CNAME and other data , BUG #428
kcd at daimlerchrysler.com
Thu Dec 5 23:26:48 UTC 2002
"Chimento, Douglas" wrote:
> > And there is no point in having software guess what errors
> > to ignore thus bind discrads the whole zone.
> I thought bind could ignore illegal characters ? If so , bind is choosing to
> ignore some errors. Please correct me if I am wrong.
What do you mean by "illegal characters"? DNS itself is a binary protocol, so
no character is truly "illegal". BIND 8 at one point attempted to enforce
*hostname* restrictions (most controversially, banning the underscore character
by default), but in BIND 9 that was dropped because it's not really the job of
DNS to do that.
> -----Original Message-----
> From: phn at icke-reklam.ipsec.nu [mailto:phn at icke-reklam.ipsec.nu]
> Sent: Thursday, December 05, 2002 4:56 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: CNAME and other data , BUG #428
> Chimento, Douglas <Douglas.Chimento at fmr.com> wrote:
> > From what I have seen :
> > If A records show up in the file before cnames , it seems to work
> > fine.
> > Bind=20
> > Why does BIND reject the entire zone and not the entry which caused
> > the issue?
> In the "old days" bind didn't notice, instead errors creeped up randomly at
> *other* nameservers ( depending on which order the responses came )
> As this never been legal, nor meaningful, modern bind detects the broken
> config and refuses to load such a zone.=20
> And there is no point in having software guess what errors to ignore thus
> bind discrads the whole zone.
> What you are trying to do is simular to be "partly pregnant".
> > -----Original Message-----
> > From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]=20
> > Sent: Thursday, December 05, 2002 2:32 PM
> > To: 'comp-protocols-dns-bind at isc.org'
> > Subject: Re: CNAME and other data , BUG #428
> > "Chimento, Douglas" wrote:
> >> > If you actually serve such errors to the internet,
> >> > your DNS won't work anyways - so there's no point in disabling it.
> >> Huh?
> >> Yes it will.
> >> Are you saying that people running version 8.1.2 and lower with
> >> this=20 error won't work at all?
> > It might work *intermittently*, depending on the order in which the
> > reco=
> > are seen, and the respective software versions and
> > standards-conformance=
> > the servers and/or clients which are communicating with your
> > server(s).
> > Certainly nothing I'd trust a production system to.
> > - Kevin
> Peter H=E5kanson=20=20=20=20=20=20=20=20=20
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users