Underscores in hostnames (was Re: Message for Bind-users)
Barry Margolin
barmar at genuity.net
Wed Jun 14 17:48:30 UTC 2000
In article <8577.960959041 at gromit.rfc1035.com>,
Jim Reid <jim at rfc1035.com> wrote:
>Underscores in hostnames did cause security problems. IIRC Apple's
>TCP/IP code slavishly followed RFC1123 and choked on illegal
>hostnames, including those that has underscores in them. So the IETF
>leaned on the ISC to make BIND check for illegal names and reject them
>by default.
IIRC, Apple also gave into customer pressure and removed that check in
later versions. I think it was only MacTCP 4.0.6 that did it.
I've encountered problems with underscores in the Gauntlet firewall
software. It seemed that if a web hostname were a CNAME pointing to a
hostname with underscores, the HTTP proxy wouldn't go there. I haven't
administered this software for a couple of years so it's possible the check
has been removed. But it was damn confusing, because the proxy would say
that the server name doesn't exist, while nslookup/dig would clearly say
it does.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list