Allowing Illegal Characters in Domain Names
3.5.1 Problem
You need to configure a BIND 8 name server to allow one or more domain names that include illegal characters in your zone.
3.5.2 Solution
Use the check-names substatement within the zone's zone statement in named.conf. For example:
zone "foo.example" { type master; file "db.foo.example"; check-names warn; };
warn tells the name server to alert you to illegal domain names with messages sent to syslog, by default. You can also choose ignore, which tells the name server to shut up and say nothing about illegal domain names.
3.5.3 Discussion
The whole notion of "illegal" domain names disappeared in BIND 9, which did away with name checking. You can include underscores, punctuation, and almost anything else in a domain name and load it on a BIND 9 name server. That's not a particularly good idea in most cases, but you can.
Many of you still run BIND 8 name servers, though, and they check domain names. In fact, they won't load primary master zones with illegal domain names in them, by default, so you may need to change these settings.
You can set BIND 8's name-checking behavior for all zones by using check-names as an options substatement. As an options substatement, check-names also specifies the context in which an illegal domain name is found:
Primary
In a zone the name server is the primary master for
Slave
In a zone the name server is a slave for
Response
In a response from a remote name server
For example, you could allow illegal domain names in all primary master zones with:
options { directory "/var/named"; check-names primary warn; };
It's a bad idea to allow illegal characters in responses from remote name servers, since it could subject your name server and your resolvers to certain attacks.
3.5.4 See Also
"Host Name Checking (BIND 4.9.4 and Later Versions)" in Chapter 4 of DNS and BIND.