[34266] in North American Network Operators' Group
Re: [NANOG] Re: Reasons why BIND isn't being upgraded
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Feb 1 21:14:28 2001
To: nanog@merit.edu
From: Paul Vixie <vixie@mfnx.net>
Date: 01 Feb 2001 18:11:34 -0800
In-Reply-To: pi@vuurwerk.nl's message of "1 Feb 2001 17:31:26 -0800"
Message-ID: <g31ythzve1.fsf@redpaul.mfnx.net>
Errors-To: owner-nanog-outgoing@merit.edu
pi@vuurwerk.nl (Pim van Riezen) writes:
> bogosity while updating 8.2.2-P7 to 8.2.3:
>
> (1) 8.2.3 Doesn't accept the "(" in the SOA string to be on the next line
> after the IN SOA. Our script-generated zonefiles, about 45000 of them,
> all had this.
Neither do the relevant RFC's, or any other DNS implementation. Pre-8.2.3
was simply _wrong_ to accept that syntax.
> (2) 8.2.3 Changed the meaning of the last field of the SOA record and
> needs a $TTL directive to cover the default TTL. This also affected
> all of our zones (86400 seconds timeout on negative caching is, you
> must agree, way over the top so not a value you want to propagate).
This also is per several (recent) RFC's, and again, pre-8.2.3 was simply
_wrong_ in its use of the SOA.MINTTL as a default TTL for the whole zone.
> (3) 8.2.3 Is unforgiving against errors in zonefiles. Where previously
> individual records were rejected (or served as-is), bind now insists
> on dropping the entire zone if something went wrong. Needless to say
> in a reload of 45K domains it takes a bit of time to fish out the
> bad ones.
A zone either has an identity or it doesn't. There's no such thing as a
best effort identity. If the file is not syntactically valid, it's not a
zone and ought not be served, since it has no specific identity for the
serial number to map to.
> When downloading I expected a security upgrade, not a service pack.
You and a lot of other people. 8.2.2-P8 will be along shortly.
