North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [NANOG] Re: Reasons why BIND isn't being upgraded
[email protected] (Pim van Riezen) writes: > bogosity while updating 8.2.2-P7 to 8.2.3: > > (1) 8.2.3 Doesn't accept the "(" in the SOA string to be on the next line > after the IN SOA. Our script-generated zonefiles, about 45000 of them, > all had this. Neither do the relevant RFC's, or any other DNS implementation. Pre-8.2.3 was simply _wrong_ to accept that syntax. > (2) 8.2.3 Changed the meaning of the last field of the SOA record and > needs a $TTL directive to cover the default TTL. This also affected > all of our zones (86400 seconds timeout on negative caching is, you > must agree, way over the top so not a value you want to propagate). This also is per several (recent) RFC's, and again, pre-8.2.3 was simply _wrong_ in its use of the SOA.MINTTL as a default TTL for the whole zone. > (3) 8.2.3 Is unforgiving against errors in zonefiles. Where previously > individual records were rejected (or served as-is), bind now insists > on dropping the entire zone if something went wrong. Needless to say > in a reload of 45K domains it takes a bit of time to fish out the > bad ones. A zone either has an identity or it doesn't. There's no such thing as a best effort identity. If the file is not syntactically valid, it's not a zone and ought not be served, since it has no specific identity for the serial number to map to. > When downloading I expected a security upgrade, not a service pack. You and a lot of other people. 8.2.2-P8 will be along shortly.
|