What's the REAL DEAL with Underscores in BIND8.X?
Kevin Darcy
kcd at daimlerchrysler.com
Sat Oct 16 01:46:38 UTC 1999
Scott Morizot wrote:
> On Fri, 15 Oct 1999, Ray Galuszka wrote:
> > On page 77 in Albitz/Liu's DNS & BIND 3rd Edition, the authors state that
> > underscores are not allowed in hostnames. However, on the next page they
> > talk about how you can specify either fail, warn or ignore on the
> > check-names option.
> >
> > I have LOTS of underscores in my BIND4.x environment now and we're migrating
> > to BIND8. I set up our test server to "ignore" on the check-names option
> > and the thing is resolving these names with no problem!
> >
> > The question is: if I set this ignore option and use underscores in
> > hostnames and aliases, what might I break?? It sure beats putting out
> > fires later because some server on my network somewhere expects an
> > underscore that I changed to a hyphen in a hostname.
>
> Underscores in hostnames have always been illegal per RFC 952.
> Versions of BIND before about 4.9.3 simply didn't enforce the
> requirement at all. (Actually, BIND 4.8 pretty much accepted
> anything.)
>
> Allowing underscores will cause a problem with any software or
> device that expects names to be compliant with RFC952. Since
> you apparently aren't having a problem now, you may not have
> any at the moment.
>
> The long-term solution is to rename the systems using hyphens
> instead of underscores and create aliases with the underscore.
> Then you can age the aliases off your DNS gradually over time.
What cost-justifications could there possibly be for such a forced
migration? "RFC compliance" doesn't mean a hell of a lot to a beancounter;
where's the money? And we're not talking chump change either: we have over
7,000+ underscored names in our DNS database here, thanks to BIND's longstanding
permissiveness.
Separating underscore-checks from other kinds of name-checking within BIND would
seem to be a far more practical solution to this "problem", at least until
RFC 1035's ban on underscores can be officially obsoleted on the basis that the
stated justification for it -- migration from the HOSTS.TXT file -- has long
since passed.
- Kevin
More information about the bind-users
mailing list