Need clue: Underscore zones and hostnames
Gregory Hicks
ghicks at cadence.com
Mon Dec 6 18:05:41 UTC 2004
> Date: Mon, 6 Dec 2004 12:36:37 -0500 (EST)
> From: "nathan r. hruby" <nhruby at uga.edu>
> To: bind-users at isc.org
> Subject: Need clue: Underscore zones and hostnames
>
> Hi,
>
> Can someone please thwack me with the requisite clue-by-four and point me
> at the RFC that Yea's or Nea's the use of the underscore character in
> host and/or zone names? Google seems to not be helpful in finding a
> definitive answer. Perhaps there is none?
Google on "Host naming convention" or "host names rfc". One you will
get back is RFC 952 (Fairly short - about 4 pages). A "grammar" for
host names is included.
RFC 819 specifically addresses domain names. Appendix A to RFC819
supplies the BNF for the names.
An underscore in not allowed in a HOST name.
It would also appear that there is some talk about treating a hostname
as an "endpoint domain"... I do not know if that ever took off.
However, by the RFCs you should NOT allow an underscore in a host
name... (Besides, 'some' OSs, their applications and/or their
implementation of DNS may break if you allow an underscore... However,
M$ DNS does not have these restrictions.)
Regards,
Gregory hicks
>
> Here's why I ask:
> We current support Microsoft's Active Directory on our BIND nameservers,
> with check-names disabled on the BIND8 machines, so we *have* zones with
> underscore characters already working.
>
> Recently for some odd reason people have been requesting hostnames like
> martha_stewart.jailhouse.uga.edu. This "works" in as much as BIND doesn't
> reject the name and does serve it (thanks to some legacy names :). We
> also know that it's not recommended per various RFC's so we've been
> rejecting these updates and manually going back to the user to get them to
> fix it.
>
> But since it works and we have zones that *depend* on this behavior, we're
> wondering:
> - Are we just missing an updated RFC that now allows this?
> - Is an underscore allowed just for zones and still not for a host?
> - Is this just an Microsoft-ism?
> - Do we (or perhpas: should we) care enough to not let users shoot
> themselves in their feet?
>
> Note: I didn't setup the original AD-in-BIND infrastructure, and the
> person who did is not here anymore. The docs we have fail to mention the
> underscore issue and we're presently looking at various DNS changes we
> want to make, including our request interface that can "fix" these before
> they get to the update stage, hence my desire to have a clue about it :)
>
> Thanks for any help anyone can give me.
>
> -n
>
> --
> -------------------------------------------
> nathan hruby <nhruby at uga.edu>
> uga enterprise information technology services
> production systems support
> metaphysically wrinkle-free
> -------------------------------------------
>
>
-------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400
San Jose, CA 95134 | Internet: ghicks at cadence.com
I am perfectly capable of learning from my mistakes. I will surely
learn a great deal today.
"A democracy is a sheep and two wolves deciding on what to have for
lunch. Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
More information about the bind-users
mailing list