[BlueOnyx:27203] Re: Adding NS in include

Colin Jack colin at mainline.co.uk
Thu Aug 22 07:39:51 -05 2024 

Hi Taco,

We already do for _dkim _dmarc etc. so that shouldn’t be a problem.

Regards

Colin

From: Taco Scargo <taco at blueonyx.nl>
Date: Thursday 22 August 2024 at 12:52
To: Michael Stauber <mstauber at blueonyx.it>, BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it>
Cc: Colin Jack <colin at mainline.co.uk>
Subject: Re: [BlueOnyx:27199] Adding NS in include

Michael,

I did some research and we do need to allow underscored in the first part of a NS record, as it refers to a domain

Let me quote the standard, RFC 2181, section 11, "Name syntax":

The DNS itself places only one restriction on the particular labels that can be used to identify resource records. That one restriction relates to the length of the label and the full name. [...] Implementations of the DNS protocols must not place any restrictions on the labels that can be used. In particular, DNS servers must not refuse to serve a zone because it contains labels that might not be acceptable to some DNS client programs.

See also the original DNS specification, RFC 1034, section 3.5 "Preferred name syntax" but read it carefully.

Domains with underscores are very common in the wild. Check _jabber._tcp.gmail.com or _sip._udp.apnic.net.

For host names (or for URLs, which include a host name), then this is different, the relevant standard is RFC 1123, section 2.1 "Host Names and Numbers" which limits host names to letters-digits-hyphen.

Best regards,

Taco


On 22 Aug 2024, at 13:16, Taco Scargo via Blueonyx <blueonyx at mail.blueonyx.it> wrote:

Hi Colin,

In /var/named/chroot/var/named there should be a file of the specific domain with a .include extension
That’s where you would add a line, similar to (in case the domain is called example.com<http://example.com/>):

_acme-challenge.example.com.  IN  NS  XXXXXX.

What XXX should be you should have received as well.
It is however quite uncommon to use NS records for verification, generally this is done with TXT records.
I would advise you to ask the customer for additional information.

Best regards,

Taco Scargo
taco at blueonyx.nl



On 22 Aug 2024, at 12:39, Colin Jack via Blueonyx <blueonyx at mail.blueonyx.it> wrote:

Good morning.

Some guidance please.

We have a customer using a third party host for their website but we hold the DNS.
They have requested the following NS record to be added.

NS    _acme-challenge   domain.tld

This can't be done from the GUI so I will need to add to the include file but not certain on the format.
I don't want to mess it up!

Please can someone tell me what I need to do?

Many thanks

Colin


_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20240822/1b57f721/attachment-0001.html>

More information about the Blueonyx mailing list