pi@vuurwerk.nl (Pim van Riezen) writes:

bogosity while updating 8.2.2-P7 to 8.2.3:

(1) 8.2.3 Doesn't accept the "(" in the SOA string to be on the next line after the IN SOA. Our script-generated zonefiles, about 45000 of them, all had this.

Neither do the relevant RFC's, or any other DNS implementation. Pre-8.2.3 was simply _wrong_ to accept that syntax.

(2) 8.2.3 Changed the meaning of the last field of the SOA record and needs a $TTL directive to cover the default TTL. This also affected all of our zones (86400 seconds timeout on negative caching is, you must agree, way over the top so not a value you want to propagate).

This also is per several (recent) RFC's, and again, pre-8.2.3 was simply _wrong_ in its use of the SOA.MINTTL as a default TTL for the whole zone.

(3) 8.2.3 Is unforgiving against errors in zonefiles. Where previously individual records were rejected (or served as-is), bind now insists on dropping the entire zone if something went wrong. Needless to say in a reload of 45K domains it takes a bit of time to fish out the bad ones.

A zone either has an identity or it doesn't. There's no such thing as a best effort identity. If the file is not syntactically valid, it's not a zone and ought not be served, since it has no specific identity for the serial number to map to.

When downloading I expected a security upgrade, not a service pack.

You and a lot of other people. 8.2.2-P8 will be along shortly.