cvs commit: src/lib/libc/resolv res_comp.c

Xin LI delphij at
Sat Feb 16 15:40:38 PST 2008

Hash: SHA1

M. Warner Losh wrote:
> In message: <20080216024541.GA31498 at>
>             Andrey Chernov <ache at> writes:
> : On Sat, Feb 16, 2008 at 12:16:49AM +0000, Xin LI wrote:
> : > delphij     2008-02-16 00:16:49 UTC
> : > 
> : >   FreeBSD src repository
> : > 
> : >   Modified files:
> : >     lib/libc/resolv      res_comp.c 
> : >   Log:
> : >   Allow underscore in domain names while resolving.  While having underscore
> : >   is a violation of RFC 1034 [STD 13], it is accepted by certain name servers
> : >   as well as other popular operating systems' resolver library.
> : 
> : Do you mean we'll have now different results from libc and from bind's 
> : resolver for names with underscore? If yes, it sounds worse than RFC 
> : violation committed.
> Plus there was a very long, very heated thread about removing _ as a
> valid name years ago.  Have conditions changed since then?  Frankly,
> I'd like to have seen a change like this discussed more widely.  There
> was much debate before, and there turned out to be good reasons for
> omitting the _.  I just can't recall them now.

If we are pointing the same discussion thread, it finally reached a
point which says that there is security concerns, claiming that
gethostbyname() and friends should do aggressive sanity check for domain

While this might be reasonable at that time of discussion, I would argue
that with the world outside *BSD all accepts _ in host names at the
resolver side, the alleged _ -> - transition never finished as people
expected in the early age of Internet, and so that as applications
ported to these platforms from time to time, they will have to face the
fact that _ is considered as valid by their resolvers.  Moreover, if "_"
is that harmful to any individual applications, I would say that they
should check it at the input stage, which is considered as the attack
surface, not to rely on base services like resolver to do the sanity check.

I don't think it would be the end of world if we allow _ in host names.
All other (lame) OSes allows it, their resolver just accepts this
character and give the answer, actually, I would be very surprised if it
can still cause any real world attack nowadays.

- --
Xin LI <delphij at>
FreeBSD - The Power to Serve!
Version: GnuPG v2.0.4 (FreeBSD)


More information about the cvs-src mailing list