named service suddenly fails to start
marka at isc.org
Thu Nov 4 22:58:50 UTC 2021
> On 5 Nov 2021, at 07:11, Grant Taylor via bind-users <bind-users at lists.isc.org> wrote:
> On 11/4/21 1:27 PM, Bruce Johnson via bind-users wrote:
>> named-checkconf -z revealed a name had been entered with underscores. The person responsible has been sacked. (not really, merely reminded no underscores are allowed in A records :-)
> You might want to apologize to them.
> Underscores are legitimate in DNS record owner names, despite the disagreement of their use in hostnames.
> Underscores are used in _acme-challenge.<domain name>, TLSA records _25._tcp._smtp.<domain name>, and DMARC _dmarc.<domain name> to name a few legitimate uses. (from a quick `fgrep dig $HISTFILE | fgrep _`)
> Remember, DNS is (a lot more) than /just/ hostnames.
If the policy is no underscores in A record then there is nothing to apologise for. Additionally publishing A records with non LDH owners and expecting them to work in the context of address lookups is asking for trouble.
Sane software checks responses from the DNS. There are lots of security issues if you don’t.
> Grant. . . .
> unix || die
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> bind-users mailing list
> bind-users at lists.isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users