Check-names question

Mark Andrews marka at isc.org
Mon Sep 29 23:32:45 UTC 2025 

> On 30 Sep 2025, at 08:19, J Doe <general at nativemethods.com> wrote:
> 
> Hello,
> 
> On a low volume e-mail server I run, I also run BIND 9.20.13 as a recursive resolver.  In the configuration file (named.conf), I have the following directive:
> 
> check-names response warn;
> 
> In my BIND logs I recently noticed the following:
> 
> 6-Sep-2025 14:59:04.619 resolver: notice: check-names warning engadget-ycpi-media_edge.g03.yahoodns.net/A/IN
> 
> I was under the impression that check-names would alert me to name issues in the zones I host on this server (I host a custom DNSBL zone), but this also applies to foreign zones that I do not host ?
> 
> Am I correct, as well, that BIND is taking issue with the _ character in this particular example ?

Yes, as the record type is an A records which makes the owner name a host name.

> I seem to think in the original RFC for DNS this wasn't allowed.

The DNS is a database.  The data in the database still has to follow the rules
that apply to it.  That is specified in RFC 1034.

RFC 1034, 3.3. Technical guidelines on use

...

For hosts, the mapping depends on the existing syntax for host names
which is a subset of the usual text representation for domain names,
together with RR formats for describing host addresses, etc. Because we
need a reliable inverse mapping from address to host name, a special
mapping for addresses into the IN-ADDR.ARPA domain is also defined.

The log message is a warning, which you have enabled (the default is ignore),
is reporting where this part of RFC 1034 is not being followed by the
administrators of yahoodns.net.

The existing syntax for host names is described in RFC 952 as modified by RFC 1123.
Host name labels are restricted to Letters, Digits and (interior) Hyphens (LDH).  The
rules in RFC 952 didn’t allow leading digits, this was relaxed in RFC 1123.

Mail domains have the same syntax as host names.

Named enforces RFC 952/1123 as part of data entry checks for primary zones for data
fields that refer to host names / mail domains.  This can be turned off.  Microsoft’s
Active Directory “_gc” label is accepted as a known exception.

Mark
 
> Thanks,
> 
> - J
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list