3.5 Allowing "Illegal" Characters in Domain Names
3.5.1 Problem
You need to configure a BIND 8 name
server to allow one or more domain names that include illegal
characters in your zone.
3.5.2 Solution
Use the
check-names substatement within the
zone's zone statement in
named.conf. For example:
zone "foo.example" {
type master;
file "db.foo.example";
check-names warn;
};
warn tells the name server to alert you to
illegal domain names with messages sent to
syslog, by default. You can also choose
ignore, which tells the name server to shut up
and say nothing about illegal domain names.
3.5.3 Discussion
The whole notion of
"illegal" domain names disappeared
in BIND 9, which did away with name checking. You can include
underscores, punctuation, and almost anything else in a domain name
and load it on a BIND 9 name server. That's not a
particularly good idea in most cases, but you can.
Many of you still run BIND 8 name servers,
though, and they check domain names. In fact, they
won't load primary master zones with illegal domain
names in them, by default, so you may need to change these settings.
You can set BIND
8's name-checking behavior for all zones by using
check-names as an options
substatement. As an options substatement,
check-names also specifies the context in which
an illegal domain name is found:
- Primary
-
In a zone the name server is the
primary master for
- Slave
-
In a zone the name server is a
slave for
- Response
-
In a response from a remote name
server
For example, you could allow illegal domain names in all primary
master zones with:
options {
directory "/var/named";
check-names primary warn;
};
It's a bad idea to
allow illegal characters in responses from remote name servers, since
it could subject your name server and your resolvers to certain
attacks.
3.5.4 See Also
"Host Name Checking (BIND 4.9.4 and Later
Versions)" in Chapter 4 of DNS and
BIND.
|
