Messages On Startup

Mark Andrews Mark_Andrews at isc.org
Fri Aug 20 00:11:25 UTC 2004 

> Mark Andrews wrote:
> 
> >>Well, technically, underscore is invalid in a "host name", and some 
> >>ancient versions of BIND (like the buggy, insecure version you're using) 
> >>actually try to enforce this restriction.
> >>
> >>Upgrade. Later versions of BIND gave up trying to police hostname 
> >>restrictions.
> >>    
> >>
> >
> >	By popular demand check-names is supported in BIND 9.3.
> >
> One can only hope that the default setting is sensible.
> 
> >	The correct fix is to get rid of the illegal hostname.
> >	If you want to be on the Internet you need to play by
> >	the rules of the Internet.
> >
> Is BIND "the Internet"? Why then does it presume to enforce "the 
> Internet"'s rules? The DNS protocol itself has no problems with 
> underscores, and IMO that's all BIND should be concerned with. Not to 
> mention the fact that BIND and DNS are also run on intranets where "the 
> Internet"'s rules don't apply...

	Well you can run a RFC compliant intranet or not.  Just
	don't expect help from vendors if you choose to run outside
	of the RFC requirements.  The RFC are written to ensure
	interoperation between products from different vendors.

	There is no RFC recquirement to support underscores in
	hostnames.  There is a RFC requirement to support 'A'-'Z',
	'a'-'z', '0'-'9', '.' and '-' in hostnames.  There are
	libraries that filter out non-compliant hostnames when the
	name is used the context of a hostname.  e.g. getnamebyaddr().

	BIND just tries to stop you shooting yourself in the foot
	by using names that appear to be non-compliant with RFC 952
	(as modified by RFC 1123) as is required by RFC 1034.

RFC 1034:
For hosts, the mapping depends on the existing syntax for host names
which is a subset of the usual text representation for domain names,
together with RR formats for describing host addresses, etc.

                                       The idea is that the name of any
existing object can be expressed as a domain name with minimal changes.
However, when assigning a domain name for an object, the prudent user
will select a name which satisfies both the rules of the domain system
and any existing rules for the object, whether these rules are published
or implied by existing programs.

	You are perfectly free to remove the trigger guard (check-names)
	if you wish.

	Various uses of the DNS depend upon namespace with the DNS
	not colliding with each other.  SRV's name syntax depends
	was chosen so as to not collide with a legal hostname.

	Microsoft did the same thing with their AD stuff.  They have
	a extended client to handle the few hostnames within AD that
	are not compilent with RFC 952.

	I'm sure there are still others applications that depend apon
	non-colliding namespaces within the DNS.

	You break the rules at your own peril.

	Mark

>                                              - Kevin
> 
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list