Check zones with underscores in host names (A Records)
Gregory Hicks
ghicks at cadence.com
Tue Feb 12 13:55:17 UTC 2008
> Date: Tue, 12 Feb 2008 13:11:55 +0200
> From: "Haim [Howard] Roman" <roman at jct.ac.il>
> To: Jack Tavares <j.tavares at f5.com>, bind-users at isc.org
> Subject: Re: Check zones with underscores in host names (A Records)
> X-JCT-Whitelist: NO
>
> We also have to allow underscores (good old Microsoft!). Here is what
> we have in our /etc/named.conf:
Underscore in DOMAIN names seem to be OK.
If you were to do this:
_sub_domain_1.example.com. ....
instead of this:
_sub_domain_1 ....
It should be OK. Of course, you have to set up the rest of the
delegation...
>
>
> options {
> ...
>
> #---------------------------------------------------------
> # turn off name checking. We have too many host names with
> # underscores, plus all the MS AD records we get from others.
> # Anyway, while RFC 1123 forbade underscores, RFC 2181 allowed
> # it *& maybe other characters. (roman 2007/12/05)
>
> check-names master ignore;
> check-names slave ignore;
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Haim (Howard) Roman
> Computer Center, Jerusalem College of Technology
> roman at jct.ac.il
> Phone: 052-8-592-599 (6022 from within Machon Lev)
>
>
>
> -------- Original Message --------
> Subject: Check zones with underscores in host names (A Records)
> From: Jack Tavares <j.tavares at F5.com>
> To: bind-users at isc.org
> Date: Tue Feb 12 2008 12:57:13 GMT+0200 (IST)
> > Hello -
> >
> > I use named-checkzone to check for zone validity.
> >
> > However, named-checkzone will complain if there is an "_" in the
domain label of an A Record.
> >
> > I need to allow for underscores in A records, but I still want to
check for other errors.
> >
> > It seems to me that the only way to do that would be to parse the
error/warning strings
> > to separate errors that I want to ignore (underscores) and catch
errors that I care about.
> >
> > Is there any other way to do this?
> >
> > Example, given this zone file
> > $ORIGIN .
> > $TTL 500 ; 8 minutes 20 seconds
> > test.com IN SOA d62.test.net.
hostmaster.d62.test.net. (
> > 8 ; serial
> > 10800 ; refresh (3 hours)
> > 3600 ; retry (1 hour)
> > 604800 ; expire (1 week)
> > 60 ; minimum (1 minute)
> > )
> > NS d62.test.net.
> > $ORIGIN test.com.
> > under_score A 1.2.3.4
> > NS unknown.test.net.
> >
> > calling named-checkzone thusly
> >
> > named-checkzone test.com. db.test
> > returns
> > db.test:14: under_score.test.com: bad owner name (check-names)
> > zone test.com/IN: under_score.test.com/NS 'unknown.test.net' (out of
zone) has no addresses records (A or AAAA)
> > zone test.com/IN: loaded serial 8
> > OK
> > with a return code of 0
> >
> > Calling with
> > named-checkzone -kfail test.com. db.test
> > returns
> > db.test:14: under_score.test.com: bad owner name (check-names)
> > zone test.com/IN: loading from master file db.test failed: bad owner
name (check-names)
> > [root at d35:Active] namedb # echo $?
> > 1
> >
> > It returns an error code of "1", but stops after the first error.
> >
> > calling with
> >
> > named-checkzone -kfail -ifull test.com. db.test
> > also stops at the first error.
> >
> > using
> > named-checkzone -kwarn -ifull test.com . db.test
> > gives
> > db.test:14: under_score.test.com: bad owner name (check-names)
> > zone test.com/IN: under_score.test.com/NS 'unknown.test.net' (out of
zone) has no addresses records (A or AAAA)
> > zone test.com/IN: loaded serial 8
> > OK
> >
> > returns an error code of 0 (ok) but logs messages.
> >
> > So, to do what I want to do,
> > I have to basically ignore the return code and parse the output
messages to see if something has
> > gone wrong.
> >
> > Am I missing an easier way to do this?
> >
> > Thanks
> >
> > --
> > jack
> >
> >
> >
> >
> >
> >
>
>
>
---------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 9B1
San Jose, CA 95134
I am perfectly capable of learning from my mistakes. I will surely
learn a great deal today.
"A democracy is a sheep and two wolves deciding on what to have for
lunch. Freedom is a well armed sheep contesting the results of the
decision."
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
More information about the bind-users
mailing list