named-checkzone 9.4.1-P1 appears to treat "out of zone" as "CNAME (illegal)"
Niall O'Reilly
Niall.oReilly at ucd.ie
Wed Oct 31 15:32:50 UTC 2007
The named-checkzone utility from BIND 9.4.1-P1 is giving me unexpected
and apparently bogus warnings. It seems to be treating ALL out-of-one
targets in NS and MX records as if they were references to CNAMEd
names.
This looks to me like a bug.
We always download the tarball from ISC and install BIND from that.
Here are the results from named-checkzone.
keadeen(noreilly)111: named-checkzone ucd.ie tmp/ucd.ie.dummy-zone
zone ucd.ie/IN: hermes.ucd.ie/MX 'relay.esat.net' (out of zone) is a
CNAME (illegal)
zone ucd.ie/IN: www.ucd.ie/NS 'beaker.heanet.ie' (out of zone) is a
CNAME (illegal)
zone ucd.ie/IN: www.ucd.ie/NS 'bunsen.heanet.ie' (out of zone) is a
CNAME (illegal)
zone ucd.ie/IN: loaded serial 2007103106
OK
keadeen(noreilly)112:
Below is possibly relevant additional information.
keadeen(noreilly)112: cat tmp/ucd.ie.dummy-zone
$TTL 86400
$ORIGIN ucd.ie.
@ IN SOA . sysman.ucd.ie. (
2007103106 ; serial
14400 ; Refresh - 4 hours
7200 ; Retry - 2 hours
604800 ; Expire - 7 days
86400 ) ; Default - 1 day
;
@ IN NS stealth.ucd.ie.
;
$ORIGIN ucd.ie.
;
www 300 IN NS beaker.heanet.ie.
www 300 IN NS bunsen.heanet.ie.
www 300 IN NS www-dns1
www 300 IN NS www-dns2
;
hermes IN MX 190 relay.esat.net.
;
stealth IN A 192.0.2.1
www-dns1 IN A 192.0.2.2
www-dns2 IN A 192.0.2.3
;
; -- End --
keadeen(noreilly)113: which named-checkzone
/usr/local/sbin/named-checkzone
keadeen(noreilly)114: `which named-checkzone` -v
9.4.1-P1
keadeen(noreilly)115: uname -a
Linux keadeen.ucd.ie 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST
2004 i686 i686 i386 GNU/Linux
keadeen(noreilly)116: dig +noall +ans beaker.heanet.ie
bunsen.heanet.ie relay.esat.net
beaker.heanet.ie. 2125 IN A 193.1.219.148
bunsen.heanet.ie. 2125 IN A 193.1.192.170
relay.esat.net. 300 IN A 193.95.141.42
relay.esat.net. 300 IN A 193.120.142.83
relay.esat.net. 300 IN A 193.120.142.153
relay.esat.net. 300 IN A 193.95.141.40
relay.esat.net. 300 IN A 193.95.141.41
keadeen(noreilly)117:
Not a CNAME in sight!
Now, I may have left my brain somewhere else today, but this really
looks
to me like a bug.
Mentioning it may save someone else some time and confusion.
Best regards,
Niall O'Reilly
University College Dublin IT Services
PGP key ID: AE995ED9 (see www.pgp.net)
Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9
More information about the bind-users
mailing list