Subject: Re: switching from bind8 to bind9
To: NetBSD Networking Technical Discussion List <tech-net@netbsd.org>
From: Robert Elz <kre@munnari.OZ.AU>
List: tech-net
Date: 11/17/2002 19:58:44
    Date:        Sat, 16 Nov 2002 01:55:13 -0500 (EST)
    From:        woods@weird.com (Greg A. Woods)
    Message-ID:  <20021116065513.06AE0A@proven.weird.com>

  | I consider the full "check-names" feature set quite critical for
  | production use too.

I wouldn't consider running a bind8 without removing that apalling idea.
Just disabling it isn't enough (someone might accidentally enable it).

If you want to check your zones for errors before loading them, which is
a fine idea, do that outside of the nameserver.   Then you can apply any
checks that you like (including actually checking that the data makes sense,
and that you're not accidentally advertising names with someone else's IP
address, or getting the trailing dots wrong - which are all much more common
and likely errors than someone accidentally including a character that you
don't happen to like).

Also, I see no signs of bind9 doing any of that nonsense, the error was
realised, and corrected - I certainly see no signs of it checking and rejecting
"bad" characters (which I include in one of my zone files, just because!)

kre