Underscores in domain names II
In a previous post, we mentioned that if a domain or more likely a subdomain contains an underscore, bind will not start unless some ignore statements are added to the to the named.conf file. However, there are security risks associated with setting these options globally.
One fan of this blog and blocklist suggested that the following would work:
zone “zone_name_with_underscore.maliciousdomain.com” {type master; file “/etc/namedb/blockeddomain.hosts”; check-names ignore;};
The key here is the check-names ignore directive is placed in the line in question and would not be a global directive.
Please let us know if there are any issues with this; otherwise we’ll add it sometime in the next week or so.