CNAME and other data , BUG #428

Chimento, Douglas Douglas.Chimento at FMR.COM
Thu Dec 5 23:32:39 UTC 2002

Take a look at this set up: is master for , bind version 8.1.2
( dig -t txt -c CHAOS @ version.bind )   is slave  , version 8.3.4
( dig -t txt -c CHAOS @ version.bind )
Now do a query for ( do this like 4 or 5 times )
  dig @  
  dig @ seems to respond with answers, albeit they are "illegal" I have
seen both windows and unix/linux dns clients accept these dns answers.
(Although linux will syslog a warning)

Currently our infrastructure consists of bind version 8.1.2 and we load 20 -
30 cname errors. Thus far , everything is running ok.

Here is the point I am trying to make:
The slave servers don't reject the zone when "Cname and other error" occurs.
Which , I think is wrong, the slave should reject the zone.

I have a patch for 8.3.4 to NOT make CNAMEANDOTHER a hard error Instead BIND
will load the 1st entry and discard the 2nd and load the rest of the zone.
However, if someone puts only 
"@ IN CNAME somethingelse", bind will load. Which is bad...I guess.


@       IN      SOA root.localhost (
                        86400 )

        IN      NS      bubba
bubba   IN      A
joe     IN      A
www     IN      A
www     IN      CNAME   bubba

-----Original Message-----
From: Nate Campi [mailto:nate at] 
Sent: Thursday, December 05, 2002 3:08 PM
To: Chimento, Douglas
Cc: 'comp-protocols-dns-bind at'
Subject: Re: CNAME and other data , BUG #428

On Thu, Dec 05, 2002 at 02:26:23PM -0500, Chimento, Douglas wrote:
> > If you actually serve such errors to the internet,
> > your DNS won't work  anyways - so there's no point in disabling it.
> Huh?
> Yes it will.
> Are you saying that people running version 8.1.2 and lower with this 
> error won't work at all?

Yes. I went to the trouble of explaining why. If you want to ignore it,
that's up to you.
Nate Campi 

"Those who don't read have no advantage over those who can't." - Samuel

More information about the bind-users mailing list