Hi Dirk > this sort of cname is used by Comodo in order to confirm a Certificates owner. > Bind master will accept it, but will not show it when dig ... CName. And all > Bind > slaves will not update the zone.
Yup - that is the problem. > PowerDNS works fine with this uncorrect string. > > btw: this method to confirm a domains owner is quite new and the answer to > the General Data Protection Regulation. Prior to that the confirmation was > done by a coded string send with email. First time I have seen it - as you say, they normally use a TXT string. Thanks Colin > > Am 13.08.2018 um 21:02 schrieb Michael Stauber: > > Hi Colin, > > > >> I have been asked by a client to create a new CNAME record on the DNS > >> for the following: > >> > >> NEW Record Type: CNAME > >> > >> Hostname: _69F8BF440B0DA58166380745E0EB4F5F.domain.co.uk > >> > >> Point to: > >> > 57BB458482A5AB33474E97891351014E.E610BBD363C7C2E032B35DDA755B2 > B52.55W > >> cQD58V50sJqcKeKP5.comodoca.com > >> > >> Bind says no! :-/ > >> > >> It won’t accept either of the host names using the GUI and adding it > >> to the include file causes an error. > > The regular expressions that the GUI uses to validate input type > > "hostname" is like this: > > > > <typedef name="hostname" type="re" > > > > data="^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\- > ]*[a-z0-9])$" > > > > /> > > > > So ... no upper case characters and no leading "_". Granted, we're a > > bit more strict there than RFC 952 and RFC 1123, which say that the > > characters are case insensitive. Meaning: Put a big "A" there or a > > small "a" and it doesn't matter. Both are treated as the same. > > > > Still: The fact remains that host- and domain names (according to RFC) > > may not start with anything *but* a character or (as of RFC 1123) a > > number. Hence: The underscore is a total no-no. > > > > Unless you're talking domain keys (which are deprecated anyway) or SRV > > records. > > > > I guess what your client really wants is either a CAA-record or a > > SRV-record and not a C-name? > > > > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
