underscores and 8.2.2-P5
Mark_Andrews at iengines.com
Mark_Andrews at iengines.com
Wed Dec 1 05:04:21 UTC 1999
I suspect the best way to "fix" this would be to look at the
query and refuse to answer. I would also have an acl which
controls when the test is performed.
Mark
> I just ran into the following while explaining to someone that underscores
> were sometimes OK in an owner name. (Depending on the ultimate RR type.)
>
> Given zone data of:
> $ORIGIN example.com.
> a_1 IN CNAME b
> b IN TXT "this is txt"
> IN A 1.2.3.4
>
> The following occur on a machine not authoritative for the zone:
>
> % dig a_1.example.com.
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 6
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> repeat as desired.
>
> % dig txt a_1.example.com.
> ;; ANSWER SECTION:
> a_1.example.com. 1D IN CNAME b.example.com.
> b.example.com. 1D IN TXT "this is txt"
>
> So far, so good.
>
> % dig a_1.example.com.
> ;; ANSWER SECTION:
> a_1.example.com. 23h59m5s IN CNAME b.example.com.
> b.example.com. 1D IN A 15.0.0.0
>
> On the authoritative machine, I get the final answer (instead of a
> failure) from the get-go.
>
> Is it supposed to work that way? (I think not.) Anybody got a quick fix
> on where to move/add the ns_nameok call, or do I get to go digging. (Having
> a return depend on history is very not-good, since it tends to confuse
> the unwary...)
>
> lamont
>
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at iengines.com
More information about the bind-workers
mailing list