Allowing Illegal Characters in Domain Names

Table of contents:

3.5.1 Problem

You need to configure a BIND 8 name server to allow one or more domain names that include illegal characters in your zone.

3.5.2 Solution

Use the check-names substatement within the zone's zone statement in named.conf. For example:

zone "foo.example" {
 type master;
 file "db.foo.example";
 check-names warn;
};

warn tells the name server to alert you to illegal domain names with messages sent to syslog, by default. You can also choose ignore, which tells the name server to shut up and say nothing about illegal domain names.

3.5.3 Discussion

The whole notion of "illegal" domain names disappeared in BIND 9, which did away with name checking. You can include underscores, punctuation, and almost anything else in a domain name and load it on a BIND 9 name server. That's not a particularly good idea in most cases, but you can.

Many of you still run BIND 8 name servers, though, and they check domain names. In fact, they won't load primary master zones with illegal domain names in them, by default, so you may need to change these settings.

You can set BIND 8's name-checking behavior for all zones by using check-names as an options substatement. As an options substatement, check-names also specifies the context in which an illegal domain name is found:

Primary

In a zone the name server is the primary master for

Slave

In a zone the name server is a slave for

Response

In a response from a remote name server

For example, you could allow illegal domain names in all primary master zones with:

options {
 directory "/var/named";
 check-names primary warn;
};

It's a bad idea to allow illegal characters in responses from remote name servers, since it could subject your name server and your resolvers to certain attacks.

3.5.4 See Also

"Host Name Checking (BIND 4.9.4 and Later Versions)" in Chapter 4 of DNS and BIND.

Getting Started

Zone Data

BIND Name Server Configuration

Electronic Mail

BIND Name Server Operations

Delegation and Registration

Security

Interoperability and Upgrading

Resolvers and Programming

Logging and Troubleshooting

IPv6



DNS & BIND Cookbook
DNS & BIND Cookbook
ISBN: 0596004109
EAN: 2147483647
Year: 2005
Pages: 220
Authors: Cricket Liu

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net