[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16430 [Tor]: tor relay rejecting DNS names containing underscore
#16430: tor relay rejecting DNS names containing underscore
---------------------------+--------------------------
Reporter: starlight | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: 0.2.6.9
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------------
Comment (by yawning):
> It appears the prohibition against use of underscore characters in DNS
names is canonical rather than
a hard rule enforced by the DNS system. The below DNS names are rejected
by tor though they resolve properly.
It's not enforced by the DNS system on the server side because RFC 2181
says that DNS servers must serve broken zones. I'm indifferent here for
the most part except that Tor should reject obviously malformed queries as
early as possible to minimize network use.
RFC 1912:
{{{
Allowable characters in a label for a host name are only ASCII
letters, digits, and the `-' character. Labels may not be all
numbers, but may have a leading digit (e.g., 3com.com). Labels must
end and begin only with a letter or digit. See [RFC 1035] and [RFC
1123]. (Labels were initially restricted in [RFC 1035] to start with
a letter, and some older hosts still reportedly have problems with
the relaxation in [RFC 1123].) Note there are some Internet
hostnames which violate this rule (411.org, 1776.com). The presence
of underscores in a label is allowed in [RFC 1033], except [RFC 1033]
is informational only and was not defining a standard.
}}}
RFC 2181:
{{{
Note however, that the various applications that make use of DNS data
can have restrictions imposed on what particular values are
acceptable in their environment. For example, that any binary label
can have an MX record does not imply that any binary name can be used
as the host part of an e-mail address. Clients of the DNS can impose
whatever restrictions are appropriate to their circumstances on the
values they use as keys for DNS lookup requests, and on the values
returned by the DNS.
}}}
Someone should e-mail the New York Times and tell them that their zone
file is busted, because things like: `core3_euw1.fabrik.nytimes.com. 3600
IN A 54.229.241.196` is broken and horrible. Yes, things like
DomainKeys use `_` in `CNAME` records, but when a `CNAME` is (eventually)
pointing to an `A` or `AAAA` record, it needs to follow the hostname
rules, which is the situation that's relevant to Tor's SOCKS proxy.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16430#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs