Date: Sat, 29 Mar 2003 18:18:18 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: "Louis A. Mamakos" <louie@TransSys.COM> Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@ofug.org> Subject: Re: Allow underscores in DNS names Message-ID: <3E8653EA.BAF9D765@mindspring.com> References: <xzpu1dm2k2h.fsf@flood.ping.uio.no> <3E864AD1.6C1C3656@mindspring.com> <200303300205.h2U25vDN037209@whizzo.transsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Louis A. Mamakos" wrote: > > There was a better patch that made it an option in resolv.conf, > > rather than turning it on all the time. > > This is great, except that you'd don't need to have a resolv.conf > on your system at all; the resolver will default to using a local > caching nameserver. By this argument, it should do that anyway, if the only option is this one. My own argument is that there should be an "allow_chars" option in the resolv.conf, so that the Tuesday after this is committed, and someone now wants "#" in domain names to support their idea of mapping phone numbers to domain names, we don't have to go through this whole dumb "let's violate RFC-952, just this once!" argument yet againt. > > FreeBSD should be standards compliant, by default, and take work > > to make it possible to give bogus data to other hosts on the > > Internet who can not handle "_" or other characters because they > > *are* standars compliant. > > Since this is a resolver option, you're not handing out names to > other hosts using the DNS infrastructure. You are if you are a caching DNS server, which uses the resolver code to look up data on the global DNS, caches it, and returns it to local DNS querants. It also permits you to do things like put "_" in names in host files. If you *must* have a single patch, at *least* the original original patch (which *also* failed to provide an option for unbreaking RFC-952 compliance on the systems of people who prefer to comply with international standards) only allowed the character *interior* to the domain names (i.e. after the first character). That, *at least* hept it from interfering accidently with the service location resource records for zeroconf. > > "Be conservative in what you send." > > And liberal in what you receive, which is exactly what modifing > the resolver to not cause gethostbyname() and it's ilk to barf > on these types of names. And liberal in what you resend? You can't have it both ways. Reading the 1998 discussion, as was previously suggested, is a good idea. > There are lots of things in ancient RFCs which probably do not > make as much sense these days as they once did. There is a fix for that: join an IETF group, and create a "supercedes" RFC. The standards are the standards, as they are. > If there is a security issue in applications, they should get > fixed regardless. OK. So you are advocating getting rid of the stupid "This program uses gets(), which is unsafe" messages, right? Because the programs where the API that is being used lead to a security isseu in applications, when people do not know how to use the API properly. > All this heartburn over what the gethostbyname() library function > chooses to believe from the DNS still doesn't address getting > hostnames out of NIS or /etc/hosts. NIS and /etc/hosts should *NEVER* contain a host name with an "_". *NEVER*. -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E8653EA.BAF9D765>