North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: [NANOG] Re: Reasons why BIND isn't being upgraded
- From: Paul Vixie
- Date: Thu Feb 01 21:16:43 2001
firstname.lastname@example.org (Pim van Riezen) writes:
> bogosity while updating 8.2.2-P7 to 8.2.3:
> (1) 8.2.3 Doesn't accept the "(" in the SOA string to be on the next line
> after the IN SOA. Our script-generated zonefiles, about 45000 of them,
> all had this.
Neither do the relevant RFC's, or any other DNS implementation. Pre-8.2.3
was simply _wrong_ to accept that syntax.
> (2) 8.2.3 Changed the meaning of the last field of the SOA record and
> needs a $TTL directive to cover the default TTL. This also affected
> all of our zones (86400 seconds timeout on negative caching is, you
> must agree, way over the top so not a value you want to propagate).
This also is per several (recent) RFC's, and again, pre-8.2.3 was simply
_wrong_ in its use of the SOA.MINTTL as a default TTL for the whole zone.
> (3) 8.2.3 Is unforgiving against errors in zonefiles. Where previously
> individual records were rejected (or served as-is), bind now insists
> on dropping the entire zone if something went wrong. Needless to say
> in a reload of 45K domains it takes a bit of time to fish out the
> bad ones.
A zone either has an identity or it doesn't. There's no such thing as a
best effort identity. If the file is not syntactically valid, it's not a
zone and ought not be served, since it has no specific identity for the
serial number to map to.
> When downloading I expected a security upgrade, not a service pack.
You and a lot of other people. 8.2.2-P8 will be along shortly.