Check zones with underscores in host names (A Records)

Mark Andrews Mark_Andrews at isc.org
Tue Feb 12 22:10:49 UTC 2008


> 
> > Date: Tue, 12 Feb 2008 13:11:55 +0200
> > From: "Haim [Howard] Roman" <roman at jct.ac.il>
> > To: Jack Tavares <j.tavares at f5.com>, bind-users at isc.org
> > Subject: Re: Check zones with underscores in host names (A Records)
> > X-JCT-Whitelist: NO
> > 
> > We also have to allow underscores (good old Microsoft!).  Here is what
> > we have in our /etc/named.conf:
> 
> Underscore in DOMAIN names seem to be OK.

	Underscores are illegal in hostnames.  You store hostnames
	in the DNS.  You also store other types of names in the DNS.
	For some of those other types of names underscores are legal.
 
	!#@!#%$!@#.example.com is a legal domain name.
	Does anyone here think that !#@!#%$!@#.example.com is a legal
	hostname?

	Mark

> If you were to do this:
> 
> _sub_domain_1.example.com.   ....
> instead of this:
> _sub_domain_1                ....
> 
> It should be OK.  Of course, you have to set up the rest of the 
> delegation...
> > 
> > 
> >     options {
> >     ...
> > 
> >     #---------------------------------------------------------
> >     # turn off name checking.  We have too many host names with
> >     # underscores, plus all the MS AD records we get from others.
> >     # Anyway, while RFC 1123 forbade underscores, RFC 2181 allowed
> >     # it *& maybe other characters.  (roman 2007/12/05)
> > 
> >     check-names master ignore;
> >     check-names slave  ignore;
> > 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Haim (Howard) Roman
> > Computer Center, Jerusalem College of Technology
> > roman at jct.ac.il
> > Phone: 052-8-592-599 (6022 from within Machon Lev)
> > 
> > 
> > 
> > -------- Original Message  --------
> > Subject: Check zones with underscores in host names (A Records)
> > From: Jack Tavares <j.tavares at F5.com>
> > To: bind-users at isc.org
> > Date: Tue Feb 12 2008 12:57:13 GMT+0200 (IST)
> > > Hello -
> > >  
> > > I use named-checkzone to check for zone validity.
> > >  
> > > However, named-checkzone will complain if there is an "_" in the 
> domain label of an A Record.
> > >  
> > > I need to allow for underscores in A records, but I still want to 
> check for other errors.
> > >  
> > > It seems to me that the only way to do that would be to parse the 
> error/warning strings
> > > to separate errors that I want to ignore (underscores) and catch 
> errors that I care about.
> > >  
> > > Is there any other way to do this?
> > >  
> > > Example, given this zone file
> > > $ORIGIN .
> > > $TTL 500        ; 8 minutes 20 seconds
> > > test.com                IN SOA  d62.test.net. 
> hostmaster.d62.test.net. (
> > >                                 8          ; serial
> > >                                 10800      ; refresh (3 hours)
> > >                                 3600       ; retry (1 hour)
> > >                                 604800     ; expire (1 week)
> > >                                 60         ; minimum (1 minute)
> > >                                 )
> > >                         NS      d62.test.net.
> > > $ORIGIN test.com.
> > > under_score             A 1.2.3.4
> > >                                NS unknown.test.net.
> > >  
> > > calling named-checkzone thusly
> > >  
> > > named-checkzone test.com. db.test
> > > returns
> > > db.test:14: under_score.test.com: bad owner name (check-names)
> > > zone test.com/IN: under_score.test.com/NS 'unknown.test.net' (out of 
> zone) has no addresses records (A or AAAA)
> > > zone test.com/IN: loaded serial 8
> > > OK
> > > with a return code of 0
> > >  
> > > Calling with
> > > named-checkzone -kfail test.com. db.test
> > > returns
> > > db.test:14: under_score.test.com: bad owner name (check-names)
> > > zone test.com/IN: loading from master file db.test failed: bad owner 
> name (check-names)
> > > [root at d35:Active] namedb # echo $?
> > > 1
> > >
> > > It returns an error code of "1", but stops after the first error.
> > >  
> > > calling with
> > >  
> > > named-checkzone -kfail -ifull test.com. db.test
> > > also stops at the first error.
> > >  
> > > using
> > named-checkzone -kwarn -ifull test.com . db.test
> > > gives
> > > db.test:14: under_score.test.com: bad owner name (check-names)
> > > zone test.com/IN: under_score.test.com/NS 'unknown.test.net' (out of 
> zone) has no addresses records (A or AAAA)
> > > zone test.com/IN: loaded serial 8
> > > OK
> > >
> > > returns an error code of 0 (ok) but logs messages.
> > >  
> > > So, to do what I want to do,
> > > I have to basically ignore the return code and parse the output 
> messages to see if something has
> > > gone wrong.
> > >  
> > > Am I missing an easier way to do this?
> > >  
> > > Thanks
> > >  
> > > --
> > > jack
> > >  
> > >  
> > >  
> > >
> > >
> > >   
> > 
> > 
> > 
> 
> ---------------------------------------------------------------------
> Gregory Hicks                           | Principal Systems Engineer
> Cadence Design Systems                  | Direct:   408.576.3609
> 555 River Oaks Pkwy M/S 9B1
> San Jose, CA 95134
> 
> I am perfectly capable of learning from my mistakes.  I will surely
> learn a great deal today.
> 
> "A democracy is a sheep and two wolves deciding on what to have for
> lunch.  Freedom is a well armed sheep contesting the results of the
> decision."
> 
> "The best we can hope for concerning the people at large is that they
> be properly armed." --Alexander Hamilton
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list