CNAME and other data , BUG #428

Kevin Darcy kcd at daimlerchrysler.com
Thu Dec 5 23:26:48 UTC 2002


"Chimento, Douglas" wrote:

> > And there is no point in having software guess what errors
> > to ignore thus bind discrads the whole zone.
>
> I thought bind could ignore illegal characters ? If so , bind is choosing to
> ignore some errors. Please correct me if I am wrong.

What do you mean by "illegal characters"? DNS itself is a binary protocol, so
no character is truly "illegal". BIND 8 at one point attempted to enforce
*hostname* restrictions (most controversially, banning the underscore character
by default), but in BIND 9 that was dropped because it's not really the job of
DNS to do that.


- Kevin


>
>
> -----Original Message-----
> From: phn at icke-reklam.ipsec.nu [mailto:phn at icke-reklam.ipsec.nu]
> Sent: Thursday, December 05, 2002 4:56 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: CNAME and other data , BUG #428
>
> Chimento, Douglas <Douglas.Chimento at fmr.com> wrote:
>
> > From what I have seen :
> > If A records show up in the file  before cnames , it seems to work
> > fine.
>
> > Bind=20
> > Why does BIND reject the entire zone and not the entry which caused
> > the issue?
>
> In the "old days" bind didn't notice, instead errors creeped up randomly at
> *other* nameservers ( depending on which order the responses came )
>
> As this never been legal, nor meaningful, modern bind detects the broken
> config and refuses to load such a zone.=20
>
> And there is no point in having software guess what errors to ignore thus
> bind discrads the whole zone.
>
> What you are trying to do is simular to be "partly pregnant".
>
> > -----Original Message-----
> > From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]=20
> > Sent: Thursday, December 05, 2002 2:32 PM
> > To: 'comp-protocols-dns-bind at isc.org'
> > Subject: Re: CNAME and other data , BUG #428
>
> > "Chimento, Douglas" wrote:
>
> >> > If you actually serve such errors to the internet,
> >> > your DNS won't work  anyways - so there's no point in disabling it.
> >>
> >> Huh?
> >> Yes it will.
> >> Are you saying that people running version 8.1.2 and lower with
> >> this=20 error won't work at all?
>
> > It might work *intermittently*, depending on the order in which the
> > reco=
> rds
> > are seen, and the respective software versions and
> > standards-conformance=
>  of
> > the servers and/or clients which are communicating with your
> > server(s).
>
> > Certainly nothing I'd trust a production system to.
>
> > - Kevin
>
> --=20
> Peter H=E5kanson=20=20=20=20=20=20=20=20=20
>         IPSec  Sverige      ( At Gothenburg Riverside )
>            Sorry about my e-mail address, but i'm trying to keep spam out,
>            remove "icke-reklam" if you feel for mailing me. Thanx.



More information about the bind-users mailing list