Need clue: Underscore zones and hostnames
zeek
zeek at sparklehouse.com
Mon Dec 6 18:28:30 UTC 2004
I'm just skimming the thread but this may help
zone "_tcp.firecorporate.com" IN {
type master;
file "_tcp.firecorporate.com";
check-names ignore;
allow-update {ADservers;};
};
I got this from the AD+BIND howto.
However, I am also getting this in my log:
Dec 6 10:04:32 elvis named[23566]: /etc/named.conf:92: option 'check-names'
is not implemented
Cheers,
-zeek
> -----Original Message-----
> From: bind-users-bounce at isc.org
> [mailto:bind-users-bounce at isc.org] On Behalf Of Gregory Hicks
> Sent: Monday, December 06, 2004 1:23 PM
> To: bind-users at isc.org; bind-users at dollardns.net; nhruby at uga.edu
> Subject: Re: Need clue: Underscore zones and hostnames
>
>
> > From: "SilentRage" <bind-users at dollardns.net>
> > To: "\"nathan r. hruby\"" <bind-users at isc.org>
> > Subject: Re: Need clue: Underscore zones and hostnames
> > Date: Mon, 6 Dec 2004 13:07:18 -0500
> >
> > It seems you're already informed on the issue. Supposedly
> yeah, there
> > are some resolvers that might choke on hostnames with
> characters that
> > don't follow the standards for internet host names. Most
> especially
> > you shouldn't create mail domains or mail server domains
> with invalid
> > characters, cause that's a whole new suite of applications
> that might choke.
> >
> > The dns protocol places no restriction on 'name' content,
> which is why
> > BIND supports it, and why it works just fine in practice. For my
> > service I allow clients to create hostnames with whatever
> characters
> > they want. If they want binary characters, go for it.
> Limiting what
> > they create limits creativity and proprietary usage. If
> they manage
> > to shoot themself in the foot, I'll hand them the gun, bullets, and
> > all. If they come to me asking why some of their clients
> can't visit
> > their underscore site, I'll educate them. :)
>
> Given that I, and my cohorts, administer a 30,000 host domain
> (fairly small by some standards but large enough), if I can
> educate my users when they ask to have names created, then
> that reduces support costs for me. This is a Good Thing.
>
> Yes, limiting what they "create" limits creativity and
> proprietary usage. But it also reduces my potential support
> costs. Which is a Good Thing.
>
> Besides, if asked, the reason they want the underscore is
> because that allows the names to show up as separate "words"
> in a web link. A 'dash' does not do this "neat" formatting.
>
> Regards,
> Gregory hicks
>
> >
> > Dave
> >
> > ----- Original Message -----
> > From: "nathan r. hruby" <nhruby at uga.edu>
> > To: <bind-users at isc.org>
> > Sent: Monday, December 06, 2004 12:36 PM
> > Subject: Need clue: Underscore zones and hostnames
> >
> >
> > > Hi,
> > >
> > > Can someone please thwack me with the requisite clue-by-four and
> > > point me at the RFC that Yea's or Nea's the use of the underscore
> > > character in host and/or zone names? Google seems to not
> be helpful
> > > in finding a definitive answer. Perhaps there is none?
> > >
> > > Here's why I ask:
> > > We current support Microsoft's Active Directory on our BIND
> > > nameservers, with check-names disabled on the BIND8
> machines, so we
> > > *have* zones with underscore characters already working.
> > >
> > > Recently for some odd reason people have been requesting
> hostnames
> > > like martha_stewart.jailhouse.uga.edu. This "works" in
> as much as
> > > BIND doesn't reject the name and does serve it (thanks to some
> > > legacy names :). We also know that it's not recommended
> per various
> > > RFC's so we've been rejecting these updates and manually
> going back
> > > to the user to get them to fix it.
> > >
> > > But since it works and we have zones that *depend* on
> this behavior,
> > > we're
> > > wondering:
> > > - Are we just missing an updated RFC that now allows this?
> > > - Is an underscore allowed just for zones and still not
> for a host?
> > > - Is this just an Microsoft-ism?
> > > - Do we (or perhpas: should we) care enough to not let users shoot
> > > themselves in their feet?
> > >
> > > Note: I didn't setup the original AD-in-BIND
> infrastructure, and the
> > > person who did is not here anymore. The docs we have fail to
> > > mention the underscore issue and we're presently looking
> at various
> > > DNS changes we want to make, including our request interface that
> > > can "fix" these before they get to the update stage,
> hence my desire
> > > to have a clue about it :)
> > >
> > > Thanks for any help anyone can give me.
> > >
> > > -n
> > >
> > > --
> > > -------------------------------------------
> > > nathan hruby <nhruby at uga.edu>
> > > uga enterprise information technology services production systems
> > > support metaphysically wrinkle-free
> > > -------------------------------------------
> > >
> > >
> > >
> >
> >
>
> -------------------------------------------------------------------
> Gregory Hicks | Principal Systems Engineer
> Cadence Design Systems | Direct: 408.576.3609
> 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400
> San Jose, CA 95134 | Internet: ghicks at cadence.com
>
> I am perfectly capable of learning from my mistakes. I will surely
> learn a great deal today.
>
> "A democracy is a sheep and two wolves deciding on what to have for
> lunch. Freedom is a well armed sheep contesting the results of the
> decision." - Benjamin Franklin
>
> "The best we can hope for concerning the people at large is that they
> be properly armed." --Alexander Hamilton
>
>
>
>
>
More information about the bind-users
mailing list