This is a discussion on Re: Need clue: Underscore zones and hostnames - DNS ; > Hi, > > Can someone please thwack me with the requisite clue-by-four and point me > at the RFC that Yea's or Nea's the use of the underscore character in > host and/or zone names? Google seems to not ...
> Can someone please thwack me with the requisite clue-by-four and point me
> at the RFC that Yea's or Nea's the use of the underscore character in
> host and/or zone names? Google seems to not be helpful in finding a
> definitive answer. Perhaps there is none?
> Here's why I ask:
> We current support Microsoft's Active Directory on our BIND nameservers,
> with check-names disabled on the BIND8 machines, so we *have* zones with
> underscore characters already working.
> Recently for some odd reason people have been requesting hostnames like
> martha_stewart.jailhouse.uga.edu. This "works" in as much as BIND doesn't
> reject the name and does serve it (thanks to some legacy names . We
> also know that it's not recommended per various RFC's so we've been
> rejecting these updates and manually going back to the user to get them to
> fix it.
> But since it works and we have zones that *depend* on this behavior, we're
> - Are we just missing an updated RFC that now allows this?
> - Is an underscore allowed just for zones and still not for a host?
> - Is this just an Microsoft-ism?
> - Do we (or perhpas: should we) care enough to not let users shoot
> themselves in their feet?
> Note: I didn't setup the original AD-in-BIND infrastructure, and the
> person who did is not here anymore. The docs we have fail to mention the
> underscore issue and we're presently looking at various DNS changes we
> want to make, including our request interface that can "fix" these before
> they get to the update stage, hence my desire to have a clue about it
> Thanks for any help anyone can give me.
> nathan hruby
> uga enterprise information technology services
> production systems support
> metaphysically wrinkle-free
As you would have already seen underscores are not permitted
by RFC 952. The are also not permitted by RFC 1034 which say:
The idea is that the name of any
existing object can be expressed as a domain name with minimal changes.
However, when assigning a domain name for an object, the prudent user
will select a name which satisfies both the rules of the domain system
and any existing rules for the object, whether these rules are published
or implied by existing programs.
In this case the rules were published.
AD itself uses underscores to create heirachies in the namesepace
that do not clash with hostnames. It does this by using underscores.
SRV uses underscored so as to not clash with hostnames.
Other services also use underscore to avoid clashing with hostnames.
Be aware thay _gc contains a A record so if you are running a version
of bind which supports hostname checks (BIND 8, 9.3.0) you will need
to disable the checks atleast for this name.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org