Bind 8.2.3, zone rejected due to CNAME error

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Mon Mar 26 13:34:58 UTC 2001 

> 
> Hi,
> 
> The version 8.2.3 of bind reject the entire zone, when it find an error in a
> CNAME e.g.
> 
> server.foo.com.	IN A 172.1.1.200
> server.foo.com.	IN CNAME host.foo.com.

	This has always been illegal.  You can have a CNAME or you
	can have data.  You cannot have both.  See RFC 1034, Section
	3.6.2. Aliases and canonical names, paragraph 3

"The domain system provides such a feature using the canonical name
(CNAME) RR.  A CNAME RR identifies its owner name as an alias, and
specifies the corresponding canonical name in the RDATA section of the
RR.  If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different.  This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types."

> 
> The behaviour seems to be the same for both "check-names warn/ignore"
> options, and the server does not answer any queries for this zone and does
> not allow any zone-transfer.

	Why do you think this has anything to do with check-names?  The
	error is "CNAME and other data".

>  
> The previous version 8.2.2 pl 5 did also reject the zone, but the result was
> different, it continued to answer queries for the zone, but did not allow a
> zone-transfer.

	So you could *FIX* the error.  But because people like you
	didn't fix the errors and hence caused problems for everyone
	else looking up data in zone we made the server stop serving
	the zone so that you would be forced to fix the errors and
	stop inflicting your bad management on the rest of the net.

> 
> Are the "No answer to queries" inteded, or is it a bug/feature?

	It is intended.

> How can we avoid it?

	Fix the reported errors.

> 
> We are running some unattended updates to the zone-files, which can cause in
> CNAME-errors, and would prefer the "old" behaviour, since it only affected
> the zone-transfer and not the queries.

	Fix the process that is generating the illegal zone files.

	Mark
> 
> Thanks in advance
> 
> Peter Pedersen
> Scandinavian IT Group 
> Senior Specialist
> ES&NM - Enterprise System & Network Management
> Tel. + 45 32 32 61 38
> Mob. + 45 20 89 09 10
> Fax. + 45 32 32 67 31
> www.scandinavianIT.com
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list