allowing underscores in A/AAAA records and IDN...
j.tavares at F5.com
Tue Jul 17 11:48:45 UTC 2007
From: Mark_Andrews at isc.org [mailto:Mark_Andrews at isc.org]
Sent: Wednesday, June 20, 2007 2:38 PM
To: Jack Tavares
Cc: bind-users at isc.org
Subject: Re: allowing underscores in A/AAAA records
> It seems that some people like to put underscores "_" in their
> This seems to be popular in Microsoft centric organizations.
> If they then enter this as an A (or AAAA) record in bind, an error
> is generated. (Rightly so).
> One can turn off check-names or set it to warn so that the zone
> still loads.
> One can run named-checkzone -k warn|ignore.
> But I would like to be able to allow underscores and still validate
> the rest of the label. (ie: check that label length is not longer than
> the max, the total length of the domain name is not too long,
> no _other_ invalid characters, etc)
Yes, Yes, No. We only support checking that a
domain name is also a valid hostname or not.
The length limits are common* to domain names
* hostnames can be one character longer than you can fit
into a hostname (255 vs 254). label length it the same.
One other thing I have found is that a domain name containing an "_"
will cause problems with IDN enabled dig.
for instance, doing:
dig: convert UTF-8 textname to IDN encoding: prohibited character found
Reading the man page for (my IDN-enabled dig) shows that defining an
environment variable IDN_DISABLE, will get around this problem for my
However, is it likely that using underscores in domain names will cause
a problem or
with other nameservers/clients that are IDN enabled?
More information about the bind-users