<html><head></head><body dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="ApplePlainTextBody"><div class="ApplePlainTextBody">Check-names in enforced by UPDATE independent of the format the zone is stored in. Named-compilezone will also reject by default.<br><br> -k mode<br> This option performs check-names checks with the specified failure mode. Possible modes are fail (the default for named-compilezone), warn (the default for<br> named-checkzone), and ignore.<br><br>the code to read in raw format doesn’t do check-names processing. It is assumed that named-compilezone and UPDATE checks in named are enough. We could slow down the load a little by adding check-name checks on that path as well if needed. <br><br><blockquote type="cite">On 6 Nov 2021, at 00:03, Petr Menšík <pemensik@redhat.com> wrote:<br><br>I am not 100% sure, but what format of the zone were used?<br><br>I think this should be usually catched by default check-names value on master zones. However, in masterfile-format, I found this sentence [1]:<br><br><blockquote type="cite">In particular, check-names checks do not apply for the raw format.<br></blockquote><br>Does that mean dynamic updated zones saved in raw format would never have check-names active, both on dynamic updates and on (re)start of named? I have not tested it yet, but it might be somehow hard to avoid. I found no details about dynamic updates related in check-names. I think it should refuse such updates on primary server, but not sure that is enforced. Especially if zone file format is raw.<br><br>Cheers,<br>Petr<br><br>1. https://bind.isc.org/doc/arm/9.11/Bv9ARM.ch06.html#options_grammar<br><br>On 11/4/21 20:27, Bruce Johnson via bind-users wrote:<br><blockquote type="cite">On Nov 4, 2021, at 12:01 PM, Bruce Johnson <johnson@pharmacy.arizona.edu> wrote:<br><blockquote type="cite"><br>This morning our server started failing to reload or start. <br><br>checking the status reveals not a lot of info:<br><br>systemctl status named-chroot<br>● named-chroot.service - Berkeley Internet Name Domain (DNS)<br> Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; enabled; vendor preset: disabled)<br> Active: failed (Result: exit-code) since Thu 2021-11-04 11:55:17 MST; 27s ago<br> Process: 2020 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exit><br></blockquote><br>named-checkconf -z revealed a name had been entered with underscores. The person responsible has been sacked. (not really, merely reminded no underscores are allowed in A records :-)<br><br>Does named-checkzone not check for this? <br><br><br>-- <br>Bruce Johnson<br>University of Arizona<br>College of Pharmacy<br>Information Technology Group<br><br>Institutions do not have opinions, merely customs<br><br><br><br>_______________________________________________<br>Please visit <br>https://lists.isc.org/mailman/listinfo/bind-users<br> to unsubscribe from this list<br><br>ISC funds the development of this software with paid support subscriptions. Contact us at <br>https://www.isc.org/contact/<br> for more information.<br><br><br>bind-users mailing list<br><br>bind-users@lists.isc.org<br>https://lists.isc.org/mailman/listinfo/bind-users<br></blockquote>-- <br>Petr Menšík<br>Software Engineer<br>Red Hat, <br>http://www.redhat.com/<br><br>email: <br>pemensik@redhat.com<br><br>PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB<br><br>_______________________________________________<br>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list<br><br>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.<br><br><br>bind-users mailing list<br>bind-users@lists.isc.org<br>https://lists.isc.org/mailman/listinfo/bind-users<br></blockquote><br>-- <br>Mark Andrews, ISC<br>1 Seymour St., Dundas Valley, NSW 2117, Australia<br>PHONE: +61 2 9871 4742 INTERNET: marka@isc.org<br><br></div></body></html>