Situation
After updating to SLES 9 SP4, or certain updates with SLES 9 SP3, BIND will not load, with a similar error in /var/log/messages:
Any error message with the (check-names) is a match, and this document should be considered for a potential solution.
ER: zone example_ex/IN: loading master file master/example_ex: bad owner name (check-names)
Any error message with the (check-names) is a match, and this document should be considered for a potential solution.
Resolution
Several RFC's govern valid DNS record names. Some system administrators have named objects, zones, records, services and computers with invalid names. These names often contain invalid or illegal characters such as "_", which were previously ignored. A recent upstream patch of BIND (named) has changed the default behavior of ignoring these invalid names to failing preventing BIND from loading normally.This issue is typically seen on OES 1 SP2 servers and clustered resources.
There are several options that can be taken to resolve this issu
option 1: remove invalid dns record names
For servers which are internet facing or have high security requirement, removing the invalid DNS names is recommended. This process will require planning in order to implement. If you elect to alter the invalid DNS names, records or zones, you can implement option 2 as a stop-gap procedure.
option 2: turn off name checking
BIND include a "check-name" option to remove name checking for DNS names, records and zones. In your named.conf (traditionally in /etc), place the following:
check-names master ignore;This will instruct BIND to ignore any invalid names, zones or records allowing DNS to load normally. The other options are "warn" or "fail." If you elect to rename records, names or zones, you can use the "warn" option to help find records and services to rename.
check-names slave ignore;
check-names response ignore;
OES 2 and LDAP configured DNS caveaut: OES 2 DNS servers can pull the information from LDAP or eDirectory. The options have been reported to not work correctly when they are added via iManager. As a result, it is recommended that you put the options external to LDAP and then "include" the options.
- On each DNS server, create a file called "/etc/named.conf.options"
- Populate the "check-names" options above
- Add "/etc/named.conf.options" as an include, for example:
include /etc/named.conf.options;