Need clue: Underscore zones and hostnames

SilentRage bind-users at
Mon Dec 6 18:07:18 UTC 2004

It seems you're already informed on the issue.  Supposedly yeah, there are
some resolvers that might choke on hostnames with characters that don't
follow the standards for internet host names.  Most especially you shouldn't
create mail domains or mail server domains with invalid characters, cause
that's a whole new suite of applications that might choke.

The dns protocol places no restriction on 'name' content, which is why BIND
supports it, and why it works just fine in practice.  For my service I allow
clients to create hostnames with whatever characters they want.  If they
want binary characters, go for it.  Limiting what they create limits
creativity and proprietary usage.  If they manage to shoot themself in the
foot, I'll hand them the gun, bullets, and all.  If they come to me asking
why some of their clients can't visit their underscore site, I'll educate
them.  :)


----- Original Message ----- 
From: "nathan r. hruby" <nhruby at>
To: <bind-users at>
Sent: Monday, December 06, 2004 12:36 PM
Subject: Need clue: Underscore zones and hostnames

> Hi,
> Can someone please thwack me with the requisite clue-by-four and point me
> at the RFC that Yea's or Nea's the use of the underscore character in
> host and/or zone names?  Google seems to not be helpful in finding a
> definitive answer.  Perhaps there is none?
> Here's why I ask:
> We current support Microsoft's Active Directory on our BIND nameservers,
> with check-names disabled on the BIND8 machines, so we *have* zones with
> underscore characters already working.
> Recently for some odd reason people have been requesting hostnames like
>  This "works" in as much as BIND doesn't
> reject the name and does serve it (thanks to some legacy names :).  We
> also know that it's not recommended per various RFC's so we've been
> rejecting these updates and manually going back to the user to get them to
> fix it.
> But since it works and we have zones that *depend* on this behavior, we're
> wondering:
> - Are we just missing an updated RFC that now allows this?
> - Is an underscore allowed just for zones and still not for a host?
> - Is this just an Microsoft-ism?
> - Do we (or perhpas: should we) care enough to not let users shoot
>    themselves in their feet?
> Note: I didn't setup the original AD-in-BIND infrastructure, and the
> person who did is not here anymore.  The docs we have fail to mention the
> underscore issue and we're presently looking at various DNS changes we
> want to make, including our request interface that can "fix" these before
> they get to the update stage, hence my desire to have a clue about it :)
> Thanks for any help anyone can give me.
> -n
> -- 
> -------------------------------------------
> nathan hruby <nhruby at>
> uga enterprise information technology services
> production systems support
> metaphysically wrinkle-free
> -------------------------------------------

More information about the bind-users mailing list