Date: Sun, 30 Mar 2003 10:45:01 -0700 (MST) From: "M. Warner Losh" <imp@bsdimp.com> To: des@ofug.org Cc: arch@freebsd.org Subject: Re: Allow underscores in DNS names Message-ID: <20030330.104501.49852624.imp@bsdimp.com> In-Reply-To: <xzpel4phrcs.fsf@flood.ping.uio.no> References: <xzp4r5ljitl.fsf@flood.ping.uio.no> <20030330.060534.18864762.imp@bsdimp.com> <xzpel4phrcs.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <xzpel4phrcs.fsf@flood.ping.uio.no> des@ofug.org (Dag-Erling Sm=F8rgrav) writes: : "M. Warner Losh" <imp@bsdimp.com> writes: : > True. However, they are still relevant today. '_' is illegal in D= NS : > names : = : Says the RFC. IIRC, BIND traditionally did not enforce this, though : it does now for A records in master zones unless you change the : "check-names" setting (it seems to allow it for TXT records though). Bind has enforced this for a long time. : > is rejected by the majority of hosts on the internet : = : Wrong. We (*BSD) are pretty much the only ones not to accept : underscores in host names. I've tested Windows XP, Solaris 8 and : Linux 2.4.18; feel free to try 'ping under_score.ofug.org' on other : systems and report your findings here. This must be new because bind has enforced this for a long time. : > and : > generally is a bad idea. : = : I don't see why, and I've never heard any other argument against it : than "the RFC says so". It makes it harder for the script kiddies to write eggs for buffer overflow exploits in the DNS system. That's the whole reason that the bind folks started adding the restrictive character set. Also, if you produce characters outside the character set, then you are generating illegal packets, and there is (used to be) a lot of software that would choke in subtle ways. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030330.104501.49852624.imp>