named-checkzone 9.4.1-P1 appears to treat "out of zone" as "CNAME (illegal)"

Wed Oct 31 15:32:50 UTC 2007

	The named-checkzone utility from BIND 9.4.1-P1 is giving me unexpected
	and apparently bogus warnings.  It seems to be treating ALL out-of-one
	targets in NS and MX records as if they were references to CNAMEd  
names.

	This looks to me like a bug.

	We always download the tarball from ISC and install BIND from that.

	Here are the results from named-checkzone.

keadeen(noreilly)111: named-checkzone ucd.ie tmp/ucd.ie.dummy-zone
zone ucd.ie/IN: hermes.ucd.ie/MX 'relay.esat.net' (out of zone) is a  
CNAME (illegal)
zone ucd.ie/IN: www.ucd.ie/NS 'beaker.heanet.ie' (out of zone) is a  
CNAME (illegal)
zone ucd.ie/IN: www.ucd.ie/NS 'bunsen.heanet.ie' (out of zone) is a  
CNAME (illegal)
zone ucd.ie/IN: loaded serial 2007103106
OK
keadeen(noreilly)112:

	Below is possibly relevant additional information.

keadeen(noreilly)112: cat tmp/ucd.ie.dummy-zone
$TTL 86400
$ORIGIN ucd.ie.
@               IN      SOA     . sysman.ucd.ie. (
                                 2007103106      ; serial
                                 14400           ; Refresh - 4 hours
                                 7200            ; Retry - 2 hours
                                 604800          ; Expire - 7 days
                                 86400 )         ; Default - 1 day
;
@               IN      NS      stealth.ucd.ie.
;
$ORIGIN ucd.ie.
;
www     300     IN      NS      beaker.heanet.ie.
www     300     IN      NS      bunsen.heanet.ie.
www     300     IN      NS      www-dns1
www     300     IN      NS      www-dns2
;
hermes          IN           MX      190 relay.esat.net.
;
stealth         IN      A       192.0.2.1
www-dns1        IN      A       192.0.2.2
www-dns2        IN      A       192.0.2.3
;
; -- End --
keadeen(noreilly)113: which named-checkzone
/usr/local/sbin/named-checkzone
keadeen(noreilly)114: `which named-checkzone` -v
9.4.1-P1
keadeen(noreilly)115: uname -a
Linux keadeen.ucd.ie 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST  
2004 i686 i686 i386 GNU/Linux
keadeen(noreilly)116: dig +noall +ans beaker.heanet.ie  
bunsen.heanet.ie relay.esat.net
beaker.heanet.ie.       2125    IN      A       193.1.219.148
bunsen.heanet.ie.       2125    IN      A       193.1.192.170
relay.esat.net.         300     IN      A       193.95.141.42
relay.esat.net.         300     IN      A       193.120.142.83
relay.esat.net.         300     IN      A       193.120.142.153
relay.esat.net.         300     IN      A       193.95.141.40
relay.esat.net.         300     IN      A       193.95.141.41
keadeen(noreilly)117:

	Not a CNAME in sight!

	Now, I may have left my brain somewhere else today, but this really  
looks
	to me like a bug.

	Mentioning it may save someone else some time and confusion.


	Best regards,

	Niall O'Reilly
	University College Dublin IT Services

	PGP key ID: AE995ED9 (see www.pgp.net)
	Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9