Should host/domain names travel over the internet with a trailing dot?

• Previous message (by thread): Should host/domain names travel over the internet with a trailing dot?
• Next message (by thread): looking for terminology recommendations concerning non-rooted FQDNs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 25 Feb 2013 19:07:20 -0600, Jimmy Hess said:

> If  the domain in a certificate were not interpreted as a FQDN by the
> client,   this would mean,  that the certificate for
> CN=bigbank.example.com
> might be used to authenticate a connection to  https://bigbank.example.com
> which do the local resolver search order, is in fact a DNS lookup of
> bigbank.example.com.intranet.example.com
>
> Which might be captured by a Wildcard A record for  *.com  found in
> the   intranet.example.com.   zone  and pointed to a server
> containing a phishing attack against bigbank.example.com;   with  a
> DNS cache poisoned by  a false negative cache NXDOMAIN entry   for
> bigbank.example.com.

I am *sooo* tempted to say "I recommend my competitors do DNS lookups this way"

:)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130226/48e7db44/attachment.sig>

• Previous message (by thread): Should host/domain names travel over the internet with a trailing dot?
• Next message (by thread): looking for terminology recommendations concerning non-rooted FQDNs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]