Check-names in enforced by UPDATE independent of the format the zone is stored in. Named-compilezone will also reject by default.
-k mode
This option performs check-names checks with the specified failure mode. Possible modes are fail (the default for named-compilezone), warn (the default for
named-checkzone), and ignore.
the code to read in raw format doesn’t do check-names processing. It is assumed that named-compilezone and UPDATE checks in named are enough. We could slow down the load a little by adding check-name checks on that path as well if needed.
On 6 Nov 2021, at 00:03, Petr Menšík <pemen...@redhat.com> wrote:
I am not 100% sure, but what format of the zone were used?
I think this should be usually catched by default check-names value on master zones. However, in masterfile-format, I found this sentence [1]:
In particular, check-names checks do not apply for the raw format.
Does that mean dynamic updated zones saved in raw format would never have check-names active, both on dynamic updates and on (re)start of named? I have not tested it yet, but it might be somehow hard to avoid. I found no details about dynamic updates related in check-names. I think it should refuse such updates on primary server, but not sure that is enforced. Especially if zone file format is raw.
Cheers,
Petr
1. https://bind.isc.org/doc/arm/9.11/Bv9ARM.ch06.html#options_grammar
On 11/4/21 20:27, Bruce Johnson via bind-users wrote:
On Nov 4, 2021, at 12:01 PM, Bruce Johnson <john...@pharmacy.arizona.edu> wrote:
This morning our server started failing to reload or start.
checking the status reveals not a lot of info:
systemctl status named-chroot
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2021-11-04 11:55:17 MST; 27s ago
Process: 2020 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exit>
named-checkconf -z revealed a name had been entered with underscores. The person responsible has been sacked. (not really, merely reminded no underscores are allowed in A records :-)
Does named-checkzone not check for this?
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely customs
_______________________________________________
Please visit
https://lists.isc.org/mailman/listinfo/bind-users
to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at
https://www.isc.org/contact/
for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer
Red Hat,
http://www.redhat.com/
email:
pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
