CNAME and other data , BUG #428
Douglas.Chimento at FMR.COM
Thu Dec 5 16:37:12 UTC 2002
> If you actually serve such errors to the internet,
> your DNS won't work anyways - so there's no point in disabling it.
Yes it will.
Are you saying that people running version 8.1.2 and lower with this error
won't work at all?
From: Nate Campi [mailto:nate at campin.net]
Sent: Wednesday, December 04, 2002 2:19 PM
To: Chimento, Douglas
Cc: comp-protocols-dns-bind at isc.org; Santiago, Ro; Irwin, Kevin
Subject: Re: CNAME and other data , BUG #428
On Wed, Dec 04, 2002 at 02:00:02PM -0500, Chimento, Douglas wrote:
> Could someone clarify the CNAMEANDOTHER hard error.
> From what I read in the CHANGE file log and on mailing lists,
> starting with verision 8.2 , CNAME and other data is a "hard error".
> Also, is there a way of disabling this "hard" error ?
If you actually serve such errors to the internet, your DNS won't work
anyways - so there's no point in disabling it.
> On a more personally note,
> This CNAME error is a real pain and I am shocked that ISC would
> something so drastic. Besides, if my master server version 8.1.2 and
> my slaves are version 8.3.4 .....the SLAVE STILL load the ZONE with
> the CNAME error. So I don't see the point of a HARD error if slave
> load the zone ( possible
> bug?) .
> Why should admins be forced to deal with this error?
Why should the rest of the internet be fed bad data? Trust me, you don't
want this, it won't work like you think it will. Run a nameserver like
tinydns that doesn't perform these checks, and enter the records. See how
things work out.
Basically you invalidate an entire zone/domain when you CNAME at the apex of
it. If you have a CNAME for foo.example, then the SOA and NS records for
foo.example will never work, will never be seen.
The DNS protocol itself requires that you do not use CNAMEs at the apex of a
zone, not the ISC.
Nate Campi http://www.campin.net
"The danger from computers is not that they will eventually get as smart as
men, but we will meanwhile agree to meet them halfway." -Bernard Avishai
"I think computer viruses should count as life. I think it says something
about human nature that the only form of life we have created so far is
purely destructive. We've created life in our own image."
More information about the bind-users