> When I built my DNS zone creator, I got tired of users complaining that > their zones has "errors" and so I re-coded my serials to start with YYYY > followed by six digits based on the current date/time. > > Oddly, that seems to fool most (although not all) of the DNS validation > tools out there, despite the fact that I generate things like 2012804572 > which doesn't exactly have a "valid" MM or dd.
For many years I've found serial number checks good indications of whether a DNS validation tool's report will be a bad joke. If it checks the serial number format, then that's often the least harmful among the FUD that it's selling. I just tried some DNS "validation" tools, and revalidated that rule and another. The other rule is that if they sell DNS and other monitoring services, then they will flash red and yellow about your serial numbers, your MX servers, and a host of other non-issues that you almost certainly should not "fix." Even if RFC 1912 were not Informational, it would still only recommend and not mandate YYYYMMDDnn. Even if RFC 1912 were on the standards track and said "MUST", it would be violated in zones that change more than 100 times per day. How long has BIND9 had "serial-update-method"? > I've given up contacting so-called validation tools and asking them to > remove warnings about valid serials, they seem happier reporting > non-errors, and at best they'll return a "Not standard, but I guess it's > okay". It's a shame too, as these tools can provide a sanity check. What good are sanity checks from the certifiable or worse? Do you take medical advice (or any advice) from those who claim that DPT vaccines cause autism? https://encrypted.google.com/search?q=whooping+cough+worst+1955 It's sad but predictable that DNS validation/monitoring services are like some auto repair shops. Last week my wife took her car to the dealer for a minor recall. She came back with a long list of expensive things that she should have had fixed before leaving the dealer--provided you're car clue allergic, credulous, and don't have anyone to shout "NO!" when asked. On the other hand, the dealer's careful inspection failed to note the idiot light warning about a low tire. (cue discussion with wife 2 mornings later when I noticed the flat tire about the "flame (sic)" idiot light that she'd been watching since before the trip to the dealer and that obviously didn't matter because high temperatures can only be a good thing given the weather.) Vernon Schryver v...@rhyolite.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users