-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It was not recognized in BIND 9 version < 9.3.0. With >= 9.3.0, it does, and it does check names. This was one of the 9.2->9.3 gotchas.
Chris Buxton Professional Services Men & Mice On Sep 12, 2008, at 2:17 PM, Cherney John-CJC030 wrote: > I'm surprised the check-names option even works. I remember one > version > of BIND 9 I played with that logged a message that it didn't recognize > that option. So I took it out. (I wish I could remember what version > of > BIND that was.) Now, when I look at BIND 9.3.4, I see that it is > allowed. In searching the web, I've seen various things along the > lines > of "it was not in 9.2, but it is in 9.3" and "BIND 9 doesn't need it > because it doesn't check host names by default". The DNS & BIND book > (4th ed) doesn't mention it in the appendix (p 569, BIND 9 > Configuration > File Statements), but it does mention it for BIND 9 in chapter 4, > p76-78. > > So, does BIND 9 use the check-names option? Do I need to put it back > in > my named.conf file? > > Thanks! > jwc > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Gregory Hicks > Sent: Friday, September 12, 2008 4:18 PM > To: [email protected]; [EMAIL PROTECTED] > Subject: Re: check-names settings > > >> Date: Fri, 12 Sep 2008 14:56:56 -0500 >> From: Peter Laws <[EMAIL PROTECTED]> >> >> Leonard Mills wrote: >>> check-names master ignore >>> >>> might well be what you're looking for. You lose name checking >>> against the > current standards :-). >> >> *That's* the question: what are the standards as BIND sees them? >> The > >> RFCs referenced in here and in the docs specify what's "official" (or >> what was official years ago) but that's not necessarily the same as > what BIND does: >> >> "The rules for legal hostnames / mail domains are derived from RFC >> 952 > >> and RFC 821 as modified by RFC 1123." (from BIND docs) >> >> >> OK, so just what is derived? Did they take the rules verbatim? Or >> do > >> they allow some and not others? SRV records *require* the underbar, >> but they aren't mentioned in any of the RFCs above or any posted here > today ... > > Well, you're allowed to have an "_" in a DOMAIN name but not in a HOST > name. And RFC 2782 covers SRV RRs as used in DNS... > > (RFC 2782 is available http://www.faqs.org/rfcs/rfc2782.html and > http://www.ietf.org/rfc/rfc2782.txt ) > >> So the question stands - what do I lose if I choose "check-names >> slave > >> ignore"? >> >> >> -- >> Peter Laws / N5UWY >> National Weather Center / Network Operations Center University of >> Oklahoma Information Technology [EMAIL PROTECTED] >> ---------------------------------------------------------------------- >> - Feedback? Contact my director, Craig Cochell, [EMAIL PROTECTED] Thank >> you! >> > > ------------------------------------------------------------------- > Gregory Hicks | Principal Systems Engineer > Cadence Design Systems | Direct: 408.576.3609 > 2655 Seely Ave M/S 9A1 > San Jose, CA 95134 > > I am perfectly capable of learning from my mistakes. I will surely > learn a great deal today. > > "A democracy is a sheep and two wolves deciding on what to have for > lunch. Freedom is a well armed sheep contesting the results of the > decision." > > "The best we can hope for concerning the people at large is that > they be > properly armed." --Alexander Hamilton > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkjK328ACgkQ0p/8Jp6Boi14UQCgpOdZ8Mtl50h7caEKzT64gddT 3EIAoL8oNpGhBTZSCjqbkcQZITetGYh2 =aMXu -----END PGP SIGNATURE-----
