domain keys and name-checking
Barry Margolin
barmar at alum.mit.edu
Fri Oct 17 20:16:05 UTC 2008
In article <gdaoll$tu3$1 at sf1.isc.org>,
"aklist" <aklist_bind at enigmedia.com> wrote:
> Hi All: I have a domain I'm authoritative for, in Bind 9.5.0-p1.
>
> I'm trying to bring up a mailserver in the domain that uses domain-keys, and
> the server's tech support staff sent me a domain key to add as a text record
> for the domain.
>
> This is the first domain I ever was required to set up domain-keys for. The
> domain key has a syntax like:
>
> server._domainkey.domain.com. IN TXT "k=rsa; p=[very long string]"
>
> When I try to reload the zone, I get a log error:
>
> 17-Oct-2008 09:40:30.816 general: error: db.domain.com:18:
> server._domainkey.domain.com: bad owner name (check-names)
> 17-Oct-2008 09:40:30.816 general: error: zone domain.com/IN/external:
> loading from master file db.domain.com failed: bad owner name (check-names)
>
> The server's support people are telling me "the current release of BIND
> doesn't seem to like underscores and you need to disable name-checking in
> BIND"
>
> Is that correct? If so, can I disable name-checking for a particular domain?
Underscores are only disallowed in host names, i.e. A and AAAA records,
they're allowed in all other records.
My guess is that you inserted that line between records for the same
name, that were making use of the feature of automatically reusing the
name from the previous line, e.g. you started with:
foo IN A 1.2.3.4
IN A 2.3.4.5
and changed it to:
foo IN A 1.2.3.4
server._domainkey IN TXT "k=rsa; p=[very long string]"
IN A 2.3.4.5
Now the second A record is assigned to server._domainkey, which is not a
valid hostname.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list