named-checkzone fail

Mark Andrews marka at isc.org
Tue Sep 10 22:17:20 UTC 2024 

Comma is legal in a domain name.  It isn’t legal in a host name which are a subset of domain names.  Named-checkzone is working exactly as it should.

If the current origin is example.com. then comma expands to ,.example.com. as it is treaded as a relative name. 

-- 
Mark Andrews

> On 11 Sep 2024, at 03:55, Lee <ler762 at gmail.com> wrote:
> 
> I had a few typos in an RPZ file where I had a comma instead of a dot.
> I tried using named-checkzone to find all the typos but it didn't
> complain about anything!?  Is that expected behavior?
> 
> And a related question.. can anyone recommend a vim syntax file
> checker for bind files?
> 
> $ named-checkzone  rpz.mozilla  /etc/bind/db.rpz-mozilla
> zone rpz.mozilla/IN: loaded serial 2024091001
> OK
> 
> $ cat /etc/bind/db.rpz-mozilla
> $ORIGIN rpz.mozilla.
> ; https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
> ;   return NXDOMAIN for  use-application-dns.net  name lookup
> ; https://kb.isc.org/docs/using-response-policy-zones-to-disable-mozilla-doh-by-default
> $TTL    604800
> 
> @       IN      SOA     localhost.  root.home.net. (
>                        2024091001 ; Serial
>                        604800     ; Refresh
>                        86400      ; Retry
>                        2419200    ; Expire
>                        604800  )  ; Minimum
>        IN      NS      localhost.
> 
> ;  tell Firefox to not use DOH (Dns Over Https)
> use-application-dns.net         CNAME   .
> broken-cname.net                CNAME   ,          <=============
> COMMA not a period
> ; --- end ---
> 
> $ dig broken-cname.net
> 
> ; <<>> DiG 9.16.50-Debian <<>> broken-cname.net
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62006
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1432
> ; COOKIE: ad32c4ae2224c66d0100000066e082286d1625c0e8f2160c (good)
> ;; QUESTION SECTION:
> ;broken-cname.net.              IN      A
> 
> ;; ANSWER SECTION:
> broken-cname.net.       5       IN      CNAME   ,.rpz.mozilla.
> 
> ;; AUTHORITY SECTION:
> rpz.mozilla.            604800  IN      SOA     localhost.
> root.home.net. 2024091001 604800 86400 2419200 604800
> 
> ;; ADDITIONAL SECTION:
> rpz.mozilla.            1       IN      SOA     localhost.
> root.home.net. 2024091001 604800 86400 2419200 604800
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Tue Sep 10 13:30:16 EDT 2024
> ;; MSG SIZE  rcvd: 194
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list