underscores and 8.2.2-P5

Mark_Andrews at iengines.com Mark_Andrews at iengines.com
Wed Dec 1 05:04:21 UTC 1999


	I suspect the best way to "fix" this would be to look at the
	query and refuse to answer.  I would also have an acl which
	controls when the test is performed.

	Mark

> I just ran into the following while explaining to someone that underscores
> were sometimes OK in an owner name.  (Depending on the ultimate RR type.)
> 
> Given zone data of:
>     $ORIGIN example.com.
>     a_1     IN CNAME b
>     b       IN TXT "this is txt"
> 	    IN A 1.2.3.4
> 
> The following occur on a machine not authoritative for the zone:
> 
>     % dig a_1.example.com.
>     ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 6
>     ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> repeat as desired.
> 
>     % dig txt a_1.example.com.
>     ;; ANSWER SECTION:
>     a_1.example.com.        1D IN CNAME     b.example.com.
>     b.example.com.          1D IN TXT       "this is txt"
> 
> So far, so good.
> 
>     % dig a_1.example.com.
>     ;; ANSWER SECTION:
>     a_1.example.com.        23h59m5s IN CNAME  b.example.com.
>     b.example.com.          1D IN A         15.0.0.0
> 
> On the authoritative machine, I get the final answer (instead of a
> failure) from the get-go.
> 
> Is it supposed to work that way? (I think not.)  Anybody got a quick fix
> on where to move/add the ns_nameok call, or do I get to go digging.  (Having
> a return depend on history is very not-good, since it tends to confuse
> the unwary...)
> 
> lamont
> 
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com


More information about the bind-workers mailing list