Re: [exim] problem with certain DNS lookups for NS records

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: g
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] problem with certain DNS lookups for NS records

On 6 Feb 2006, at 11:44, Philip Hazel wrote:

> On Sun, 5 Feb 2006, Giuliano Gavazzi wrote:
>
>> set acl_c9 = ${lookup dnsdb{ns=152/29.160.221.217.in-addr.arpa}
>> {$value}{none}}
>>
>> should give ns.ondecorte.net and instead it gives none. (I call it
>> from the
>> DATA acl but this is irrelevant)
>
> Using "exim -d -be" shows that the problem is this:
>
> DNS name syntax check failed: 152/29.160.221.217.in-addr.arpa (NS)
>


I guessed that... indeed I cannot get a slash as a PTR or as a LHS of
an A record.
It appears (probably written in some RCF?) that:

-
$origin    humph.com.
...
foo.humph.com.        IN      CNAME   a/test.humph.com.
a/test.humph.com.     IN      NS      it.humph.com



-
$origin a/test.humph.com.
...
a/test.humph.com.     IN      PTR     foo.humph.com.


is legal. That is CNAMES and Zones can have a slash in their value,
while a slash is not allowed in a domain name. So, in the "a/test"
zone, I cannot have A records like:

a    IN    A    127.0.0.1


The error given by bind is: bad owner name (check-names)

(no way for you to look up the above as it is in a private view, I
can make it public if you need it as test bed)

> You can fix this by setting dns_check_names_pattern. I wonder if I
> should change the default to include slashes?


only for CNAME results (but you do not check names on the results
already), NS and PTR keys and ZONE names (but there is no place where
to specify a zone in exim).
I would then limit it to NS and PTR.
I am not sure changing it with dns_check_names_pattern would be a
good idea as a slash in all other cases is illegal as far as I can
tell. (http://a/test.humph.com/ !)

Giuliano