Allow underscores in DNS names

Terry Lambert tlambert2 at mindspring.com
Sat Mar 29 18:19:49 PST 2003


"Louis A. Mamakos" wrote:
> > There was a better patch that made it an option in resolv.conf,
> > rather than turning it on all the time.
> 
> This is great, except that you'd don't need to have a resolv.conf
> on your system at all; the resolver will default to using a local
> caching nameserver.

By this argument, it should do that anyway, if the only option
is this one.

My own argument is that there should be an "allow_chars" option
in the resolv.conf, so that the Tuesday after this is committed,
and someone now wants "#" in domain names to support their idea
of mapping phone numbers to domain names, we don't have to go
through this whole dumb "let's violate RFC-952, just this once!"
argument yet againt.


> > FreeBSD should be standards compliant, by default, and take work
> > to make it possible to give bogus data to other hosts on the
> > Internet who can not handle "_" or other characters because they
> > *are* standars compliant.
> 
> Since this is a resolver option, you're not handing out names to
> other hosts using the DNS infrastructure.

You are if you are a caching DNS server, which uses the resolver
code to look up data on the global DNS, caches it, and returns
it to local DNS querants.

It also permits you to do things like put "_" in names in host
files.


If you *must* have a single patch, at *least* the original original
patch (which *also* failed to provide an option for unbreaking
RFC-952 compliance on the systems of people who prefer to comply
with international standards) only allowed the character *interior*
to the domain names (i.e. after the first character).

That, *at least* hept it from interfering accidently with the
service location resource records for zeroconf.


> > "Be conservative in what you send."
> 
> And liberal in what you receive, which is exactly what modifing
> the resolver to not cause gethostbyname() and it's ilk to barf
> on these types of names.

And liberal in what you resend?

You can't have it both ways.

Reading the 1998 discussion, as was previously suggested, is a
good idea.


> There are lots of things in ancient RFCs which probably do not
> make as much sense these days as they once did.

There is a fix for that: join an IETF group, and create a
"supercedes" RFC.

The standards are the standards, as they are.


> If there is a security issue in applications, they should get
> fixed regardless.

OK.

So you are advocating getting rid of the stupid "This program
uses gets(), which is unsafe" messages, right?

Because the programs where the API that is being used lead to a
security isseu in applications, when people do not know how to
use the API properly.


> All this heartburn over what the gethostbyname() library function
> chooses to believe from the DNS still doesn't address getting
> hostnames out of NIS or /etc/hosts.

NIS and /etc/hosts should *NEVER* contain a host name with an
"_".  *NEVER*.

-- Terry


More information about the freebsd-arch mailing list