named service suddenly fails to start

Mark Andrews marka at
Thu Nov 4 22:58:50 UTC 2021

> On 5 Nov 2021, at 07:11, Grant Taylor via bind-users <bind-users at> wrote:
> On 11/4/21 1:27 PM, Bruce Johnson via bind-users wrote:
>> named-checkconf -z revealed a name had been entered with underscores. The person responsible has been sacked. (not really, merely reminded no underscores are allowed in A records :-)
> You might want to apologize to them.
> Underscores are legitimate in DNS record owner names, despite the disagreement of their use in hostnames.
> Underscores are used in _acme-challenge.<domain name>, TLSA records _25._tcp._smtp.<domain name>, and DMARC _dmarc.<domain name> to name a few legitimate uses.  (from a quick `fgrep dig $HISTFILE | fgrep _`)
> Remember, DNS is (a lot more) than /just/ hostnames.

If the policy is no underscores in A record then there is nothing to apologise for.  Additionally publishing A records with non LDH owners and expecting them to work in the context of address lookups is asking for trouble.

Sane software checks responses from the DNS.  There are lots of security issues if you don’t.

> -- 
> Grant. . . .
> unix || die
> _______________________________________________
> Please visit to unsubscribe from this list
> ISC funds the development of this software with paid support subscriptions. Contact us at for more information.
> bind-users mailing list
> bind-users at

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at

More information about the bind-users mailing list