Feature or bug on $ORIGIN directive

Chris Thompson cet1 at cam.ac.uk
Wed Oct 14 09:18:38 UTC 2009 

On Oct 14 2009, Sebastian Castro wrote:

>While i was checking if $ORIGIN directive requires a dot on the name
>provided, I found this curious behavior that I don't want to rush to tag
>it as bug or feature.
>
>If you have a zone like this
>
>$TTL 86400
>@       86400   IN  SOA ( father.example.net. educator.example.net.
>2007000006 900 300 604800 3600 )
>       86400   IN  NS  ns1.example.net.
>       86400   IN  NS  ns2.example.net.
>; Delegations
>$ORIGIN net.com
>taranaki.example.net.  86400   IN  NS  ns1.taranaki
>taranaki.example.net.  86400   IN  NS  ns2.taranaki
>
>
>and you do this query to the nameserver with that zone
>
>dig ns taranaki.example.net @localhost +norec
>
>; <<>> DiG 9.6.1-P1 <<>> ns taranaki.example.net @localhost +norec
>;; global options: +cmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4937
>;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;taranaki.example.net.		IN	NS
>
>;; AUTHORITY SECTION:
>taranaki.example.net.	86400	IN	NS	ns1.taranaki.net.com.example.net.
>taranaki.example.net.	86400	IN	NS	ns2.taranaki.net.com.example.net.
>
>;; Query time: 6 msec
>;; SERVER: ::1#53(::1)
>;; WHEN: Wed Oct 14 15:57:15 2009
>;; MSG SIZE  rcvd: 91
>
>
>the nameservers for taranaki.example.net are not FQDN, so the $ORIGIN is
>added. But because the addition of the $ORIGIN doesn't make them FQDN,
>the default $ORIGIN for the zone is added as well.

It's not the "default origin" that is being added. It's the origin
that was in effect at the time of the $ORIGIN directive that was
added to the non-absolute name specified as its argument. As the
BIND ARM says:

| The $ORIGIN Directive
|
| Syntax: $ORIGIN domain-name [comment]
|
| $ORIGIN sets the domain name that will be appended to any unqualified
| records. When a zone is first read in there is an implicit $ORIGIN
| <zone-name>. The current $ORIGIN is appended to the domain specified
| in the $ORIGIN argument if it is not absolute.

You couldn't get much clearer than that.

>This could be seen as a feature in the case of someone defining a zone
>that will contains records for subdomains, or a bug if someone meant to
>make them FQDN by using $ORIGIN and forgot the dot.

Well, "forgetting the dot" can cause problems in lots of other cases
as well[*] and maybe that was an unfortunate choice of syntax back in
the Mesozoic. But it's absolutely principle-of-least-surprise that
the same rules should apply to the $ORIGIN argument as well. And of
course, there are people relying on that behavior as well, especially
within $INCLUDE'd files.

[*] Hi there, "se" TLD administrators! :-)

-- 
Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list