BIND 9.5.0b2 named-checkzone gives false diagnostic messages
Niall O'Reilly
Niall.oReilly at ucd.ie
Thu Feb 21 10:59:17 UTC 2008
On 21 Feb 2008, at 00:32, Mark Andrews wrote:
> s/CNAME/ALIAS/
and please also s/..illegal.//
as there is no basis for making such an assertion.
> getaddrinfo() reports relay.esat.net as being a ALIAS.
>
> Yes, we could go and make a A and also make a AAAA query
> rather than making them indirectly by calling getaddrinfo().
That would be a better (and, IMHO, the right) method. Using
getaddrinfo() involves too many levels of (administrative)
indirection.
> getaddrinfo() may use /etc/host and NIS. It should however
> return the fully qualified name.
It can at best return _a_ fully qualified domain name. Defining
what _the_ fully qualified name should be involves assumptions
which cannot be relied on.
> If it isn't then you have
> /etc/host or NIS misconfigured or you have a broken getaddrinfo()
> implementation.
>
> Note: the "out of zone" queries will always be problematic as
> they are not made in the context of the view in which the
> zone is held.
Of course. What should be checked here is the content of
the (as we might call it) relevant "companion" zone, not some
arbitrarily chosen, more distantly related information. The
companion zone is related directly to the zone being checked,
as it is referenced in RDATA. Performing the equivalent of
a reverse lookup on the data found in the companion zone
(whether via PTR, NIS, or /etc/hosts) involves a second
"relationship hop"; that's just too tenuous in a situation
which, as you say, is already "problematic".
Best regards,
Niall O'Reilly
University College Dublin IT Services
PGP key ID: AE995ED9 (see www.pgp.net)
Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9
More information about the bind-users
mailing list