check-names fail

Jim Reid jim at rfc1035.com
Mon Jan 15 20:35:10 UTC 2001


>>>>> "Bob" == Bob Vance <bobvance at alumni.caltech.edu> writes:

    Bob> With

    Bob>     check-names master fail;

    Bob> both 8.2.2-p5 and p7, simply reject an offending record and
    Bob> continue to load the zone and answer non-authoritatively for
    Bob> the rest of the names.  8.2.3T9B, however, rejects the entire
    Bob> zone!! Which is the correct behavior?

It depends on your definition of "correct". RFC2181 says that a server
should not refuse to load a zone containing "labels that might not be
acceptable to some DNS client programs". So 8.2.2P[57] are probably
correct for following RFC2181. However it could be argued that the
check-names option you've selected means you've decided to override
that RFC. If that's the case, then the 8.2.2 versions are not
correct. The BIND8 documentation says that when the fail option is
chosen the offending records are logged and the data rejected. So
according to the documentation a zone containing illegal names should
still be loaded. That would indicate 8.2.3T9B is not correct.

The name checking behaviour of 8.2.3T9B and 8.2.2 should probably be
consistent, so it might be an idea to file a bug report.



More information about the bind-users mailing list