From owner-freebsd-current Sun Aug 3 22:19:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA14242 for current-outgoing; Sun, 3 Aug 1997 22:19:23 -0700 (PDT) Received: from mail.san.rr.com (mail-atm.san.rr.com [204.210.0.1]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA14236 for ; Sun, 3 Aug 1997 22:19:21 -0700 (PDT) Received: (from uucp@localhost) by mail.san.rr.com (8.7.6/8.7.3) id WAA29255; Sun, 3 Aug 1997 22:18:18 -0700 (PDT) Message-Id: <199708040518.WAA29255@mail.san.rr.com> Received: from dt5h1n61.san.rr.com(204.210.31.97) by mail via smap (V1.3) id tmp029228; Sun Aug 3 22:18:17 1997 From: "Studded" To: "Karl Denninger" Cc: "freebsd-current@FreeBSD.ORG" , "lists@tar.com" , "Terry Lambert" Date: Sun, 03 Aug 97 22:17:57 -0800 Reply-To: "Studded" Priority: Normal X-Mailer: PMMail 1.92 For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Moving to a more current BIND Sender: owner-freebsd-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk This is exactly the kind of debate I didn't want to get into, so I'll respond just this one time. On Sun, 3 Aug 1997 20:04:14 -0500, Karl Denninger wrote: >On Sun, Aug 03, 1997 at 04:58:42PM -0800, Studded wrote: >> On Sun, 3 Aug 1997 15:54:54 -0700 (MST), Terry Lambert wrote: >> >> >On the specific issue of the most recent "bind", I have a problem. >> > >> >Someone has stated that their new "bind" is complaining about my >> >use of an alias record as the name of my DNS server. >> >> This has always been an error, but BIND 8.1.1 is more vocal about >> it now. TMK BIND 4.9.6 does not exhibit any differences in relation to >> this from the BIND 4.9.4 we had in the tree. In any case, what you're >> doing will still work, and 8.1.1 allows you to send those error messages >> to /dev/null if you like. >> >> >This is a bogus thing for it to do, since it is imperitive that >> >you be able to use a DNS rotor for DNS services, if you have >> >equivalent servers for reasons of fault tolerance. >> >> Without going into too much detail that's better left for >> bind-users@vix.com, a dns rotary is certainly not "imperative," and BIND >> is actually pretty smart about sending its queries to the one of your name >> servers that is in the best network position to it. > >A CNAME can *only* point to an "A" record. This is not accurate. A CNAME record can refer to another CNAME record, although this is not related to this question. >Using CNAMEs in NS lines is in violation of the BIND rules and will break. It is a violation of the spec, but it will also work. Just for fun, I added an ns record for a cname. From an 8.1.1 system to another, and from a 4.9.6 system nslookup specifying the cnamed server worked fine. I don't use this feature myself, but I know others that do (with 8.1.1 systems) and it works. That doesn't mean it's a good idea. In the future compatability for this could end. For the details on why this is bad, see the BIND FAQ, /usr/src/contrib/bind/doc/misc/FAQ.2of2 Question 6.6. >Don't do it. If you do it, people using BIND 8.1.1 *CANNOT RESOLVE YOUR >DOMAIN*. That includes, among others, us. You might consider double-checking your setup. It *should* work, but that still doesn't mean it's a good idea. Doug The man who fears nothing, loves nothing.