Re: weaknesses in dns label decoding,

From: markaat_private
Date: Thu Jun 03 1999 - 16:13:15 PDT

Next message: M. Adam Kendall: "Re: Bastille Linux amd kha0S Linux"

Previous message: Thomas Fischbacher: "Re: /tmp symlink problems in SuSE Linux 6.1"
Next in thread: Brett Glass: "Re: weaknesses in dns label decoding,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Many sysadmins disable BIND's "check-names" option because
> their less knowledgeable colleagues assign illegal names. In
> particular, many use underscores in system names, even though
> they're verboten.
>
> BIND *should* have a separate option that allows underscores
> in names to accommodate this frequent glitch, but it doesn't.
> So, the checking becomes all-or-nothing.
>
> --Brett

	No.

	There is a specification about what is legal in a hostname
	/ mailname (RHS of @).  If an application is expecting a
	hostname, it should only be given hostnames.  The library
	(or server) should filter out non conforment names.

	You do not know what the application is using as a field
	seperator and "_" is a perfectly valid character to use
	to seperate a list of hostnames.

	Yes I am playing devils advocate here but you have to do
	that at time to knock down silly ideas.  You either enforce
	the specification you you don't bother at all.

	Check-names is on by default for good reason.  To force people
	to become aware of what they are doing and where they are breaking
	a standard.

	Underscore is also a silly character to have.  How many hostnames
	are in the following html fragment when you read it on a ascii
	terminal?

			<UL>foobar.au_example.net</UL>

	Mark

	P.S. There are interperative languages where "_" is an
	assignment operator and where a hostname could be used
	as a variable name.

	P.P.S. I made this arguement long before I worked for ISC
	and it is still my view.

>
> At 11:00 PM 6/2/99 +0200, Pavel Kankovsky wrote:
> >On Mon, 31 May 1999, bobk wrote:
> >
> > > Another thing to remember is that it is possible to put ABSOLUTELY
> > > ANYTHING inside a DNS domain name. This includes whitespace, control
> > > characters, and even NULL.
> >
> >Use BIND's check-names option to refuse illegal answers.
> >
> >--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
> >"NSA GCHQ KGB CIA nuclear conspiration war weapon spy agent... Hi Echelon!"
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: markaat_private

Next message: M. Adam Kendall: "Re: Bastille Linux amd kha0S Linux"
Previous message: Thomas Fischbacher: "Re: /tmp symlink problems in SuSE Linux 6.1"
Next in thread: Brett Glass: "Re: weaknesses in dns label decoding,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:11 PDT