[16518] in Kerberos-V5-bugs
[krbdev.mit.edu #8809] [Comment] Do not call getaddrinfo() with
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Tue Mar 31 15:55:34 2020
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-4.4.4-60459-1585635138-1693.8809-8-0@mit.edu>
Message-ID: <rt-4.4.4-4540-1585684504-325.8809-8-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8809":;
Date: Tue, 31 Mar 2020 15:55:05 -0400
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
https://krbdev.mit.edu/rt/Ticket/Display.html?id=8809
This is a comment. It is not sent to the Requestor(s):
Jeff encountered a mail delivery issue updating the ticket; here is his
response:
RFC 2743 Section 4.1 states that the second component will be treated as
a hostname regardless of whether or not a DNS lookup succeeds.
"When a reference to a name of this type is resolved, the 'hostname'
may (as an example implementation strategy) be canonicalized by
attempting a DNS lookup and using the fully-qualified domain name
which is returned, or by using the 'hostname' as provided if the DNS
lookup fails. The canonicalization operation also maps the host's
name into lower-case characters."
In the case of a name which begins with a leading underscore the DNS
lookup is guaranteed to fail. I will call out two items in the above a
paragraph:
1. Canonicalization by attempting a DNS lookup is optional.
2. If the optional DNS lookup fails, the 'hostname' will be used
as provided.
What I have pointed out in this ticket is that a getaddrinfo() query
will always fail for a name beginning with a leading underscore and that
the failure might take a long time. Therefore, there is no benefit to
issuing the query and the canonicalization step described in Section 4.1
should be skipped.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
