From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 Fedora/1.7.12-1.5.1 Description of problem: http://www.faqs.org/rfcs/rfc2181.html states: 11. Name syntax The DNS itself places only one restriction on the particular labels that can be used to identify resource records. That one restriction relates to the length of the label and the full name. The length of any one label is limited to between 1 and 63 octets. A full domain name is limited to 255 octets (including the separators). The zero length full name is defined as representing the root of the DNS tree, and is typically written and displayed as ".". Those restrictions aside, any binary string whatever can be used as the label of any resource record. Similarly, any binary string can serve as the value of any record that includes a domain name as some or all of its value (SOA, NS, MX, PTR, CNAME, and any others that may be added). Implementations of the DNS protocols must not place any restrictions on the labels that can be used. In particular, DNS servers must not refuse to serve a zone because it contains labels that might not be acceptable to some DNS client programs. A DNS server may be configurable to issue warnings when loading, or even to refuse to load, a primary zone containing labels that might be considered questionable, however this should not happen by default. This document, dated 1997 supercedes the ancient 1984 RFC-952 Dod document, by specifically allowing any valid binary string for a domain name. Version-Release number of selected component (if applicable): bind-9.3.1-14_FC4 How reproducible: Always Steps to Reproduce: 1. create hostname with underscore in name "_" 2. service named restart 3. Actual Results: bind fails to load that zone, with bad name (check-names) error Expected Results: zone should be allowed to load with underscore, as per rfc2181 as ANY BINARY string is allowed in hostname, and should not refuse to load a "questionable" primary zone containing such labels by default per the RFC. Additional info: silently failing to load zones following a normal upgrade or update SHOULD NOT OCCUR, as it silently takes multiple hosts and servers off the net. Particularly when these hosts have been operating on the net with these names for some time.
John, Do you have any settings for check-names in your named.conf options block? BIND 9 ships with a default/implied check-names master fail; (see http://isc.org/sw/bind/arm93/Bv9ARM.ch06.html#options - under check-names) So you should be able to work around this by adding: check-names master warn; within the options { } block in your /etc/named.conf. Or change "warn" to "ignore" if you don't want the warnings reported in your /var/log/messages file. I'm a little surprised this has only become a problem for you recently, I understand that ISC have been shipping BIND this way for many years.
RE: Comment #1 from David Keegel (djk.au) on 2006-01-04 18:11 EST: > > BIND 9 ships with a default/implied > check-names master fail; > (see http://isc.org/sw/bind/arm93/Bv9ARM.ch06.html#options - check-names) > Yes, BIND 9.3.0+ started the 'check-names master fail;' default ; the 'check-names' option was not fully implemented in previous releases. While the DNS RFC name format specifications are only recommendations, it is considered bad practice to ignore them, hence the check-names option and its default . As suggested in Comment #1, change 'check-names' to something like : 'check-names master ignore;' or 'check-names master warn;' or remove the offending underscores to overcome this issue.