PLEASE READ: BIND 8.2.2 problem
Kevin Darcy
kcd at daimlerchrysler.com
Thu Apr 27 23:29:43 UTC 2000
Brian Keves - NCS UAI Contractor wrote:
> I have run across an issue with BIND 8.2.2-P5 that I haven't been able to
> resolve with an option in named.conf.
>
> We run hosts2ns automatically to convert our NIS hosts file into DNS
> zone DB files. Since we have such a large number of admins we sometimes
> end up with CNAMES that have other data, getting the standard messages
> from named:
>
> Apr 27 14:05:51 ankokuji named[24446]: auto/synopsys.com:50225:iei.synopsys.com:
> CNAME and OTHER data error
> Apr 27 14:05:51 ankokuji named[24446]: master zone "synopsys.com" (IN) rejected
> due to errors (serial 2000042756)
>
> Under Bind 4.9.7 we would get the messages but named would still accept
> the domain. Under Bind 8.2.2-P5 named rejects the domain and the server
> quietly becomes non-authoritative for synopsys.com.
>
> The result being that any changes made to the NIS hosts file do not get
> into DNS and we cannot resolve them using nslookup until the error is fixed
> in the NIS hosts file.
>
> I have been looking for an option or something to tell BIND 8.2.2-P5 to
> just throw out the bad record and not reject the domain. Seems silly to
> reject the entire domain just because of one error.
I don't think this is silly at all. How can BIND trust the rest of your zone file
if it contains such a glaring error? How does it know it's not completely
corrupted?
You should be filtering out bogosities like this before they get into your zonefile
in the first place. DNS isn't just some dumping ground for NIS trash.
- Kevin
More information about the bind-users
mailing list