[NANOG] Re: Reasons why BIND isn't being upgraded

Paul Vixie vixie at mfnx.net
Fri Feb 2 02:11:34 UTC 2001


pi at vuurwerk.nl (Pim van Riezen) writes:

> bogosity while updating 8.2.2-P7 to 8.2.3:
> 
> (1) 8.2.3 Doesn't accept the "(" in the SOA string to be on the next line
>     after the IN SOA. Our script-generated zonefiles, about 45000 of them,
>     all had this.

Neither do the relevant RFC's, or any other DNS implementation.  Pre-8.2.3
was simply _wrong_ to accept that syntax.

> (2) 8.2.3 Changed the meaning of the last field of the SOA record and
>     needs a $TTL directive to cover the default TTL. This also affected
>     all of our zones (86400 seconds timeout on negative caching is, you
>     must agree, way over the top so not a value you want to propagate).

This also is per several (recent) RFC's, and again, pre-8.2.3 was simply
_wrong_ in its use of the SOA.MINTTL as a default TTL for the whole zone.

> (3) 8.2.3 Is unforgiving against errors in zonefiles. Where previously
>     individual records were rejected (or served as-is), bind now insists
>     on dropping the entire zone if something went wrong. Needless to say
>     in a reload of 45K domains it takes a bit of time to fish out the
>     bad ones.

A zone either has an identity or it doesn't.  There's no such thing as a
best effort identity.  If the file is not syntactically valid, it's not a
zone and ought not be served, since it has no specific identity for the
serial number to map to.

> When downloading I expected a security upgrade, not a service pack.

You and a lot of other people.  8.2.2-P8 will be along shortly.




More information about the NANOG mailing list