Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: Underscores are allowed in A records #254

Closed
Lormen opened this issue Nov 12, 2015 · 9 comments
Closed

Bug: Underscores are allowed in A records #254

Lormen opened this issue Nov 12, 2015 · 9 comments

Comments

@Lormen
Copy link

@Lormen Lormen commented Nov 12, 2015

Underscores seem to be allowed through to create an A record which BIND no longer supports. Had a quick look at the code and (I assume) it's this line:

/* Forward zones should only contain letters, numbers, periods, and hyphens /
return (preg_match("/^(__a-z\d
)(.(a-z\d_))
$/i", $domain_name) // valid chars check

Which looks like it should invalidate underscores anyway but it doesn't seem to.

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Nov 12, 2015

Hello,

Which version of BIND dropped support for underscores in A records? I'm not able to find it. Underscores are not allowed in zone names, but they should be allowed in RR for domain keys and SRV records.

Loading

@Lormen
Copy link
Author

@Lormen Lormen commented Nov 13, 2015

It's only A records that BIND will fail to load on if there is an underscore: http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch04_05.htm#FOOTNOTE-26

"WARNING: Underscores are not allowed in host names."

I am using the standard BIND 9.8.2 in the RHEL6.7 repos.

Loading

@Lormen
Copy link
Author

@Lormen Lormen commented Nov 13, 2015

This is what happens to BIND if you have an underscore in an A record:

Stopping named: [ OK ]
Starting named:
Error in named configuration:
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
zone 1.1.11.in-addr.arpa/IN: loaded serial 2015111200
zone 181.25.10.in-addr.arpa/IN: loaded serial 2015101900
zone 3.17.172.in-addr.arpa/IN: loaded serial 2015102700
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
zone 181.25.10.in-addr.arpa/IN: loaded serial 2015101900
zone 3.17.172.in-addr.arpa/IN: loaded serial 2015102700
zone localhost/IN: loaded serial 0
/etc/named/zones/master/db.monkeys.co.uk.21.hosts:17: willy_xj_test.monkeys.co.uk: bad owner name (check-names)
zone monkeys.co.uk/IN: loading from master file /etc/named/zones/master/db.monkeys.co.uk.21.hosts failed: bad owner name (check-names)
zone monkeys.co.uk/IN: not loaded due to errors.
External/monkeys.co.uk/IN: bad owner name (check-names)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
zone 181.25.10.in-addr.arpa/IN: loaded serial 2015101900
zone 3.17.172.in-addr.arpa/IN: loaded serial 2015102700
zone localhost/IN: loaded serial 0
[FAILED]

If I remove the willy_xj_test.monkeys.co.uk entry then the zone loads correctly.

Loading

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Nov 13, 2015

Ah ha! Upon further review, the underscore is not allowed in A, MX, SOA (except the email address portion), and NS records. Thanks for additional information and bug report.

Loading

@Lormen
Copy link
Author

@Lormen Lormen commented Nov 13, 2015

Awesome! Hopefully this isn't too much work... Only bug that I've found so far and the only thing stopping it from going live :)

Loading

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Nov 13, 2015

If you don't want to wait for the next release with this fix (no date yet), you can enable named checks in the settings which should catch this (if check-names is set on the zone which it is by default) before the configs hit your DNS servers.

Loading

@Lormen
Copy link
Author

@Lormen Lormen commented Nov 13, 2015

I already had this enabled but it doesn't seem to make any difference sadly :(

Loading

WillyXJ added a commit that referenced this issue Nov 16, 2015
Underscores and starting with a hyphen are not allowed
@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Nov 16, 2015

This is fixed in v2.1-beta1 and later.

Loading

@WillyXJ WillyXJ closed this Nov 16, 2015
@Lormen
Copy link
Author

@Lormen Lormen commented Nov 18, 2015

Confirmed that this now works as expected

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants