CNAME and other data , BUG #428

Chimento, Douglas Douglas.Chimento at FMR.COM
Thu Dec 5 23:09:02 UTC 2002 


> And there is no point in having software guess what errors 
> to ignore thus bind discrads the whole zone.

I thought bind could ignore illegal characters ? If so , bind is choosing to
ignore some errors. Please correct me if I am wrong.


-----Original Message-----
From: phn at icke-reklam.ipsec.nu [mailto:phn at icke-reklam.ipsec.nu] 
Sent: Thursday, December 05, 2002 4:56 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: CNAME and other data , BUG #428



Chimento, Douglas <Douglas.Chimento at fmr.com> wrote:

> From what I have seen :
> If A records show up in the file  before cnames , it seems to work 
> fine.

> Bind=20
> Why does BIND reject the entire zone and not the entry which caused 
> the issue?

In the "old days" bind didn't notice, instead errors creeped up randomly at
*other* nameservers ( depending on which order the responses came )

As this never been legal, nor meaningful, modern bind detects the broken
config and refuses to load such a zone.=20

And there is no point in having software guess what errors to ignore thus
bind discrads the whole zone.

What you are trying to do is simular to be "partly pregnant".




> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]=20
> Sent: Thursday, December 05, 2002 2:32 PM
> To: 'comp-protocols-dns-bind at isc.org'
> Subject: Re: CNAME and other data , BUG #428



> "Chimento, Douglas" wrote:

>> > If you actually serve such errors to the internet,
>> > your DNS won't work  anyways - so there's no point in disabling it.
>>
>> Huh?
>> Yes it will.
>> Are you saying that people running version 8.1.2 and lower with 
>> this=20 error won't work at all?

> It might work *intermittently*, depending on the order in which the 
> reco=
rds
> are seen, and the respective software versions and 
> standards-conformance=
 of
> the servers and/or clients which are communicating with your 
> server(s).

> Certainly nothing I'd trust a production system to.


> - Kevin




--=20
Peter H=E5kanson=20=20=20=20=20=20=20=20=20
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list