gitnamed, a project to manage name server by git

Vernon Schryver vjs at rhyolite.com
Wed Jan 9 02:51:02 UTC 2013 

> When I built my DNS zone creator, I got tired of users complaining that 
> their zones has "errors" and so I re-coded my serials to start with YYYY 
> followed by six digits based on the current date/time.
>
> Oddly, that seems to fool most (although not all) of the DNS validation 
> tools out there, despite the fact that I generate things like 2012804572 
> which doesn't exactly have a "valid" MM or dd.

For many years I've found serial number checks good indications of
whether a DNS validation tool's report will be a bad joke.  If it
checks the serial number format, then that's often the least harmful
among the FUD that it's selling.

I just tried some DNS "validation" tools, and revalidated that rule
and another.  The other rule is that if they sell DNS and other
monitoring services, then they will flash red and yellow about your
serial numbers, your MX servers, and a host of other non-issues that
you almost certainly should not "fix."

Even if RFC 1912 were not Informational, it would still only recommend
and not mandate YYYYMMDDnn.  Even if RFC 1912 were on the standards
track and said "MUST", it would be violated in zones that change more
than 100 times per day.  How long has BIND9 had "serial-update-method"?


> I've given up contacting so-called validation tools and asking them to 
> remove warnings about valid serials, they seem happier reporting 
> non-errors, and at best they'll return a "Not standard, but I guess it's 
> okay". It's a shame too, as these tools can provide a sanity check.

What good are sanity checks from the certifiable or worse?  Do you
take medical advice (or any advice) from those who claim that DPT
vaccines cause autism?
https://encrypted.google.com/search?q=whooping+cough+worst+1955 

It's sad but predictable that DNS validation/monitoring services are
like some auto repair shops.  Last week my wife took her car to the
dealer for a minor recall.  She came back with a long list of expensive
things that she should have had fixed before leaving the dealer--provided
you're car clue allergic, credulous, and don't have anyone to shout
"NO!" when asked.  On the other hand, the dealer's careful inspection
failed to note the idiot light warning about a low tire.
(cue discussion with wife 2 mornings later when I noticed the flat
tire about the "flame (sic)" idiot light that she'd been watching since
before the trip to the dealer and that obviously didn't matter because
high temperatures can only be a good thing given the weather.)


Vernon Schryver    vjs at rhyolite.com

More information about the bind-users mailing list