Underscores again
Jim Reid
jim at rfc1035.com
Thu Apr 20 10:13:12 UTC 2000
>>>>> "Ed" == Ed Sawicki <ed at alcpress.com> writes:
Ed> I've been reading the numerous past threads regarding
Ed> underscore characters in DNS names. It seems that most folks
Ed> here agree that underscores are not allowed. However, RFC2181
Ed> seems to say something different. Here's the paragraph that
Ed> confuses me.
Ed> "The DNS itself places only one restriction on the particular
Ed> labels that can be used to identify resource records. That
Ed> one restriction relates to the length of the label and the
Ed> full name. The length of any one label is limited to between
Ed> 1 and 63 octets. A full domain name is limited to 255 octets
Ed> (including the separators). The zero length full name is
Ed> defined as representing the root of the DNS tree, and is
Ed> typically written and displayed as ".". Those restrictions
Ed> aside, any binary string whatever can be used as the label of
Ed> any resource record. Similarly, any binary string can serve
Ed> as the value of any record that includes a domain name as some
Ed> or all of its value (SOA, NS, MX, PTR, CNAME, and any others
Ed> that may be added)."
Ed> How should I interpret this?
Just as it is written. Most people would say that the text above is
crystal-clear. You should also have read the following paragraph in
RFC2181:
Note however, that the various applications that make use of DNS data
can have restrictions imposed on what particular values are
acceptable in their environment. For example, that any binary label
can have an MX record does not imply that any binary name can be used
as the host part of an e-mail address. Clients of the DNS can impose
whatever restrictions are appropriate to their circumstances on the
values they use as keys for DNS lookup requests, and on the values
returned by the DNS. If the client has such restrictions, it is
solely responsible for validating the data from the DNS to ensure
that it conforms before it makes any use of that data.
See also [RFC1123] section 6.1.3.5.
So what this all means is that the DNS protocol is very liberal in how
names for resource records are constructed. Other protocols are more
restrictive about the character sets that can be used for hostnames,
email addresses and the like. When these names are entered into the
DNS, they should conform to the relevant standards for that protocol
even though the DNS itself doesn't (need to) care about those
restrictions. Sometimes it can be less painful for the name server to
enforce those restrictions - checking for underscores in hostnames for
instance - than to try to get every resolver and legacy system in the
world to apply the those checks.
More information about the bind-users
mailing list