[10721] in bugtraq
Re: weaknesses in dns label encoding
daemon@ATHENA.MIT.EDU (Kragen Sitaker)
Fri Jun 4 14:27:55 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSU.4.10.9906041351230.26946-100000@kirk.dnaco.net>
Date: Fri, 4 Jun 1999 14:04:49 -0400
Reply-To: Kragen Sitaker <kragen@POBOX.COM>
From: Kragen Sitaker <kragen@POBOX.COM>
To: BUGTRAQ@NETSPACE.ORG
der Mouse wrote:
> Why? How is it a favor to anyone to allow some illegal names but not
> others? (Of course, I don't entirely understand why check-names is
> optional at all; I can't see how it's a favor to anyone to ever accept
> illegal names....)
First, according to RFC 1035's recommended grammar, the following DNS
names are invalid:
3.206.238.207.in-addr.arpa
www.inria.fr
io.com
. . . the first because it contains labels beginning with digits, and
the others because they contain two-letter labels.
Second, although it is by no means clear, it appears that
RFC 1035 merely *recommends* the use of domain names that conform to the
grammar, saying, "The following syntax will result in fewer problems
with many applications that use domain names"; it does not require it.
This grammar is followed by a statement saying, "The labels must follow
the rules for ARPANET host names," followed by some explication of what
that means. It is unclear whether this means that labels must follow
these rules in order to conform to the recommended grammar or that
labels must follow these rules to conform to the requirements of the
RFC.
All of this is in a section labeled, "2.3.1. Preferred name syntax".
Further down, in section 5.1 where the format of the database files is
defined, it is stated, "Quoting conventions allow arbitrary characters
to be stored in domain names." The quoting conventions described have
no purpose other than to allow the violation of the recommendations of
section 2.3.1.
Are there other RFCs that describe allowed syntax for domain names?
The following RFCs are listed as updating RFC1035:
1101
1183
1348
1876
1982
1995
1996
2065
2181
2136
2137
2308
I have only read a few of these.
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
TurboLinux is outselling NT in Japan's retail software market 10 to 1,
so I hear.
-- http://www.performancecomputing.com/opinions/unixriot/981218.shtml
