As a result of my late night rant (must learn not to read email late at night after getting off an airplane), I have received input that two applications that have issues with the "_" character: 1) Squid/Squid proxy from two people (although there wasn't any indication of the actual issue, presumably Squid won't be able to contact the host to cache the content?) 2) "Create a cert for a host with an _ in the name, install said cert into apache/mod_ssl, try to surf (at least using IE) to that server." -- Matthew Christopher This is useful information and can help the original requester make the business decision as to whether or not he will relax his restriction against "_" in the character string that he'll allow his customer to use in data sent to/received from domain name servers he controls. I suspect the rest of the jihad against heathen characters such as "_" should probably be redirected to namedroppers so I won't comment further. Rgds, -drc On May 18, 2005, at 2:15 AM, Mark Andrews wrote:
A hostname is not a domainname. It's all through RFC's 1033, RFC 1034 and RFC 1035. There are references that make it clear that a domain name is not the same as a hostname.
I quoted one of them. I can find other references.
Proctor&Gamble.com anyone? That is the logical concusion of saying hostnames are arbitary 8 bit strings.
The whole reason for check-names was because of very seriously broken software that would allow shell meta-characters in in-addr.arpa labels to do bad things. I have come to the opinion that if such software still exists, then the people who run that software deserve what they get. Check-names was a bad idea that might have been justified at the time, but pretending it remains justified by 952/1123 has got to stop sometime.
We tried hard to kill check-names. The only reason it still exists is that people wouldn't move from BIND 8 without it.
I havn't run with "check-names answer" enabled in years.
However, that rant was mostly irrelevant. Can you point to _ANY_ application, operating system, or anything else that has any issues whatsoever with an "_" of all characters?
The original query was about a OS / application that had problems with underscores.
The point of RFC's is to promote interoperability. People who attempt to name there machines with underscores either don't know better or don't care about interoperability or both.
The simplest way to fix this is for application that configure hostnames, real or virtual, to reject by default illegal hostnames. Apache should not allow virtual sites with illegal hostnames without explicit overrides. Similarly for your favourite MTA, DNS server etc. If people want to use them they need to know they are stepping out of the area where interoperability should occur.
Note: SRV and Active Directory *both* depend on underscore not being legal in hostnames to keep their names spaces seperate from the hostname namespace.
Half the anti-spam/DNS schemes depend upon underscore not being legal in a hostname.
Mark
Rgds, -drc
On May 17, 2005, at 6:08 PM, Mark Andrews wrote:
RFC 952 and RFC 1123 describe what is currently legal in hostnames.
Underscore is NOT a legal character in a hostname.
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org