check-names fail
Bob Vance
bobvance at alumni.caltech.edu
Tue Jan 16 15:38:56 UTC 2001
Obviously, there is some disagreement on this issue :)
As I noted elsewhere, RFC2181, which
"Updates: 1034, 1035, 1123",
specifically says:
"A DNS server may be configurable to issue warnings when loading,
or even to refuse to load, a primary zone containing labels that
might be considered questionable, however
*** this should not happen by default ***.
"
This has no relevance to the reject-the-entire-zone issue, but since we
pay such obeisance to the RFCs, shouldn't the default not be REJECT.
I know that this is nit-picky, but I was just curious as to the
evolution
of this code.
As you say, from RFC1035:
"When a master file is used to load a zone, the operation should be
suppressed if any errors are encountered in the master file. The
rationale for this is that a single error can have widespread
consequences.
"
But, of course this was written long before BIND 8 was even a gleam.
So why the sudden change in philosophy in 8.2.3 to start rejecting the
entire zone?
And, BTW, why did previous versions respond non-authoritatively after
deciding to continue with the zone load, rejecting only the offending
record?
-------------------------------------------------
Tks | <mailto:BVance at sbm.com>
BV | <mailto:BobVance at alumni.caltech.edu>
Sr. Technical Consultant, SBM, A Gates/Arrow Co.
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
=================================================
-----Original Message-----
From: marka at nominum.com [mailto:marka at nominum.com]On Behalf Of
Mark.Andrews at nominum.com
Sent: Monday, January 15, 2001 8:48 PM
To: bobvance at alumni.caltech.edu
Cc: bind-users at isc.org
Subject: Re: check-names fail
> With
>
> check-names master fail;
>
> both 8.2.2-p5 and p7, simply reject an offending record and
> continue to load the zone and answer non-authoritatively for the
> rest of the names.
> 8.2.3T9B, however, rejects the entire zone!!
>
> Which is the correct behavior?
>
Reject the entire zone. This is required by RFC 103[45].
It also gets around the attitude of "I'll just ignore the error"
which causes other problems.
Mark
More information about the bind-users
mailing list