Underscore Character

Mark_Andrews at iengines.com Mark_Andrews at iengines.com
Sat Nov 13 04:19:18 UTC 1999 

	Kevin,
	       the checking is there for security reasons.
	Gethostbyaddr was being used to break into systems by
	returning arbitary text as the hostname.  We needed to
	tighten this and the only guaranteed safe output was to
	enforce RFC 952 + RFC 1123 strictly.  The rest is due to
	the principle of least astonishment.

	Mark

	P.S. If you wish to complain go complain to your OS vendor
	that your OS allowed you to use hostnames that were not
	RFC 952 + RFC 112 compliant in the first place.  Your OS
	was released after March 1982 (RFC 801 which has the same
	name rules as RFC 952, I couldn't find a online copy of 608)
	wasn't it?

> Don Buchholz wrote:
> 
> > On Fri, 12 Nov 1999, Kevin Darcy wrote:
> > >
> > > Whatever happened to "be liberal in what you accept" anyway? Is RFC 1123'
> s
> > > Robustness Principle dead and buried?
> > >
> >
> > >From RFC-1123, Section 1.2.2  Robustness Principle
> >
> >                 "Be liberal in what you accept, and
> >                  conservative in what you send"
> >
> > IMHO, BIND is inherently a "sender", and in a properly running Internet,
> > nameservers should *not* be advertising illicit hostnames!
> 
> And if someone said tomorrow that the letter "f" was "illicit"? Would the
> presence of "f"s in hostnames suddenly make the Internet malfunction? I'm all
> for standards enforcement when the standards have reasonable technical
> justification. But if the only justification is the circular "to ensure
> interoperability with servers that enforce the standard", then I feel compell
> ed
> to point out that the emperor wears no clothes.
> 
> > I ran across the underscore problem a few years ago, when I read the
> > *warnings* from BIND 4.9.x (or was is 4.8.x ...).  I read the relevant
> > RFC's and said "oops, our mistake!" and fixed it!
> 
> Whereas my reaction was "oh great! now my only cost-effective option is to tu
> rn
> off name-checking"...
> 
> 
> - Kevin
> 
> 
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com

More information about the bind-users mailing list