Feed

Underscores in domain names II

Posted on September 7th, 2010 in Domain News by dglosser

In a previous post, we mentioned that if  a domain  or more likely a subdomain  contains an underscore, bind will not start unless some ignore statements are added to the to the named.conf file.  However, there are security risks associated with setting these options globally.

One fan of this blog and blocklist suggested that  the following would work:

zone “zone_name_with_underscore.maliciousdomain.com” {type master; file “/etc/namedb/blockeddomain.hosts”; check-names ignore;};

The key here is the check-names ignore directive is placed in the line in question and would not be a global directive.

Please let us know if there are any issues with this; otherwise we’ll add it sometime in the next week or so.