Problems with our migration from MS to BIND this weekend

Chris Buxton cbuxton at menandmice.com
Mon Sep 24 16:28:19 UTC 2007 

That's true if you change the behavior from the default "fail" to  
"warn". If it is set to "fail", however, an underscore will cause a  
zone to not load. (I'm assuming you're talking about the master  
server. On a slave, you can safely ignore the error messages unless  
the behavior has been changed from the default.)

Chris Buxton
Men & Mice

On Sep 24, 2007, at 9:17 AM, Ryan McCain wrote:

> So, even though BIND complains about them I shouldn't experience  
> any odd behavior on the server if underscores are being used?
>
>
>
>>>> On Mon, Sep 24, 2007 at 11:02 AM, in message
> <F17FA75D-0303-4178-94AD-3C608D964DC2 at menandmice.com>, Chris Buxton
> <cbuxton at menandmice.com> wrote:
>> BIND 9.2.x and earlier did not perform the same name syntax checks
>> that later versions of BIND 8 did. Thus, many people assumed this was
>> by design, and that BIND 9 no longer minded seeing underscores in
>> records.
>>
>> BIND 9.3 and later does a name syntax check and will (by default)
>> refuse a zone containing underscores. (Since the underscore is now a
>> standard character for a few record types, you might think ISC would
>> have added them to the allowed list by now.)
>>
>> You can configure this behavior by adding the following into your
>> zone statement (for each zone that you want to allow underscores):
>>
>> 	check-names warn;
>>
>> You could also put in this:
>>
>> 	check-names ignore;
>>
>> The former will log a complaint when underscores (or other invalid
>> characters) are discovered in a zone. The latter will not. The
>> default behavior is:
>>
>> 	check-names fail;
>>
>> You can also set this globally in the options statement by adding
>> another argument, either master or slave (and there's a third
>> category, but I forget the name). The defaults are:
>>
>> 	check-names master fail;
>> 	check-names slave warn;
>>
>> Since I have not taken the time to double-check what I've just
>> written (it's all written from memory), you should verify all of the
>> above in the BIND 9 ARM.
>>
>> Chris Buxton
>> Men & Mice
>>
>> On Sep 24, 2007, at 8:47 AM, Ryan McCain wrote:
>>
>>> While doing the change I came across conflicting information on
>>> whether underscores are permitted.  We do use Active Directory and
>>> many of it's SRV records use underscores.  Is this a problem?
>>>
>>> Does anything special need to be done in BIND to get it to work w/
>>> Active Directory?
>>>
>>> Thx..
>>>
>>>
>>>
>
>

More information about the bind-users mailing list