check-names fail

Bob Vance bobvance at alumni.caltech.edu
Tue Jan 16 15:38:56 UTC 2001 

Obviously, there is some disagreement on this issue :)

As I noted elsewhere, RFC2181, which
    "Updates: 1034, 1035, 1123",
specifically says:

   "A DNS server may be configurable to issue warnings when loading,
    or even to refuse to load, a primary zone containing labels that
    might be considered questionable, however
       *** this should not happen by default ***.
   "
This has no relevance to the reject-the-entire-zone issue, but since we
pay such obeisance to the RFCs, shouldn't the default not be REJECT.

I know that this is nit-picky, but I was just curious as to the
evolution
of this code.

As you say, from RFC1035:

   "When a master file is used to load a zone, the operation should be
    suppressed if any errors are encountered in the master file.  The
    rationale for this is that a single error can have widespread
    consequences.
   "
But, of course this was written long before BIND 8 was even a gleam.
So why the sudden change in philosophy in 8.2.3 to start rejecting the
entire zone?
And, BTW, why did previous versions respond non-authoritatively after
deciding to continue with the zone load, rejecting only the offending
record?


-------------------------------------------------
Tks        | <mailto:BVance at sbm.com>
BV         | <mailto:BobVance at alumni.caltech.edu>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430           11455 Lakefield Dr.
Fax 770-623-3429           Duluth, GA 30097-1511
=================================================





-----Original Message-----
From: marka at nominum.com [mailto:marka at nominum.com]On Behalf Of
Mark.Andrews at nominum.com
Sent: Monday, January 15, 2001 8:48 PM
To: bobvance at alumni.caltech.edu
Cc: bind-users at isc.org
Subject: Re: check-names fail

> With
>
>     check-names master fail;
>
> both 8.2.2-p5 and p7, simply reject an offending record and
> continue to load the zone and answer non-authoritatively for the
> rest of the names.
> 8.2.3T9B, however, rejects the entire zone!!
>
> Which is the correct behavior?
>

	Reject the entire zone.  This is required by RFC 103[45].
	It also gets around the attitude of "I'll just ignore the error"
	which causes other problems.

	Mark

More information about the bind-users mailing list