allowing underscores in A/AAAA records and IDN...

Jack Tavares j.tavares at
Tue Jul 17 11:48:45 UTC 2007

-----Original Message-----
From: Mark_Andrews at [mailto:Mark_Andrews at] 
Sent: Wednesday, June 20, 2007 2:38 PM
To: Jack Tavares
Cc: bind-users at
Subject: Re: allowing underscores in A/AAAA records 

> It seems that some people like to put underscores "_" in their
> hostnames.
> This seems to be popular in Microsoft centric organizations.
> If they then enter this as an A (or AAAA) record in bind, an error
> is generated. (Rightly so).
> One can turn off check-names or set it to warn so that the zone
> still loads.
> One can run named-checkzone -k warn|ignore.
> But I would like to be able to allow underscores and still validate
> the rest of the label. (ie: check that label length is not longer than

> the max, the total length of the domain name is not too long,
> no _other_ invalid characters, etc)

	Yes, Yes, No.  We only support checking that a
	domain name is also a valid hostname or not. 
	The length limits are common* to domain names
	and hostnames.


	* hostnames can be one character longer than you can fit
	into a hostname (255 vs 254).  label length it the same.

Thanks Mark.
One other thing I have found is that a domain name containing an "_"
will cause problems with IDN enabled dig.

for instance, doing:


will generate
dig: convert UTF-8 textname to IDN encoding: prohibited character found

Reading the man page for (my IDN-enabled dig) shows that defining an 
environment variable IDN_DISABLE, will get around this problem for my
However, is it likely that using underscores in domain names will cause
a problem or 
with other nameservers/clients that are IDN enabled?


More information about the bind-users mailing list