named-checkzone 9.4.1-P1 appears to treat "out of zone" as "CNAME (illegal)"

Mark Andrews Mark_Andrews at isc.org
Wed Oct 31 22:56:21 UTC 2007 

> 	The named-checkzone utility from BIND 9.4.1-P1 is giving me unexpected
> 	and apparently bogus warnings.  It seems to be treating ALL out-of-one
> 	targets in NS and MX records as if they were references to CNAMEd  
> names.
> 
> 	This looks to me like a bug.
> 
> 	We always download the tarball from ISC and install BIND from that.
> 
> 	Here are the results from named-checkzone.
> 
> keadeen(noreilly)111: named-checkzone ucd.ie tmp/ucd.ie.dummy-zone
> zone ucd.ie/IN: hermes.ucd.ie/MX 'relay.esat.net' (out of zone) is a  
> CNAME (illegal)
> zone ucd.ie/IN: www.ucd.ie/NS 'beaker.heanet.ie' (out of zone) is a  
> CNAME (illegal)
> zone ucd.ie/IN: www.ucd.ie/NS 'bunsen.heanet.ie' (out of zone) is a  
> CNAME (illegal)
> zone ucd.ie/IN: loaded serial 2007103106
> OK
> keadeen(noreilly)112:

	getaddrinfo() returned a different name in ai_canonname to
	relay.esat.net when the address of relay.esat.net was looked
	up.

	I'll make named-checkzone report the name returned.

	Mark
 
Index: bin/check/check-tool.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/check/check-tool.c,v
retrieving revision 1.10.18.18
diff -u -r1.10.18.18 check-tool.c
--- bin/check/check-tool.c	13 Sep 2007 05:04:01 -0000	1.10.18.18
+++ bin/check/check-tool.c	31 Oct 2007 22:55:45 -0000
@@ -142,8 +142,8 @@
 		    strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
-				     "is a CNAME (illegal)",
-				     ownerbuf, namebuf);
+				     "is a CNAME '%s' (illegal)",
+				     ownerbuf, namebuf, ai->ai_canonname);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
 		}
@@ -317,8 +317,9 @@
 			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
 				dns_zone_log(zone, ISC_LOG_WARNING,
 					     "%s/MX '%s' (out of zone) "
-					     "is a CNAME (illegal)",
-					     ownerbuf, namebuf);
+					     "is a CNAME '%s' (illegal)",
+					     ownerbuf, namebuf,
+					     cur->ai_canonname);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -390,8 +391,9 @@
 			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
 				dns_zone_log(zone, level,
 					     "%s/SRV '%s' (out of zone) "
-					     "is a CNAME (illegal)",
-					     ownerbuf, namebuf);
+					     "is a CNAME '%s' (illegal)",
+					     ownerbuf, namebuf,
+					     cur->ai_canonname);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
> 	Below is possibly relevant additional information.
> 
> keadeen(noreilly)112: cat tmp/ucd.ie.dummy-zone
> $TTL 86400
> $ORIGIN ucd.ie.
> @               IN      SOA     . sysman.ucd.ie. (
>                                  2007103106      ; serial
>                                  14400           ; Refresh - 4 hours
>                                  7200            ; Retry - 2 hours
>                                  604800          ; Expire - 7 days
>                                  86400 )         ; Default - 1 day
> ;
> @               IN      NS      stealth.ucd.ie.
> ;
> $ORIGIN ucd.ie.
> ;
> www     300     IN      NS      beaker.heanet.ie.
> www     300     IN      NS      bunsen.heanet.ie.
> www     300     IN      NS      www-dns1
> www     300     IN      NS      www-dns2
> ;
> hermes          IN           MX      190 relay.esat.net.
> ;
> stealth         IN      A       192.0.2.1
> www-dns1        IN      A       192.0.2.2
> www-dns2        IN      A       192.0.2.3
> ;
> ; -- End --
> keadeen(noreilly)113: which named-checkzone
> /usr/local/sbin/named-checkzone
> keadeen(noreilly)114: `which named-checkzone` -v
> 9.4.1-P1
> keadeen(noreilly)115: uname -a
> Linux keadeen.ucd.ie 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST  
> 2004 i686 i686 i386 GNU/Linux
> keadeen(noreilly)116: dig +noall +ans beaker.heanet.ie  
> bunsen.heanet.ie relay.esat.net
> beaker.heanet.ie.       2125    IN      A       193.1.219.148
> bunsen.heanet.ie.       2125    IN      A       193.1.192.170
> relay.esat.net.         300     IN      A       193.95.141.42
> relay.esat.net.         300     IN      A       193.120.142.83
> relay.esat.net.         300     IN      A       193.120.142.153
> relay.esat.net.         300     IN      A       193.95.141.40
> relay.esat.net.         300     IN      A       193.95.141.41
> keadeen(noreilly)117:
> 
> 	Not a CNAME in sight!
> 
> 	Now, I may have left my brain somewhere else today, but this really  
> looks
> 	to me like a bug.
> 
> 	Mentioning it may save someone else some time and confusion.
> 
> 
> 	Best regards,
> 
> 	Niall O'Reilly
> 	University College Dublin IT Services
> 
> 	PGP key ID: AE995ED9 (see www.pgp.net)
> 	Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9
> 
> 
> 
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list