Problems with our migration from MS to BIND this weekend

Ryan McCain Ryan.McCain at
Tue Sep 25 04:06:33 UTC 2007

Done and that part is working like a charm now.

>>> Mark Andrews <Mark_Andrews at> 09/24/07 5:56 PM >>>

> BIND 9.2.x and earlier did not perform the same name syntax checks  
> that later versions of BIND 8 did. Thus, many people assumed this was  
> by design, and that BIND 9 no longer minded seeing underscores in  
> records.
> BIND 9.3 and later does a name syntax check and will (by default)  
> refuse a zone containing underscores. (Since the underscore is now a  
> standard character for a few record types, you might think ISC would  
> have added them to the allowed list by now.)

	Named checks the syntax of fields or parts of fields in the
	DNS that correspond to HOSTNAMES or MAIL DOMAINS.

	It does NOT and NEVER has blindly rejected domain names with
	underscores in them.

	That being said there is at least one A record in the active
	directory namespace so the checks should be turned off for
	that name.  The is usually done my splitting the AD namespace
	into seperate zones and setting "check-names ignore;" on
	these zones.

> You can configure this behavior by adding the following into your  
> zone statement (for each zone that you want to allow underscores):
> 	check-names warn;
> You could also put in this:
> 	check-names ignore;
> The former will log a complaint when underscores (or other invalid  
> characters) are discovered in a zone. The latter will not. The  
> default behavior is:
> 	check-names fail;
> You can also set this globally in the options statement by adding  
> another argument, either master or slave (and there's a third  
> category, but I forget the name). The defaults are:
> 	check-names master fail;
> 	check-names slave warn;
> Since I have not taken the time to double-check what I've just  
> written (it's all written from memory), you should verify all of the  
> above in the BIND 9 ARM.
> Chris Buxton
> Men & Mice
> On Sep 24, 2007, at 8:47 AM, Ryan McCain wrote:
> > While doing the change I came across conflicting information on  
> > whether underscores are permitted.  We do use Active Directory and  
> > many of it's SRV records use underscores.  Is this a problem?
> >
> > Does anything special need to be done in BIND to get it to work w/  
> > Active Directory?
> >
> > Thx..
> >
> >
> >
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at

More information about the bind-users mailing list