Re: Silly DNS question
Ben Scott wrote: The detective in me has to point out that doesn't necessarily prove it's Amazon's *DNS* servers doing that. Their provisioning system might replace potentially problematic characters with dashes when creating DNS records. This distinction is mostly academic, but I think we're in that territory already. ;-) Indeed. I think we can all agree that Amazon *should* NOT be using underscores in any case, for host names. I don't know if Amazon's web server would agree, but their DNS servers seem to think they are the same. Well, both http://thingiverse_beta.s3.amazonaws.com/ and http://thingiverse-beta.s3.amazonaws.com/ respond with XML, but with different content -- the latter a not found sort of result. I'm not sure if that's the web server proper, or custom server-side software running behind it, that's getting confused. Yup. Found my reason why I got identical replies from DNS queries: s3.amazonaws.com seems to have a wildcard CNAME to s3-directional-w.amazonaws.com: $ host somenamethatshouldnotexist.s3.amazonaws.com somenamethatshouldnotexist.s3.amazonaws.com is an alias for s3-directional-w.amazonaws.com. s3-directional-w.amazonaws.com is an alias for s3-1-w.amazonaws.com. s3-1-w.amazonaws.com has address 72.21.202.194 $ Brian -- --- | br...@datasquire.net Proprietor: http://www.JustWorksNH.com | | Computers and Web Sites that JUST WORK | | Work: +1 (603) 484-1461Home: +1 (603) 484-1469| --- ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question
On Sat, Jan 23, 2010 at 12:25 AM, Brian Chabot br...@datasquire.net wrote: Toying with a piece of trivia who's origin I no longer recall, I seem to recall that some DNS servers will treat an underscore as a dash. Yikes! That's disturbing. Domain names are supposed to be unique keys. I can confirm that ISC BIND 9.x named does *not* do this: $ dig TXT +short never_use_this.gnhlug.org. @liberty.gnhlug.org. Never use this name $ dig TXT +short never-use-this.gnhlug.org. @liberty.gnhlug.org. $ I can also say that the Comcast DNS resolvers I've got today do not monkey with the queries: $ dig TXT +short never_use_this.gnhlug.org. Never use this name $ dig TXT +short never-use-this.gnhlug.org. $ I tried doing a host lookup both ways and indeed the results were identical The detective in me has to point out that doesn't necessarily prove it's Amazon's *DNS* servers doing that. Their provisioning system might replace potentially problematic characters with dashes when creating DNS records. This distinction is mostly academic, but I think we're in that territory already. ;-) I don't know if Amazon's web server would agree, but their DNS servers seem to think they are the same. Well, both http://thingiverse_beta.s3.amazonaws.com/ and http://thingiverse-beta.s3.amazonaws.com/ respond with XML, but with different content -- the latter a not found sort of result. I'm not sure if that's the web server proper, or custom server-side software running behind it, that's getting confused. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Silly DNS question
Is an _ allowed in a DNS name? I didn't think so, and my home DNS proxy doesn't think so, but other networks seem fine with it. http://www.thingiverse.com/image:8662 Above is an example, where the image is stored by amazon at http://thingiverse_beta.s3.amazonaws.com/renders/fe/2a/15/49/75/0.5mm_single_wall_calibration_piece_display_medium.jpg I sent Makerbot an email about the use of the _, but I just wanted to make sure I wasn't wrong that _'s in a domain name aren't allowed, as their reserved for special use. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question
On Fri, Jan 22, 2010 at 11:50 AM, Thomas Charron twaf...@gmail.com wrote: Is an _ allowed in a DNS name? I didn't think so, and my home DNS proxy doesn't think so, but other networks seem fine with it. http://www.thingiverse.com/image:8662 Above is an example, where the image is stored by amazon at http://thingiverse_beta.s3.amazonaws.com/renders/fe/2a/15/49/75/0.5mm_single_wall_calibration_piece_display_medium.jpg I sent Makerbot an email about the use of the _, but I just wanted to make sure I wasn't wrong that _'s in a domain name aren't allowed, as their reserved for special use. I'm fairly certain that the spec says no, but there may be cases where certain DNS servers may take it to deal with dumb inhouse admins and old-names on machine names. I've tried in the past to register Domains with an underscore and the machine just laughed at me. -- ~ * ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question
On 01/22/2010 11:50 AM, Thomas Charron wrote: Is an _ allowed in a DNS name? I didn't think so, and my home DNS proxy doesn't think so, but other networks seem fine with it. http://www.thingiverse.com/image:8662 Above is an example, where the image is stored by amazon at http://thingiverse_beta.s3.amazonaws.com/renders/fe/2a/15/49/75/0.5mm_single_wall_calibration_piece_display_medium.jpg I sent Makerbot an email about the use of the _, but I just wanted to make sure I wasn't wrong that _'s in a domain name aren't allowed, as their reserved for special use. Underscore appears to be allowed in DNS, however, it does not appear to be legal in a hostname. From Wikipedia's interpretation of the RFCs: The Internet standards (Request for Comments http://en.wikipedia.org/wiki/Request_for_Comments) for protocols mandate that component hostname labels may contain only the ASCII http://en.wikipedia.org/wiki/ASCII letters 'a' through 'z' (in a case-insensitive manner), the digits '0' through '9', and the hyphen. The original specification of hostnames in RFC 952 http://tools.ietf.org/html/rfc952, mandated that labels could not start with a digit or with a hyphen, and must not end with a hyphen. However, a subsequent specification (RFC 1123 http://tools.ietf.org/html/rfc1123) permitted hostname labels to start with digits. No other symbols, punctuation characters, or blank spaces are permitted. While a hostname may not contain other characters, such as the underscore character (/_/), names entered into the DNS, may contain the underscore. Systems such as DomainKeys http://en.wikipedia.org/wiki/DomainKeys and service records http://en.wikipedia.org/wiki/SRV_record use the underscore as a means to assure that their special character is not confused with hostnames. For example, |_http._sctp.www.example.com| specifies a service pointer for an SCTP capable webserver host (www) in the domain example.com. A notable example of non-compliance with this specification, Windows systems often use underscores in hostnames. Entertaining reading. From http://en.wikipedia.org/wiki/Hostname -- Ted Roche Ted Roche Associates, LLC http://www.tedroche.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question (underscore in hostname)
After refreshing my memory here: http://en.wikipedia.org/wiki/Hostname ...which references (what appear to be) the relevant RFCs, I recall that underscores are definitely not legal, but the corner cases (and instances of blatant [cough]Microsoft[cough] disregard) are interesting... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question
Thomas Charron twaf...@gmail.com writes: Is an _ allowed in a DNS name? DNS-SD, DKIM, ADSP, and a whole bunch of other parts of the greater internet infrastructure think so--actually, they depend on it. But allowed is a long way away from in general good taste. I take _ in domains as being sort-of like backslashes in `English' and programming text; presumably, the reason that it got designed-into computing-architecture the way it did was because nobody in their right mind was supposed to have been using it casually. In fact, if I'm remembering this correctly..., the last time I looked at the DNS RFCs, using anything other than ASCII *alphanumerics and hyphens* was discouraged. Of course, this is coming from someone whose .signature is in UTF-8 -- Don't be afraid to ask (λf.((λx.xx) (λr.f(rr. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question
On Fri, Jan 22, 2010 at 11:50 AM, Thomas Charron twaf...@gmail.com wrote: Is an _ allowed in a DNS name? As usual, the real world is complicated. DNS != Internet The protocol part of DNS can handle an underscore just fine. Labels can include any character except a dot (.) or ASCII NUL. Underscores are not allowed in registered 2LD names. This is enforced by the registries. The RFCs say Internet hosts must have names containing only letter, digit, or dash (-) characters. Be aware that the controlling RFC predates DNS -- it dates from the days when naming was done by copying HOSTS.TXT around. The RFC is still applicable, but it lacks what would be helpful clarification as to how DNS's capabilities interact with this. Underscores are used to prefix SRV records, which are part of DNS. The underscore was chosen because it's nominally disallowed in Internet hostnames, and thus should avoid name collisions. ... http://thingiverse_beta.s3.amazonaws.com/ ... That would generally be considered non-compliant with the requirements for Internet hosts, even though DNS can handle it. Some software attempts to enforce the former despite the later. It's a matter of opinion who is right. Generally speaking, my advice would be to avoid using underscores in domain or host names, but if you're writing software, be prepared to handle them. Be conservative in what you send, be liberal in what you accept. (Jon Postel, The Robustness Principle) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question (underscore in hostname)
On Fri, Jan 22, 2010 at 12:15 PM, Michael ODonnell michael.odonn...@comcast.net wrote: ... and instances of blatant [cough]Microsoft[cough] disregard ... Not sure what you're after there. Windows allows underscores in the hostname. Linux also allows underscores in the hostname. There is no rule that says your hostname has to be exposed to the Internet. Windows 2000 and later warn you that things will break if you use underscores, and include options to reject them entirely. Microsoft does use underscores to prefix the DNS labels for SRV records, but since *the RFC says to do that*, I think that's a good thing. (I detest FUD, even if it's aimed at a target I also dislike.) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question
On Fri, Jan 22, 2010 at 1:39 PM, Ben Scott dragonh...@gmail.com wrote: That would generally be considered non-compliant with the requirements for Internet hosts, even though DNS can handle it. Some software attempts to enforce the former despite the later. It's a matter of opinion who is right. Interesting. My nameserver at home ends up telling me to bugger off. :-D Not sure which one, either our DNS forwarder, or the TDS nameservers. Will have to take a look. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question
On Fri, Jan 22, 2010 at 2:39 PM, Thomas Charron twaf...@gmail.com wrote: Interesting. My nameserver at home ends up telling me to bugger off. :-D Not sure which one, either our DNS forwarder, or the TDS nameservers. Will have to take a look. Some DNS software definitely has the option to fail queries for names which contain an underscore. For example, the MS-DNS server has a choice for either no name checking, reject non-ASCII characters but allow anything ASCII, or reject anything except alphanum-and-dash (which rejects underscore). -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question (underscore in hostname)
(I detest FUD, even if it's aimed at a target I also dislike.) (sigh) You're right. I could swear that just before I posted my comment I had read (parts of) a rant (with examples) about how Microsoft disregards the DNS hostname rules on the Internet, but maybe I was hallucinating - I now can't find anything like that anywhere on the WWW. Given Microsoft's history I've gotten into the habit of assuming any account of their misbehavior to be true but, of course, that isn't license to repeat crap. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question (underscore in hostname)
Michael ODonnell michael.odonn...@comcast.net writes: (I detest FUD, even if it's aimed at a target I also dislike.) (sigh) You're right. I could swear that just before I posted my comment I had read (parts of) a rant (with examples) about how Microsoft disregards the DNS hostname rules on the Internet, but maybe I was hallucinating - I now can't find anything like that anywhere on the WWW. Given Microsoft's history I've gotten into the habit of assuming any account of their misbehavior to be true but, of course, that isn't license to repeat crap. I remember that one of the changelog-entries for ISC dhcpd was: - Don't trust hostnames provided by client - Win95 allows *spaces* in client-supplied hostnames! Maybe that was it? -- Don't be afraid to ask (λf.((λx.xx) (λr.f(rr. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Silly DNS question
Thomas Charron wrote: On Fri, Jan 22, 2010 at 1:39 PM, Ben Scott dragonh...@gmail.com wrote: That would generally be considered non-compliant with the requirements for Internet hosts, even though DNS can handle it. Interesting. My nameserver at home ends up telling me to bugger off. :-D Not sure which one, either our DNS forwarder, or the TDS nameservers. Will have to take a look. Toying with a piece of trivia who's origin I no longer recall, I seem to recall that some DNS servers will treat an underscore as a dash. In an effort to test this theory, I tried doing a host lookup both ways and indeed the results were identical: $ host thingiverse_beta.s3.amazonaws.com thingiverse_beta.s3.amazonaws.com is an alias for s3-directional-w.amazonaws.com. s3-directional-w.amazonaws.com is an alias for s3-1-w.amazonaws.com. s3-1-w.amazonaws.com has address 72.21.202.194 $ host thingiverse-beta.s3.amazonaws.com thingiverse-beta.s3.amazonaws.com is an alias for s3-directional-w.amazonaws.com. s3-directional-w.amazonaws.com is an alias for s3-1-w.amazonaws.com. s3-1-w.amazonaws.com has address 72.21.202.194 Interesting. A dig resulted in similar answers. I don't know if Amazon's web server would agree, but their DNS servers seem to think they are the same. Brian -- --- | br...@datasquire.net Proprietor: http://www.JustWorksNH.com | | Computers and Web Sites that JUST WORK | | Work: +1 (603) 484-1461Home: +1 (603) 484-1469| --- ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
