Need clue: Underscore zones and hostnames

zeek zeek at sparklehouse.com
Mon Dec 6 18:28:30 UTC 2004



I'm just skimming the thread but this may help

zone "_tcp.firecorporate.com" IN {
        type master;
        file "_tcp.firecorporate.com";
        check-names ignore;
        allow-update {ADservers;};
}; 



I got this from the AD+BIND howto.

However, I am also getting this in my log:

Dec  6 10:04:32 elvis named[23566]: /etc/named.conf:92: option 'check-names'
is not implemented


Cheers,
-zeek

> -----Original Message-----
> From: bind-users-bounce at isc.org 
> [mailto:bind-users-bounce at isc.org] On Behalf Of Gregory Hicks
> Sent: Monday, December 06, 2004 1:23 PM
> To: bind-users at isc.org; bind-users at dollardns.net; nhruby at uga.edu
> Subject: Re: Need clue: Underscore zones and hostnames
> 
> 
> > From: "SilentRage" <bind-users at dollardns.net>
> > To: "\"nathan r. hruby\"" <bind-users at isc.org>
> > Subject: Re: Need clue: Underscore zones and hostnames
> > Date: Mon, 6 Dec 2004 13:07:18 -0500
> > 
> > It seems you're already informed on the issue.  Supposedly 
> yeah, there 
> > are some resolvers that might choke on hostnames with 
> characters that 
> > don't follow the standards for internet host names.  Most 
> especially 
> > you shouldn't create mail domains or mail server domains 
> with invalid 
> > characters, cause that's a whole new suite of applications 
> that might choke.
> > 
> > The dns protocol places no restriction on 'name' content, 
> which is why 
> > BIND supports it, and why it works just fine in practice.  For my 
> > service I allow clients to create hostnames with whatever 
> characters 
> > they want.  If they want binary characters, go for it.  
> Limiting what 
> > they create limits creativity and proprietary usage.  If 
> they manage 
> > to shoot themself in the foot, I'll hand them the gun, bullets, and 
> > all.  If they come to me asking why some of their clients 
> can't visit 
> > their underscore site, I'll educate them.  :)
> 
> Given that I, and my cohorts, administer a 30,000 host domain 
> (fairly small by some standards but large enough), if I can 
> educate my users when they ask to have names created, then 
> that reduces support costs for me.  This is a Good Thing.
> 
> Yes, limiting what they "create" limits creativity and 
> proprietary usage.  But it also reduces my potential support 
> costs.  Which is a Good Thing.
> 
> Besides, if asked, the reason they want the underscore is 
> because that allows the names to show up as separate "words" 
> in a web link.  A 'dash' does not do this "neat" formatting.
> 
> Regards,
> Gregory hicks
> 
> > 
> > Dave
> > 
> > ----- Original Message -----
> > From: "nathan r. hruby" <nhruby at uga.edu>
> > To: <bind-users at isc.org>
> > Sent: Monday, December 06, 2004 12:36 PM
> > Subject: Need clue: Underscore zones and hostnames
> > 
> > 
> > > Hi,
> > >
> > > Can someone please thwack me with the requisite clue-by-four and 
> > > point me at the RFC that Yea's or Nea's the use of the underscore 
> > > character in host and/or zone names?  Google seems to not 
> be helpful 
> > > in finding a definitive answer.  Perhaps there is none?
> > >
> > > Here's why I ask:
> > > We current support Microsoft's Active Directory on our BIND 
> > > nameservers, with check-names disabled on the BIND8 
> machines, so we 
> > > *have* zones with underscore characters already working.
> > >
> > > Recently for some odd reason people have been requesting 
> hostnames 
> > > like martha_stewart.jailhouse.uga.edu.  This "works" in 
> as much as 
> > > BIND doesn't reject the name and does serve it (thanks to some 
> > > legacy names :).  We also know that it's not recommended 
> per various 
> > > RFC's so we've been rejecting these updates and manually 
> going back 
> > > to the user to get them to fix it.
> > >
> > > But since it works and we have zones that *depend* on 
> this behavior, 
> > > we're
> > > wondering:
> > > - Are we just missing an updated RFC that now allows this?
> > > - Is an underscore allowed just for zones and still not 
> for a host?
> > > - Is this just an Microsoft-ism?
> > > - Do we (or perhpas: should we) care enough to not let users shoot
> > >    themselves in their feet?
> > >
> > > Note: I didn't setup the original AD-in-BIND 
> infrastructure, and the 
> > > person who did is not here anymore.  The docs we have fail to 
> > > mention the underscore issue and we're presently looking 
> at various 
> > > DNS changes we want to make, including our request interface that 
> > > can "fix" these before they get to the update stage, 
> hence my desire 
> > > to have a clue about it :)
> > >
> > > Thanks for any help anyone can give me.
> > >
> > > -n
> > >
> > > --
> > > -------------------------------------------
> > > nathan hruby <nhruby at uga.edu>
> > > uga enterprise information technology services production systems 
> > > support metaphysically wrinkle-free
> > > -------------------------------------------
> > >
> > >
> > >
> > 
> > 
> 
> -------------------------------------------------------------------
> Gregory Hicks                        | Principal Systems Engineer
> Cadence Design Systems               | Direct:   408.576.3609
> 555 River Oaks Pkwy M/S 6B1          | Fax:      408.894.3400
> San Jose, CA 95134                   | Internet: ghicks at cadence.com
> 
> I am perfectly capable of learning from my mistakes.  I will surely
> learn a great deal today.
> 
> "A democracy is a sheep and two wolves deciding on what to have for
> lunch.  Freedom is a well armed sheep contesting the results of the
> decision." - Benjamin Franklin
> 
> "The best we can hope for concerning the people at large is that they
> be properly armed." --Alexander Hamilton
> 
> 
> 
> 
> 



More information about the bind-users mailing list