why the new complaints about inherited owner?

Mark Andrews marka at isc.org
Tue Nov 25 13:06:21 UTC 2014


In message <20141125131532.38facc92 at vulcan>, Shane Kerr writes:
> Mark,
> 
> On Tue, 25 Nov 2014 22:51:11 +1100
> Mark Andrews <marka at isc.org> wrote:
> > In message <1DAC056D-B368-48D0-BC6A-4349AD86FB64 at netconsonance.com>,
> > Jo Rhett writes:
> > > Googling for information on this log message I can find only the
> > > source code changes. Why exactly is this bad?
> > > 
> > > ov 25 03:07:15 geode named[4173]: domain.include:2: record with
> > > inherited owner (netconsonance.com) immediately after $ORIGIN
> > > (netconsonance.com)
> > > 
> > > Zone file has the totally bog-standard SOA followed by NS records.
> > > Like every record in which multiple RRs are done for the same
> > > name, the NS entries are inherited. This is not only
> > > bog-standard, but it's still shown in the latest BIND book from
> > > O'Reilly.  So if this is now Bad(tm) can we post something
> > > about why it is bad, and what the recommended practice is?
> > 
> > Because usually it is a error.  $ORIGIN sets "@" not the current
> > owner name.
> 
> Is this something that came up because of user complaints or operator
> suggestion?

Because we have had multiple bug reports about $ORIGIN not working
in senario 1 with people expecting $ORIGIN to also change the current
owner name.

> I ask because it looks like BIND 9 being changed arbitrarily to be
> "better" with the actual effect of causing operator confusion and
> concern (as we see here). (Note that I don't follow bind9-users any
> more so I could very well have missed a nice discussion about this!)

As for operator confusion this is the only time this log message has
been mentioned since it was introduced back in January 2013.  Report
of named being broken because people expected $ORIGIN to also set
the current owner name were much more common than that.

> > $ORIGIN netconsonance.com
> > 	SOA ...
> > 	NS ...
> > 
> > $ORIGIN netconsonance.com
> > @	SOA ...
> > @	NS ...
> > 
> >  
> > The owner of the SOA record depends on what lies before the $ORIGIN
> > for the first group.
> 
> Does the message appear if there is actually something before $ORIGIN,
> or does it happen all the time? The ideal case would only flag this as
> a possible problem if it is a possible problem (meaning if something
> actually comes before $ORIGIN). ;)

If there is nothing before $ORIGIN you don't have a owner name to
inherit which is a fatal error.
  
> > For the second group the owner of the SOA record is the value of
> > $ORIGIN.
> 
> Cheers,
> 
> --
> Shane
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-workers mailing list