CNAME Records from Hell Just Wouldn't Go away.

Martin McCormick martin at dc.cis.okstate.edu
Tue Sep 16 10:08:59 UTC 2003


Mark_Andrews at isc.org writes:
>	You just needed to supply the zone to nsupdate.  Nsupdate only
>	attempt to lookup SOA of the name in the update request if
>	you fail to supply the zone.  Note: BIND 8's nsupdate does *not*
>	support specifying the zone, you need to use nsupdate from BIND 9.

	That is interesting.  I tried that once before getting rough,
but maybe I didn't set it up right.  I used a file to drive nsupdate
and that file looked like:

zone okstate.edu
update delete badalias.okstate.edu IN CNAME badsite.org

	I got exactly the same output.

	FreeBSD comes with bind8 so I did a double check to see if
that nsupdate was accidentally being used.  It is gone from the system
as far as I can tell.  The nsupdate I use is /usr/local/bin/nsupdate
and was installed from the FreeBSD port of bind9.2.2.

	If I deliberately feed that nsupdate a garbage command, the
squawk is:

nsupdate: invalid argument -?
usage: nsupdate [-d] [-y keyname:secret | -k keyfile] [-v] [filename]

Is the format of the zone statement correct?

	I deliberately created another orphan CNAME and I can
duplicate the same behavior as before.

	I think this is about to become what some refer to as a
teachable moment.

Martin McCormick


More information about the bind-users mailing list