hi,
after i test nsd i find the following. if i use this in a zone file:
$ORIGIN example.com.
CNAME www
www CNAME x
x A 1.2.3.4
then it's excepted by nsd what's more give the proper result. if the
slave is nsd than there is no problem, while if the slave is bind i've
got the following error:
----------------------------
transfer of 'example.com/IN' from 212.92.23.223#53: resetting
transfer of 'example.com/IN' from 212.92.23.223#53: failed while
receiving responses: CNAME and other data
transfer of 'example.com/IN' from 212.92.23.223#53: end of transfer
----------------------------
and of course bind don't accept the above even if he's the master.
so my question who is right, but most important is there any other way
than define an A record for the domain itself?
thnaks.
yours.
--
Levente "Si vis pacem para bellum!"
--On s?ndag, s?ndag 10 dec 2006 23.38.44 +0100 Farkas Levente <lfarkas at bppiac.hu> wrote:> and of course bind don't accept the above even if he's the master. > so my question who is right,BIND.> but most important is there any other way > than define an A record for the domain itself?No. I think a bug should be filed. "CNAME and other data" (to quote the BIND error message) is not allowed per the standard (RFC 1034, section 3.6.2.), and letting it into a zone is a no-no. -- M?ns Nilsson Systems Specialist +46 70 681 7204 cell KTHNOC +46 8 790 6518 office MN1334-RIPE I guess you guys got BIG MUSCLES from doing too much STUDYING! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20061211/2edb436c/attachment.bin>
On Dec 10, 2006, at 10:38 PM, Farkas Levente wrote:> hi, > after i test nsd i find the following. if i use this in a zone file: > $ORIGIN example.com. > CNAME www > www CNAME x > x A 1.2.3.4 > then it's excepted by nsd what's more give the proper result. if the > slave is nsd than there is no problem, while if the slave is bind i've > got the following error: > ---------------------------- > transfer of 'example.com/IN' from 212.92.23.223#53: resetting > transfer of 'example.com/IN' from 212.92.23.223#53: failed while > receiving responses: CNAME and other data > transfer of 'example.com/IN' from 212.92.23.223#53: end of transfer > ---------------------------- > and of course bind don't accept the above even if he's the master. > so my question who is right, but most important is there any other way > than define an A record for the domain itself?I'd turn the pointers around, so you'd have $ORIGIN example.com. A 1.2.3.4 www CNAME example.com. x CNAME example.com. Roy
On Sun, Dec 10, 2006 at 11:38:44PM +0100, Farkas Levente wrote:> $ORIGIN example.com. > CNAME www > www CNAME x > x A 1.2.3.4 > then it's excepted by nsd what's more give the proper result. if theapart from the fact that you can't define a CNAME RR at the zone apex because it collides with the mandatory SOA and NS RRs (Roy mentioned it), it is also not clear what the proper interpretation of the first CNAME definition is. As per RFC 1035, the <blank> "inherits" the last "stated ownername" and that isn't influenced by the $ORIGIN statement. -Peter
[Quoting Robert Martin-Legene, on Dec 11, 10:50, in "Re: which is the vai ..."] <zonefile error>> I think nsd MUST refuse to load it too.I do NOT think so, trying to do something clever with incorrect zonefiles is and always has been an explicit non-requirement. Please see the REQUIREMENTS file under C.1. If you want to change/update the REQUIREMENTS, which is basis for the NSD design and implementation, you can, of course, start a discussion on that topic. But then, you can expect me, and probably others also, to argue that dealing with zone file errors is an zonefile administrator task, and not a task for the (fast, high performance, thus mean-and-lean) NSD daemon process. There are off-line zonefile syntaxcheckers to assist zonefile administrators. Regards, -- ted
[Quoting Wouter Wijngaards, on Dec 11, 11:50, in "Re: which is the vai ..."]> Ted Lindgreen wrote: > > [Quoting Robert Martin-Legene, on Dec 11, 10:50, in "Re: which is the vai ..."] > > > > <zonefile error> > > > >> I think nsd MUST refuse to load it too. > > > > I do NOT think so, trying to do something clever with incorrect > > zonefiles is and always has been an explicit non-requirement. > > Please see the REQUIREMENTS file under C.1.....> Oops, already implemented, but not in the server daemon, but in the zone > compiler for offline checking.That's OK: not a requirement does not mean it's forbidden to do something clever :-) But I would have had a problem with it, when the server daemon was complicated, slowed down, whatever. Regards, -- ted