Underscores in host names

Paul Vixie vixie at vix.com
Wed May 18 21:51:32 UTC 2005


> So, you found some pre-existing rules, used them as cover for your
> problem, and now that your ~problem is fixed the pre-existing rules
> shouldn't matter to anybody anymore? Come on now, isn't it slightly
> possible that those rules were pre-existing for reasons that have nothing
> to do with you?

here's the stretchy part that makes me want to undo what was done.

gethostbyname() knows it's dealing with hostnames.  also gethostbyaddr()
and the modern equivilents (getaddrinfo/getnameinfo/whatever).  also, these
library calls can get their host name/address data from sources other than
dns.  it is in my view perfectly reasonable for these library calls to
demand RFC952-compliance, or compliance with a later specification for "host"
names, if there ever is such.

however, inside BIND4 named.boot and BIND8/BIND9 named.conf you will find
that the server is capable of enforcing hostname (RFC952) and mailname (RFC821)
rules on DNS data like "owner of A RRset" or "owner or target of MX RRset",
on the very stretchy supposition that these names, because they are being
used as part of A-RR or MX-RR sets, must be getting used as "hostnames" or
"mailnames".  that might often be the case, or always-to-date be the case,
but it ain't NECESSARILY the case.

putting these checks in for master zones, slave zones, and response data was
a significant over-reach on my part.  THAT is what i'm apologizing for here.
(and THAT is what CERT had asked me to do, since changing gethostbyaddr()
would not, by itself, have protected Sendmail from newlines in its qf* files.)

> ...
> I'm glad you fixed your problem, but really, this isn't about DNS, it is
> about universal representation of hostnames despite the media that is used
> to convey those names.

and i'd agree if you said "logic that's meant to support hostnames/mailnames
ought to enforce the known rules about those names."  by which i'd be thinking
of the library calls gethostbyname(), gethostbyaddr(), and so on.  and by which
i would expressly not be referring to anything in the DNS.

just because you own an A RR doesn't make you a hostname.

just because you're pointed to by an MX RR doesn't make you a mailname.

(what a relief to finally be able to say that.)
-- 
Paul Vixie



More information about the NANOG mailing list