CNAME and other data , BUG #428

Chimento, Douglas Douglas.Chimento at FMR.COM
Thu Dec 5 23:32:39 UTC 2002 

Dude,
Take a look at this set up:
 
192.223.154.69 is master for example.com , bind version 8.1.2
( dig -t txt -c CHAOS @192.223.154.69 version.bind )
65.96.180.71   is slave  , version 8.3.4
( dig -t txt -c CHAOS @65.96.180.71 version.bind )
Now do a query for www.example.com ( do this like 4 or 5 times )
  dig @192.223.154.69 www.example.com  
  dig @65.96.180.71   www.example.com  

Hmm....it seems to respond with answers, albeit they are "illegal" I have
seen both windows and unix/linux dns clients accept these dns answers.
(Although linux will syslog a warning)

Currently our infrastructure consists of bind version 8.1.2 and we load 20 -
30 cname errors. Thus far , everything is running ok.

Here is the point I am trying to make:
The slave servers don't reject the zone when "Cname and other error" occurs.
Which , I think is wrong, the slave should reject the zone.


I have a patch for 8.3.4 to NOT make CNAMEANDOTHER a hard error Instead BIND
will load the 1st entry and discard the 2nd and load the rest of the zone.
However, if someone puts only 
"@ IN CNAME somethingelse", bind will load. Which is bad...I guess.

FYI ---- example.com ZONE

@       IN      SOA     bubba.example.com. root.localhost (
                        3
                        28800
                        7200
                        604800
                        86400 )

        IN      NS      bubba
bubba   IN      A       192.168.0.254
joe     IN      A       192.168.0.10
www     IN      A       192.168.0.1
www     IN      CNAME   bubba

-----Original Message-----
From: Nate Campi [mailto:nate at campin.net] 
Sent: Thursday, December 05, 2002 3:08 PM
To: Chimento, Douglas
Cc: 'comp-protocols-dns-bind at isc.org'
Subject: Re: CNAME and other data , BUG #428


On Thu, Dec 05, 2002 at 02:26:23PM -0500, Chimento, Douglas wrote:
> 
> > If you actually serve such errors to the internet,
> > your DNS won't work  anyways - so there's no point in disabling it.
> 
> Huh?
> Yes it will.
> Are you saying that people running version 8.1.2 and lower with this 
> error won't work at all?

Yes. I went to the trouble of explaining why. If you want to ignore it,
that's up to you.
-- 
Nate Campi   http://www.campin.net 

"Those who don't read have no advantage over those who can't." - Samuel
Clemens

More information about the bind-users mailing list