Problems with our migration from MS to BIND this weekend

Chris Buxton cbuxton at
Mon Sep 24 16:02:17 UTC 2007

BIND 9.2.x and earlier did not perform the same name syntax checks  
that later versions of BIND 8 did. Thus, many people assumed this was  
by design, and that BIND 9 no longer minded seeing underscores in  

BIND 9.3 and later does a name syntax check and will (by default)  
refuse a zone containing underscores. (Since the underscore is now a  
standard character for a few record types, you might think ISC would  
have added them to the allowed list by now.)

You can configure this behavior by adding the following into your  
zone statement (for each zone that you want to allow underscores):

	check-names warn;

You could also put in this:

	check-names ignore;

The former will log a complaint when underscores (or other invalid  
characters) are discovered in a zone. The latter will not. The  
default behavior is:

	check-names fail;

You can also set this globally in the options statement by adding  
another argument, either master or slave (and there's a third  
category, but I forget the name). The defaults are:

	check-names master fail;
	check-names slave warn;

Since I have not taken the time to double-check what I've just  
written (it's all written from memory), you should verify all of the  
above in the BIND 9 ARM.

Chris Buxton
Men & Mice

On Sep 24, 2007, at 8:47 AM, Ryan McCain wrote:

> While doing the change I came across conflicting information on  
> whether underscores are permitted.  We do use Active Directory and  
> many of it's SRV records use underscores.  Is this a problem?
> Does anything special need to be done in BIND to get it to work w/  
> Active Directory?
> Thx..

More information about the bind-users mailing list