Anyway to disable dns_zone_nscheck in 9.8.0?

Rodney Hives hivesrodney at gmail.com
Fri Apr 8 12:49:23 UTC 2011 

On Fri, Apr 8, 2011 at 1:49 AM, Mark Andrews <marka at isc.org> wrote:

> Please explain the operating conditions under which when you think
> this is a sensible thing to do?
>
> A nameserver without address records is pointless.
> A nameserver pointing to a CNAME/DNAME causes resolution problems.
>


Here is an example that works in BIND 9.6x:
$ORIGIN .
$TTL 86400      ; 1 day
mydomain.com.au      IN SOA  ns0.mydomain.com.au. admin.mydomain.com.au. (
                                2011010104 ; serial
                                43200      ; refresh (12 hours)
                                7200        ; retry (2 hours)
                                1209600   ; expire (2 weeks)
                                1800        ; minimum (30 minutes)
                                )
$TTL 1800       ; 30 minutes
                        NS      ns0.mydomain.com.au.
                        NS      ns1.mydomain.com.au.
                        NS      ns2.mydomain.com.au.
                        A       1.1.1.1
                        MX      10 mail.mydomain.com.au.
$ORIGIN mydomain.com.au.
ftp                     A       1.1.1.1
mail                    A      2.2.2.2
pop                     CNAME   mail
smtp                    CNAME   mail
ssh                     A       1.1.1.1
www                     CNAME   mydomain.com.au.


Is this domain 100% valid?... no... but it still works.  The A records for
the name servers are actually still resolving since the regsitrar will
return them in glue.  But understandably... this domain is not 100% valid.

But to force the domain offline is just preventing many shared hosting
environments to move to newer versions of BIND (or switch off of BIND since
they do not understand the problem).
Give a warning... that is fine... But to prevent the domain from loading is
just too harsh and an immediate drastic measure during an upgrade.  It would
be nice if it was a configuration option just like all of the other checks.

This same function seems also to be called in "update.c"...... also causing
problems.  I would just like this function to never be called but I have not
been able to determine if it does other things necessary.

-- 
Best regards,
-Rodney Hives
(Internet user since... well.... before Gore built it....)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110408/05fdea01/attachment.html>

More information about the bind-users mailing list