Allow underscores in DNS names
M. Warner Losh
imp at bsdimp.com
Sun Mar 30 09:46:29 PST 2003
In message: <xzpel4phrcs.fsf at flood.ping.uio.no>
des at ofug.org (Dag-Erling Smørgrav) writes:
: "M. Warner Losh" <imp at bsdimp.com> writes:
: > True. However, they are still relevant today. '_' is illegal in DNS
: > names
:
: Says the RFC. IIRC, BIND traditionally did not enforce this, though
: it does now for A records in master zones unless you change the
: "check-names" setting (it seems to allow it for TXT records though).
Bind has enforced this for a long time.
: > is rejected by the majority of hosts on the internet
:
: Wrong. We (*BSD) are pretty much the only ones not to accept
: underscores in host names. I've tested Windows XP, Solaris 8 and
: Linux 2.4.18; feel free to try 'ping under_score.ofug.org' on other
: systems and report your findings here.
This must be new because bind has enforced this for a long time.
: > and
: > generally is a bad idea.
:
: I don't see why, and I've never heard any other argument against it
: than "the RFC says so".
It makes it harder for the script kiddies to write eggs for buffer
overflow exploits in the DNS system. That's the whole reason that the
bind folks started adding the restrictive character set. Also, if you
produce characters outside the character set, then you are generating
illegal packets, and there is (used to be) a lot of software that
would choke in subtle ways.
Warner
More information about the freebsd-arch
mailing list