement of COSPO policies.  --
Mark Andrews, Nominum Inc. / Internet Software Consortium 1 Seymour
St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742
INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list