Check zones with underscores in host names (A Records)

Gregory Hicks ghicks at cadence.com
Tue Feb 12 13:55:17 UTC 2008 

> Date: Tue, 12 Feb 2008 13:11:55 +0200
> From: "Haim [Howard] Roman" <roman at jct.ac.il>
> To: Jack Tavares <j.tavares at f5.com>, bind-users at isc.org
> Subject: Re: Check zones with underscores in host names (A Records)
> X-JCT-Whitelist: NO
> 
> We also have to allow underscores (good old Microsoft!).  Here is what
> we have in our /etc/named.conf:

Underscore in DOMAIN names seem to be OK.

If you were to do this:

_sub_domain_1.example.com.   ....
instead of this:
_sub_domain_1                ....

It should be OK.  Of course, you have to set up the rest of the 
delegation...
> 
> 
>     options {
>     ...
> 
>     #---------------------------------------------------------
>     # turn off name checking.  We have too many host names with
>     # underscores, plus all the MS AD records we get from others.
>     # Anyway, while RFC 1123 forbade underscores, RFC 2181 allowed
>     # it *& maybe other characters.  (roman 2007/12/05)
> 
>     check-names master ignore;
>     check-names slave  ignore;
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Haim (Howard) Roman
> Computer Center, Jerusalem College of Technology
> roman at jct.ac.il
> Phone: 052-8-592-599 (6022 from within Machon Lev)
> 
> 
> 
> -------- Original Message  --------
> Subject: Check zones with underscores in host names (A Records)
> From: Jack Tavares <j.tavares at F5.com>
> To: bind-users at isc.org
> Date: Tue Feb 12 2008 12:57:13 GMT+0200 (IST)
> > Hello -
> >  
> > I use named-checkzone to check for zone validity.
> >  
> > However, named-checkzone will complain if there is an "_" in the 
domain label of an A Record.
> >  
> > I need to allow for underscores in A records, but I still want to 
check for other errors.
> >  
> > It seems to me that the only way to do that would be to parse the 
error/warning strings
> > to separate errors that I want to ignore (underscores) and catch 
errors that I care about.
> >  
> > Is there any other way to do this?
> >  
> > Example, given this zone file
> > $ORIGIN .
> > $TTL 500        ; 8 minutes 20 seconds
> > test.com                IN SOA  d62.test.net. 
hostmaster.d62.test.net. (
> >                                 8          ; serial
> >                                 10800      ; refresh (3 hours)
> >                                 3600       ; retry (1 hour)
> >                                 604800     ; expire (1 week)
> >                                 60         ; minimum (1 minute)
> >                                 )
> >                         NS      d62.test.net.
> > $ORIGIN test.com.
> > under_score             A 1.2.3.4
> >                                NS unknown.test.net.
> >  
> > calling named-checkzone thusly
> >  
> > named-checkzone test.com. db.test
> > returns
> > db.test:14: under_score.test.com: bad owner name (check-names)
> > zone test.com/IN: under_score.test.com/NS 'unknown.test.net' (out of 
zone) has no addresses records (A or AAAA)
> > zone test.com/IN: loaded serial 8
> > OK
> > with a return code of 0
> >  
> > Calling with
> > named-checkzone -kfail test.com. db.test
> > returns
> > db.test:14: under_score.test.com: bad owner name (check-names)
> > zone test.com/IN: loading from master file db.test failed: bad owner 
name (check-names)
> > [root at d35:Active] namedb # echo $?
> > 1
> >
> > It returns an error code of "1", but stops after the first error.
> >  
> > calling with
> >  
> > named-checkzone -kfail -ifull test.com. db.test
> > also stops at the first error.
> >  
> > using
> > named-checkzone -kwarn -ifull test.com . db.test
> > gives
> > db.test:14: under_score.test.com: bad owner name (check-names)
> > zone test.com/IN: under_score.test.com/NS 'unknown.test.net' (out of 
zone) has no addresses records (A or AAAA)
> > zone test.com/IN: loaded serial 8
> > OK
> >
> > returns an error code of 0 (ok) but logs messages.
> >  
> > So, to do what I want to do,
> > I have to basically ignore the return code and parse the output 
messages to see if something has
> > gone wrong.
> >  
> > Am I missing an easier way to do this?
> >  
> > Thanks
> >  
> > --
> > jack
> >  
> >  
> >  
> >
> >
> >   
> 
> 
> 

---------------------------------------------------------------------
Gregory Hicks                           | Principal Systems Engineer
Cadence Design Systems                  | Direct:   408.576.3609
555 River Oaks Pkwy M/S 9B1
San Jose, CA 95134

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision."

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton

More information about the bind-users mailing list