CNAME and other data , BUG #428
Douglas.Chimento at FMR.COM
Thu Dec 5 23:32:39 UTC 2002
Take a look at this set up:
220.127.116.11 is master for example.com , bind version 8.1.2
( dig -t txt -c CHAOS @18.104.22.168 version.bind )
22.214.171.124 is slave , version 8.3.4
( dig -t txt -c CHAOS @126.96.36.199 version.bind )
Now do a query for www.example.com ( do this like 4 or 5 times )
dig @188.8.131.52 www.example.com
dig @184.108.40.206 www.example.com
Hmm....it seems to respond with answers, albeit they are "illegal" I have
seen both windows and unix/linux dns clients accept these dns answers.
(Although linux will syslog a warning)
Currently our infrastructure consists of bind version 8.1.2 and we load 20 -
30 cname errors. Thus far , everything is running ok.
Here is the point I am trying to make:
The slave servers don't reject the zone when "Cname and other error" occurs.
Which , I think is wrong, the slave should reject the zone.
I have a patch for 8.3.4 to NOT make CNAMEANDOTHER a hard error Instead BIND
will load the 1st entry and discard the 2nd and load the rest of the zone.
However, if someone puts only
"@ IN CNAME somethingelse", bind will load. Which is bad...I guess.
FYI ---- example.com ZONE
@ IN SOA bubba.example.com. root.localhost (
IN NS bubba
bubba IN A 192.168.0.254
joe IN A 192.168.0.10
www IN A 192.168.0.1
www IN CNAME bubba
From: Nate Campi [mailto:nate at campin.net]
Sent: Thursday, December 05, 2002 3:08 PM
To: Chimento, Douglas
Cc: 'comp-protocols-dns-bind at isc.org'
Subject: Re: CNAME and other data , BUG #428
On Thu, Dec 05, 2002 at 02:26:23PM -0500, Chimento, Douglas wrote:
> > If you actually serve such errors to the internet,
> > your DNS won't work anyways - so there's no point in disabling it.
> Yes it will.
> Are you saying that people running version 8.1.2 and lower with this
> error won't work at all?
Yes. I went to the trouble of explaining why. If you want to ignore it,
that's up to you.
Nate Campi http://www.campin.net
"Those who don't read have no advantage over those who can't." - Samuel
More information about the bind-users