named-checkzone 9.4.1-P1 appears to treat "out of zone" as "CNAME (illegal)"
Mark Andrews
Mark_Andrews at isc.org
Wed Oct 31 22:56:21 UTC 2007
> The named-checkzone utility from BIND 9.4.1-P1 is giving me unexpected
> and apparently bogus warnings. It seems to be treating ALL out-of-one
> targets in NS and MX records as if they were references to CNAMEd
> names.
>
> This looks to me like a bug.
>
> We always download the tarball from ISC and install BIND from that.
>
> Here are the results from named-checkzone.
>
> keadeen(noreilly)111: named-checkzone ucd.ie tmp/ucd.ie.dummy-zone
> zone ucd.ie/IN: hermes.ucd.ie/MX 'relay.esat.net' (out of zone) is a
> CNAME (illegal)
> zone ucd.ie/IN: www.ucd.ie/NS 'beaker.heanet.ie' (out of zone) is a
> CNAME (illegal)
> zone ucd.ie/IN: www.ucd.ie/NS 'bunsen.heanet.ie' (out of zone) is a
> CNAME (illegal)
> zone ucd.ie/IN: loaded serial 2007103106
> OK
> keadeen(noreilly)112:
getaddrinfo() returned a different name in ai_canonname to
relay.esat.net when the address of relay.esat.net was looked
up.
I'll make named-checkzone report the name returned.
Mark
Index: bin/check/check-tool.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/check/check-tool.c,v
retrieving revision 1.10.18.18
diff -u -r1.10.18.18 check-tool.c
--- bin/check/check-tool.c 13 Sep 2007 05:04:01 -0000 1.10.18.18
+++ bin/check/check-tool.c 31 Oct 2007 22:55:45 -0000
@@ -142,8 +142,8 @@
strcasecmp(ai->ai_canonname, namebuf) != 0) {
dns_zone_log(zone, ISC_LOG_ERROR,
"%s/NS '%s' (out of zone) "
- "is a CNAME (illegal)",
- ownerbuf, namebuf);
+ "is a CNAME '%s' (illegal)",
+ ownerbuf, namebuf, ai->ai_canonname);
/* XXX950 make fatal for 9.5.0 */
/* answer = ISC_FALSE; */
}
@@ -317,8 +317,9 @@
if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
dns_zone_log(zone, ISC_LOG_WARNING,
"%s/MX '%s' (out of zone) "
- "is a CNAME (illegal)",
- ownerbuf, namebuf);
+ "is a CNAME '%s' (illegal)",
+ ownerbuf, namebuf,
+ cur->ai_canonname);
if (level == ISC_LOG_ERROR)
answer = ISC_FALSE;
}
@@ -390,8 +391,9 @@
if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
dns_zone_log(zone, level,
"%s/SRV '%s' (out of zone) "
- "is a CNAME (illegal)",
- ownerbuf, namebuf);
+ "is a CNAME '%s' (illegal)",
+ ownerbuf, namebuf,
+ cur->ai_canonname);
if (level == ISC_LOG_ERROR)
answer = ISC_FALSE;
}
> Below is possibly relevant additional information.
>
> keadeen(noreilly)112: cat tmp/ucd.ie.dummy-zone
> $TTL 86400
> $ORIGIN ucd.ie.
> @ IN SOA . sysman.ucd.ie. (
> 2007103106 ; serial
> 14400 ; Refresh - 4 hours
> 7200 ; Retry - 2 hours
> 604800 ; Expire - 7 days
> 86400 ) ; Default - 1 day
> ;
> @ IN NS stealth.ucd.ie.
> ;
> $ORIGIN ucd.ie.
> ;
> www 300 IN NS beaker.heanet.ie.
> www 300 IN NS bunsen.heanet.ie.
> www 300 IN NS www-dns1
> www 300 IN NS www-dns2
> ;
> hermes IN MX 190 relay.esat.net.
> ;
> stealth IN A 192.0.2.1
> www-dns1 IN A 192.0.2.2
> www-dns2 IN A 192.0.2.3
> ;
> ; -- End --
> keadeen(noreilly)113: which named-checkzone
> /usr/local/sbin/named-checkzone
> keadeen(noreilly)114: `which named-checkzone` -v
> 9.4.1-P1
> keadeen(noreilly)115: uname -a
> Linux keadeen.ucd.ie 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST
> 2004 i686 i686 i386 GNU/Linux
> keadeen(noreilly)116: dig +noall +ans beaker.heanet.ie
> bunsen.heanet.ie relay.esat.net
> beaker.heanet.ie. 2125 IN A 193.1.219.148
> bunsen.heanet.ie. 2125 IN A 193.1.192.170
> relay.esat.net. 300 IN A 193.95.141.42
> relay.esat.net. 300 IN A 193.120.142.83
> relay.esat.net. 300 IN A 193.120.142.153
> relay.esat.net. 300 IN A 193.95.141.40
> relay.esat.net. 300 IN A 193.95.141.41
> keadeen(noreilly)117:
>
> Not a CNAME in sight!
>
> Now, I may have left my brain somewhere else today, but this really
> looks
> to me like a bug.
>
> Mentioning it may save someone else some time and confusion.
>
>
> Best regards,
>
> Niall O'Reilly
> University College Dublin IT Services
>
> PGP key ID: AE995ED9 (see www.pgp.net)
> Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9
>
>
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list