Re: bind output in /var/adm/debug

To: Douglas L Stewart <douglas@pobox.com>, debian-user@lists.debian.org
Subject: Re: bind output in /var/adm/debug
From: "Tim Frost" <tim@nz.eds.com>
Date: Thu, 29 May 1997 19:29:37 +0000
Message-id: <9705291929.ZM16411@george.lab.nz.eds.com>
In-reply-to: Douglas L Stewart <douglas@pobox.com> "bind output in /var/adm/debug" (May 27, 3:30)
References: <Pine.LNX.3.96.970527032739.631A-100000@tribble>

-----BEGIN PGP SIGNED MESSAGE-----

Douglas,

RFC 1912 comments about this:

   Don't use CNAMEs in combination with RRs which point to other names
   like MX, CNAME, PTR and NS.  (PTR is an exception if you want to
   implement classless in-addr delegation.)  For example, this is
   strongly discouraged:

           podunk.xx.      IN      MX      mailhost
           mailhost        IN      CNAME   mary
           mary            IN      A       1.2.3.4

   [RFC 1034] in section 3.6.2 says this should not be done, and [RFC
   974] explicitly states that MX records shall not point to an alias
   defined by a CNAME.  This results in unnecessary indirection in
   accessing the data, and DNS resolvers and servers need to work more
   to get the answer.  If you really want to do this, you can
accomplish
   the same thing by using a preprocessor such as m4 on your host
files.

   Also, having chained records such as CNAMEs pointing to CNAMEs may
   make administration issues easier, but is known to tickle bugs in
   some resolvers that fail to check loops correctly.  As a result some
   hosts may not be able to resolve such names.

   Having NS records pointing to a CNAME is bad and may conflict badly
   with current BIND servers.  In fact, current BIND implementations
   will ignore such records, possibly leading to a lame delegation.
   There is a certain amount of security checking done in BIND to
   prevent spoofing DNS NS records.  Also, older BIND servers
reportedly
   will get caught in an infinite query loop trying to figure out the
   address for the aliased nameserver, causing a continuous stream of
   DNS requests to be sent.

The relevant RFCs are:
0974 Mail routing and the domain system. C. Partridge. Jan-01-1986.
1033 Domain administrators operations guide. M. Lottor. Nov-01-1987.
1034 Domain names - concepts and facilities. P.V. Mockapetris.
1912 Common DNS Operational and Configuration Errors. D. Barr.

Tim
On May 27,  3:30, Douglas L Stewart wrote:
> Subject: bind output in /var/adm/debug
> I'm seeing a lot of warnings in /var/adm/debug because NS and MX
records
> are pointing to CNAME's.  Is this not allowed?  If it's not, could
someone
> point me to a reference that says that it's not, so I can point it
out to
> the ISP that's got things set up this way.
>
> -douglas
>
>
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe"
to
> debian-user-request@lists.debian.org .
> Trouble?  e-mail to templin@bucknell.edu .
>-- End of excerpt from Douglas L Stewart

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBM40wVPzKFjUEAi7RAQGwwwP/SpReyxIKiqvtArG8kPMRHDOL2KdiHGu3
i8yTXEmXWS9Jd1C74jr3oabyTbryzPWYBkodF7Osmw9/xFBpKlSEN8Pja5/0nu6g
BzjTF6ACjbDWNYIHk9McIPaWFj6/llyW5mMyehxjef/8CM/6TU366rCfqLq7Pij7
MBajwUmEEOY=
=f9G5
-----END PGP SIGNATURE-----

-- 
Tim Frost, Systems Engineer         Email: Tim.Frost@nz.eds.com
EDS (NZ) Ltd,                       Voice: +64 4 495-0504
P.O. Box 3647,                      Fax:   +64 4 495-0473
Wellington, New Zealand.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- bind output in /var/adm/debug
  - From: Douglas L Stewart <douglas@pobox.com>

Prev by Date: kernel panic while booting
Next by Date: Re: sendmail 8.8.5 and mailertable
Previous by thread: Re: bind output in /var/adm/debug
Next by thread: Motif, HP JetDirect?
Index(es):
- Date
- Thread