DNS Updates and CNAME Records

[Waltner, Steve]

I've been doing final testing on the web based DNS editing system that I
have been developing and ran into a little snag. I'm currently running BIND
8.2.3-REL, but will be upgrading to BIND 9.1.3 once I deploy the new domain
editing system (the help desk folks are used to scaning the BIND 8 output
after reloading a zone file to check for errors, so I was holding of on the
upgrade to make it easier for them). The perl script I am writing uses the
Net::DNS module to generate DNS update packets to modify a zone file and
I've run into a small problem with handling CNAME records into the domain.

When using my 8.2.3, the server will gladly insert a CNAME record when there
is already other data, and vice-versa. It handles it fine at first,
responding to queries and zone transfers, but if the server is restarted,
the zone is rejected due to CNAME and other data.

When using 9.1.3, the server acts like it processes the request (returns
NOERROR to nsupdate and Net::DNS module), although the request is ignored.
BIND logs a message saying "attempt to add non-CNAME alongside CNAME
ignored" or "attempt to add CNAME alongside non-CNAME ignored" through
syslog when this happens. This seems like the wrong behavior for BIND to
have, if it responds with NOERROR, it should have honored the request.
Shouldn't BIND ignore the whole  packet and respond with either a SERVFAIL
or REFUSED?

Right now I'm getting around this by using prerequisites, but it's a big
hassle putting those pre-reqs in. It would be much nicer if BIND would
return an error when you sent it one of these updates, so I wouldn't need to
put so much extra logic in my update scripts.

BTW, I will post this CGI script on http://homepage.mac.com/swaltner/dns/
when I get a few more issues resolved. 

Steve