why the new complaints about inherited owner?
Shane Kerr
shane at time-travellers.org
Tue Nov 25 12:15:32 UTC 2014
Mark,
On Tue, 25 Nov 2014 22:51:11 +1100
Mark Andrews <marka at isc.org> wrote:
> In message <1DAC056D-B368-48D0-BC6A-4349AD86FB64 at netconsonance.com>,
> Jo Rhett writes:
> > Googling for information on this log message I can find only the
> > source cod= e changes. Why exactly is this bad?
> >
> > ov 25 03:07:15 geode named[4173]: domain.include:2: record with
> > inherited o= wner (netconsonance.com) immediately after $ORIGIN
> > (netconsonance.com)
> >
> > Zone file has the totally bog-standard SOA followed by NS records.
> > Like eve= ry record in which multiple RRs are done for the same
> > name, the NS entries = are inherited. This is not only
> > bog-standard, but it=92s still shown in the= latest BIND book from
> > O=92Reilly. So if this is now Bad(tm) can we post s= omething
> > about why it is bad, and what the recommended practice is?
>
> Because usually it is a error. $ORIGIN sets "@" not the current
> owner name.
Is this something that came up because of user complaints or operator
suggestion?
I ask because it looks like BIND 9 being changed arbitrarily to be
"better" with the actual effect of causing operator confusion and
concern (as we see here). (Note that I don't follow bind9-users any
more so I could very well have missed a nice discussion about this!)
> $ORIGIN netconsonance.com
> SOA ...
> NS ...
>
> $ORIGIN netconsonance.com
> @ SOA ...
> @ NS ...
>
>
> The owner of the SOA record depends on what lies before the $ORIGIN
> for the first group.
Does the message appear if there is actually something before $ORIGIN,
or does it happen all the time? The ideal case would only flag this as
a possible problem if it is a possible problem (meaning if something
actually comes before $ORIGIN). ;)
> For the second group the owner of the SOA record is the value of
> $ORIGIN.
Cheers,
--
Shane
More information about the bind-workers
mailing list