-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It was not recognized in BIND 9 version < 9.3.0. With >= 9.3.0, it
does, and it does check names. This was one of the 9.2->9.3 gotchas.

Chris Buxton
Professional Services
Men & Mice

On Sep 12, 2008, at 2:17 PM, Cherney John-CJC030 wrote:

> I'm surprised the check-names option even works. I remember one
> version
> of BIND 9 I played with that logged a message that it didn't recognize
> that option. So I took it out. (I wish I could remember what version
> of
> BIND that was.) Now, when I look at BIND 9.3.4, I see that it is
> allowed. In searching the web, I've seen various things along the
> lines
> of "it was not in 9.2, but it is in 9.3" and "BIND 9 doesn't need it
> because it doesn't check host names by default". The DNS & BIND book
> (4th ed) doesn't mention it in the appendix (p 569, BIND 9
> Configuration
> File Statements), but it does mention it for BIND 9 in chapter 4,
> p76-78.
>
> So, does BIND 9 use the check-names option? Do I need to put it back
> in
> my named.conf file?
>
> Thanks!
> jwc
>
> -----Original Message-----
> From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
> Behalf Of Gregory Hicks
> Sent: Friday, September 12, 2008 4:18 PM
> To: bind-users@isc.org; plaws@ou.edu
> Subject: Re: check-names settings
>
>
>> Date: Fri, 12 Sep 2008 14:56:56 -0500
>> From: Peter Laws
>>
>> Leonard Mills wrote:
>>> check-names master ignore
>>>
>>> might well be what you're looking for. You lose name checking
>>> against the

> current standards :-).
>>
>> *That's* the question: what are the standards as BIND sees them?
>> The

>
>> RFCs referenced in here and in the docs specify what's "official" (or
>> what was official years ago) but that's not necessarily the same as

> what BIND does:
>>
>> "The rules for legal hostnames / mail domains are derived from RFC
>> 952

>
>> and RFC 821 as modified by RFC 1123." (from BIND docs)
>>
>>
>> OK, so just what is derived? Did they take the rules verbatim? Or
>> do

>
>> they allow some and not others? SRV records *require* the underbar,
>> but they aren't mentioned in any of the RFCs above or any posted here

> today ...
>
> Well, you're allowed to have an "_" in a DOMAIN name but not in a HOST
> name. And RFC 2782 covers SRV RRs as used in DNS...
>
> (RFC 2782 is available http://www.faqs.org/rfcs/rfc2782.html and
> http://www.ietf.org/rfc/rfc2782.txt )
>
>> So the question stands - what do I lose if I choose "check-names
>> slave

>
>> ignore"?
>>
>>
>> --
>> Peter Laws / N5UWY
>> National Weather Center / Network Operations Center University of
>> Oklahoma Information Technology plaws@ou.edu
>> ----------------------------------------------------------------------
>> - Feedback? Contact my director, Craig Cochell, craigc@ou.edu. Thank
>> you!
>>

>
> -------------------------------------------------------------------
> Gregory Hicks | Principal Systems Engineer
> Cadence Design Systems | Direct: 408.576.3609
> 2655 Seely Ave M/S 9A1
> San Jose, CA 95134
>
> I am perfectly capable of learning from my mistakes. I will surely
> learn a great deal today.
>
> "A democracy is a sheep and two wolves deciding on what to have for
> lunch. Freedom is a well armed sheep contesting the results of the
> decision."
>
> "The best we can hope for concerning the people at large is that
> they be
> properly armed." --Alexander Hamilton
>
>
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjK328ACgkQ0p/8Jp6Boi14UQCgpOdZ8Mtl50h7caEKzT64gddT
3EIAoL8oNpGhBTZSCjqbkcQZITetGYh2
=aMXu
-----END PGP SIGNATURE-----