On Oct 14 2009, Sebastian Castro wrote:
While i was checking if $ORIGIN directive requires a dot on the name provided, I found this curious behavior that I don't want to rush to tag it as bug or feature.If you have a zone like this $TTL 86400 @ 86400 IN SOA ( father.example.net. educator.example.net. 2007000006 900 300 604800 3600 ) 86400 IN NS ns1.example.net. 86400 IN NS ns2.example.net. ; Delegations $ORIGIN net.com taranaki.example.net. 86400 IN NS ns1.taranaki taranaki.example.net. 86400 IN NS ns2.taranaki and you do this query to the nameserver with that zone dig ns taranaki.example.net @localhost +norec ; <<>> DiG 9.6.1-P1 <<>> ns taranaki.example.net @localhost +norec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4937 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;taranaki.example.net. IN NS ;; AUTHORITY SECTION: taranaki.example.net. 86400 IN NS ns1.taranaki.net.com.example.net. taranaki.example.net. 86400 IN NS ns2.taranaki.net.com.example.net. ;; Query time: 6 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Oct 14 15:57:15 2009 ;; MSG SIZE rcvd: 91 the nameservers for taranaki.example.net are not FQDN, so the $ORIGIN is added. But because the addition of the $ORIGIN doesn't make them FQDN, the default $ORIGIN for the zone is added as well.
It's not the "default origin" that is being added. It's the origin that was in effect at the time of the $ORIGIN directive that was added to the non-absolute name specified as its argument. As the BIND ARM says: | The $ORIGIN Directive | | Syntax: $ORIGIN domain-name [comment] | | $ORIGIN sets the domain name that will be appended to any unqualified | records. When a zone is first read in there is an implicit $ORIGIN | <zone-name>. The current $ORIGIN is appended to the domain specified | in the $ORIGIN argument if it is not absolute. You couldn't get much clearer than that.
This could be seen as a feature in the case of someone defining a zone that will contains records for subdomains, or a bug if someone meant to make them FQDN by using $ORIGIN and forgot the dot.
Well, "forgetting the dot" can cause problems in lots of other cases as well[*] and maybe that was an unfortunate choice of syntax back in the Mesozoic. But it's absolutely principle-of-least-surprise that the same rules should apply to the $ORIGIN argument as well. And of course, there are people relying on that behavior as well, especially within $INCLUDE'd files. [*] Hi there, "se" TLD administrators! :-) -- Chris Thompson Email: [email protected] _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
