Problems with our migration from MS to BIND this weekend
Chris Buxton
cbuxton at menandmice.com
Mon Sep 24 16:02:17 UTC 2007
BIND 9.2.x and earlier did not perform the same name syntax checks
that later versions of BIND 8 did. Thus, many people assumed this was
by design, and that BIND 9 no longer minded seeing underscores in
records.
BIND 9.3 and later does a name syntax check and will (by default)
refuse a zone containing underscores. (Since the underscore is now a
standard character for a few record types, you might think ISC would
have added them to the allowed list by now.)
You can configure this behavior by adding the following into your
zone statement (for each zone that you want to allow underscores):
check-names warn;
You could also put in this:
check-names ignore;
The former will log a complaint when underscores (or other invalid
characters) are discovered in a zone. The latter will not. The
default behavior is:
check-names fail;
You can also set this globally in the options statement by adding
another argument, either master or slave (and there's a third
category, but I forget the name). The defaults are:
check-names master fail;
check-names slave warn;
Since I have not taken the time to double-check what I've just
written (it's all written from memory), you should verify all of the
above in the BIND 9 ARM.
Chris Buxton
Men & Mice
On Sep 24, 2007, at 8:47 AM, Ryan McCain wrote:
> While doing the change I came across conflicting information on
> whether underscores are permitted. We do use Active Directory and
> many of it's SRV records use underscores. Is this a problem?
>
> Does anything special need to be done in BIND to get it to work w/
> Active Directory?
>
> Thx..
>
>
>
More information about the bind-users
mailing list