unqualified domains, was ICANN to allow commercial gTLDs

Mark Andrews marka at isc.org
Sun Jun 19 20:03:07 CDT 2011


In message <BANLkTinAZvLc4oQEW5Nq8eTrch=x6HsbJg at mail.gmail.com>, Jeremy writes:
> 
> "DK" may not be hierarchical, but "DK." is. If you try to resolve "DK" on

"DK." is NOT a hostname (RFC 952).  It is NOT legal in a SMTP transaction.
It is NOT legal in a HTTP header.

> it's own, many (most? all?) DNS clients will attach the search string/domain
> name of the local system in order to make it a FQDN. The same happens when
> you try and resolve a non-existent domain. Such as
> alskdiufwfeiuwdr3948dx.com, in wireshark I see the initial request followed
> by  alskdiufwfeiuwdr3948dx.com.gateway.2wire.net. However if I qualify it
> with the trailing dot, it stops after the first lookup. DK. is a valid FQDN
> and should be considered hierarchical due to the dot being the root and
> anything before that is a branch off of the root. see RFC1034

You need to write 1000 lines of:

	RFC 1034 DOES NOT CHANGE WHAT IS A LEGAL HOSTNAME

Go READ RFC 1034.  

"DK." it is NOT a valid heirachical hostname.  Just because some
random piece of software lets you get away with it does not make
it a legal nor does it make it a good idea.

Mark

> -Jeremy
> 
> On Sun, Jun 19, 2011 at 7:08 PM, Mark Andrews <marka at isc.org> wrote:
> 
> >
> > In message <g339j59ywz.fsf at nsa.vix.com>, Paul Vixie writes:
> > > Adam Atkinson <ghira at mistral.co.uk> writes:
> > >
> > > > It was a very long time ago, but I seem to recall being shown
> > http://dk,
> > > > the home page of Denmark, some time in the mid 90s.
> > > >
> > > > Must I be recalling incorrectly?
> > >
> > > no you need not must be.  it would work as long as no dk.this or dk.that
> > > would be found first in a search list containing 'this' and 'that', where
> > > the default search list is normally the parent domain name of your own
> > > hostname (so for me on six.vix.com the search list would be vix.com and
> > > so as long as dk.vix.com did not exist then http://dk/ would reach
> > "dk.")
> > > --
> > > Paul Vixie
> > > KI6YSY
> >
> > DK should NOT be doing this.  DK is *not* a hierarchical host name
> > and the address record should not exist, RFC 897.  The Internet
> > stopped using simple host names in the early '80s.  In addition to
> > that it is a security issue similar to that described in RFC 1535.
> >
> > Mark
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> >
> >
> 
> --bcaec51f900961620b04a619d97b
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> 
> "DK" may not be hierarchical, but "DK." is. If you try =
> to resolve "DK" on it's own, many (most? all?) DNS clients wi=
> ll attach the search string/domain name of the local system in order to mak=
> e it a FQDN. The same happens when you try and resolve a non-existent domai=
> n. Such as <a href=3D"http://alskdiufwfeiuwdr3948dx.com">alskdiufwfeiuwdr39=
> 48dx.com</a>, in wireshark I see the initial request followed by =A0<meta h=
> ttp-equiv=3D"content-type" content=3D"text/html; charset=3Dutf-8"><a href=
> =3D"http://alskdiufwfeiuwdr3948dx.com.gateway.2wire.net">alskdiufwfeiuwdr39=
> 48dx.com.gateway.2wire.net</a>. However if I qualify it with the trailing d=
> ot, it stops after the first lookup. DK. is a valid FQDN and should be cons=
> idered hierarchical due to the dot being the root and anything before that =
> is a branch off of the root. see RFC1034<div>
> <br></div><div>-Jeremy<br><br><div class=3D"gmail_quote">On Sun, Jun 19, 20=
> 11 at 7:08 PM, Mark Andrews <span dir=3D"ltr"><<a href=3D"mailto:marka at i=
> sc.org">marka at isc.org</a>></span> wrote:<br><blockquote class=3D"gmail_q=
> uote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1e=
> x;">
> <div><div></div><div class=3D"h5"><br>
> In message <<a href=3D"mailto:g339j59ywz.fsf at nsa.vix.com">g339j59ywz.fsf=
> @nsa.vix.com</a>>, Paul Vixie writes:<br>
> > Adam Atkinson <<a href=3D"mailto:ghira at mistral.co.uk">ghira at mistral=
> .co.uk</a>> writes:<br>
> ><br>
> > > It was a very long time ago, but I seem to recall being shown <a =
> href=3D"http://dk" target=3D"_blank">http://dk</a>,<br>
> > > the home page of Denmark, some time in the mid 90s.<br>
> > ><br>
> > > Must I be recalling incorrectly?<br>
> ><br>
> > no you need not must be. =A0it would work as long as no dk.this or dk.=
> that<br>
> > would be found first in a search list containing 'this' and &#=
> 39;that', where<br>
> > the default search list is normally the parent domain name of your own=
> <br>
> > hostname (so for me on <a href=3D"http://six.vix.com" target=3D"_blank=
> ">six.vix.com</a> the search list would be <a href=3D"http://vix.com" targe=
> t=3D"_blank">vix.com</a> and<br>
> > so as long as <a href=3D"http://dk.vix.com" target=3D"_blank">dk.vix.c=
> om</a> did not exist then <a href=3D"http://dk/" target=3D"_blank">http://d=
> k/</a> would reach "dk.")<br>
> > --<br>
> > Paul Vixie<br>
> > KI6YSY<br>
> <br>
> </div></div>DK should NOT be doing this. =A0DK is *not* a hierarchical host=
>  name<br>
> and the address record should not exist, RFC 897. =A0The Internet<br>
> stopped using simple host names in the early '80s. =A0In addition to<br=
> >
> that it is a security issue similar to that described in RFC 1535.<br>
> <br>
> Mark<br>
> <font color=3D"#888888">--<br>
> Mark Andrews, ISC<br>
> 1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
> PHONE: <a href=3D"tel:%2B61%202%209871%204742" value=3D"+61298714742">+61 2=
>  9871 4742</a> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 INTERNET: <a href=3D"mailto:=
> marka at isc.org">marka at isc.org</a><br>
> <br>
> </font></blockquote></div><br></div>
> 
> --bcaec51f900961620b04a619d97b--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the NANOG mailing list