Re: [PHP-DEV] Why does checkdnsrr() default to MX??
On 18 September 2014 20:29, Kris Craig kris.cr...@gmail.com wrote: Hey guys, I just spent some time troubleshooting what appeared to be a DNS issue before I realized that, absent the optional $type argument, checkdnsrr() defaults to MX. Can anybody explain why it's defaulting to MX and not ANY? It seems really counter-intuitive. --Kris This is a big wtf, especially since getmxrr() exists. A cursory search of github (not the best measure I know, but easy) reveals only a few cases where this function is called without the second argument, and every case I've found looks like they were expecting an A record, so this code is likely broken anyway. In other words, +1 to change this to something saner ASAP. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Why does checkdnsrr() default to MX??
On 19 September 2014 02:58, Chris Wright c...@daverandom.com wrote: On 18 September 2014 20:29, Kris Craig kris.cr...@gmail.com wrote: Hey guys, I just spent some time troubleshooting what appeared to be a DNS issue before I realized that, absent the optional $type argument, checkdnsrr() defaults to MX. Can anybody explain why it's defaulting to MX and not ANY? It seems really counter-intuitive. This is a big wtf, especially since getmxrr() exists. A cursory search of github (not the best measure I know, but easy) reveals only a few cases where this function is called without the second argument, and every case I've found looks like they were expecting an A record, so this code is likely broken anyway. In other words, +1 to change this to something saner ASAP. As an alternative, could we just make the type argument mandatory in PHP 7 and start issuing E_DEPRECATED warnings if it's omitted in 5.6 or 5.7? Adam -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Why does checkdnsrr() default to MX??
On Fri, Sep 19, 2014 at 10:24 AM, Adam Harvey ahar...@php.net wrote: On 19 September 2014 02:58, Chris Wright c...@daverandom.com wrote: On 18 September 2014 20:29, Kris Craig kris.cr...@gmail.com wrote: Hey guys, I just spent some time troubleshooting what appeared to be a DNS issue before I realized that, absent the optional $type argument, checkdnsrr() defaults to MX. Can anybody explain why it's defaulting to MX and not ANY? It seems really counter-intuitive. This is a big wtf, especially since getmxrr() exists. A cursory search of github (not the best measure I know, but easy) reveals only a few cases where this function is called without the second argument, and every case I've found looks like they were expecting an A record, so this code is likely broken anyway. In other words, +1 to change this to something saner ASAP. As an alternative, could we just make the type argument mandatory in PHP 7 and start issuing E_DEPRECATED warnings if it's omitted in 5.6 or 5.7? Adam I like both ideas. Adam's approach would be more inconvenient for developers, but it would also be less of a BC issue since merely changing the default could cause some existing code to fail silently as opposed to generating an error. On the other hand, I can't think of any such use case in which checking all DNS entries instead of just MX would cause any scripts to break. The only possible scenario I can think of would be if they're using dnsrr() to check if an MX record exists and hit a host that has an A record but not MX. That would cause it to return TRUE when they're expecting FALSE. I'll draft an RFC when I get a chance and include both options in it. --Kris
Re: [PHP-DEV] Why does checkdnsrr() default to MX??
On 19 September 2014 10:51, Kris Craig kris.cr...@gmail.com wrote: On Fri, Sep 19, 2014 at 10:24 AM, Adam Harvey ahar...@php.net wrote: As an alternative, could we just make the type argument mandatory in PHP 7 and start issuing E_DEPRECATED warnings if it's omitted in 5.6 or 5.7? I like both ideas. Adam's approach would be more inconvenient for developers, but it would also be less of a BC issue since merely changing the default could cause some existing code to fail silently as opposed to generating an error. On the other hand, I can't think of any such use case in which checking all DNS entries instead of just MX would cause any scripts to break. The only possible scenario I can think of would be if they're using dnsrr() to check if an MX record exists and hit a host that has an A record but not MX. That would cause it to return TRUE when they're expecting FALSE. I'm not a huge fan of silently making it ANY for the reason Sanford explained elsethread — it's a potential vector for amplification attacks. I also don't think it's unreasonable to expect developers to know what type of record they're interested in. :) I'll draft an RFC when I get a chance and include both options in it. Thanks! Adam -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Why does checkdnsrr() default to MX??
Hey guys, I just spent some time troubleshooting what appeared to be a DNS issue before I realized that, absent the optional $type argument, checkdnsrr() defaults to MX. Can anybody explain why it's defaulting to MX and not ANY? It seems really counter-intuitive. --Kris
[PHP-DEV] Why does checkdnsrr() default to MX??
ANY (*) requests are key to many DNS amplification attacks and may fail, even if the RR you want exists when individually requested. Such requests should be discouraged by clients, IMO. It's disappointing that PHP's dns_get_record() defaults to ANY. But more to the point, what is the client-side utility? You are basically flooding yourself if you make such requests -- what exactly are you going to do with the TXT records, NS records, the SOAs, the unknown types? This is just a ton of extraneous data, even if the overall payload is small. Maybe if you're building a PHP app whose sole purpose is to troubleshoot DNS. But if so I would sooner fork `dig`, since most likely you are trying to show people the results that a non-PHP app would see, so better to avoid any PHP bugs/specialness and miss any DNS features (such as new RR types and new DNS extensions). I don't think there's anything particularly askew in MX being the default for checkdnsrr() if you think of it as a cut-down generalization of getdnsmx(). Still I can't remember the last time my PHP apps cared only about whether an RR existed, not its value (our mail server cares about that of course when checking blacklists, and we care when we're troubleshooting... but not within PHP). And I've *never *wanted to get a true/false *if there is an RR of any type, *as opposed to a true/false if the domain exists at all in the public DNS. Can you explain the use case? -- Sandy
Re: [PHP-DEV] Why does checkdnsrr() default to MX??
On 18 September 2014 21:31:33 GMT+01:00, Sanford Whiteman figureone...@gmail.com wrote: ANY (*) requests are key to many DNS amplification attacks and may fail, even if the RR you want exists when individually requested. Such requests should be discouraged by clients, IMO. It's disappointing that PHP's dns_get_record() defaults to ANY. But more to the point, what is the client-side utility? You are basically flooding yourself if you make such requests -- what exactly are you going to do with the TXT records, NS records, the SOAs, the unknown types? This is just a ton of extraneous data, even if the overall payload is small. Maybe if you're building a PHP app whose sole purpose is to troubleshoot DNS. But if so I would sooner fork `dig`, since most likely you are trying to show people the results that a non-PHP app would see, so better to avoid any PHP bugs/specialness and miss any DNS features (such as new RR types and new DNS extensions). I don't think there's anything particularly askew in MX being the default for checkdnsrr() if you think of it as a cut-down generalization of getdnsmx(). Still I can't remember the last time my PHP apps cared only about whether an RR existed, not its value (our mail server cares about that of course when checking blacklists, and we care when we're troubleshooting... but not within PHP). And I've *never *wanted to get a true/false *if there is an RR of any type, *as opposed to a true/false if the domain exists at all in the public DNS. Can you explain the use case? -- Sandy Hi, I think you might need to take a deep breath, read through the mailing list guidelines [ http://git.php.net/?p=php-src.git;a=blob_plain;f=README.MAILINGLIST_RULES;hb=HEAD], and start again. Your post mentions three different functions, which have different purposes, and different default parameters, and demands that we provide a use case for something (I'm not clear what) because you've never needed it. I would say it is up to you to put forward a considered case for a change, not for everyone else to justify the status quo. What is it you are actually proposing or requesting here? To remove the ability of these functions to query ANY? To remove the default parameter so that people don't use ANY accidentally? Or to change the default value to something different? Bear in mind that any change needs to take into account compatibility with existing code, so removing or changing a default parameter requires a strong justification to offset the problems it may cause users. I hope this message doesn't sound too negative, and look forward to clarification of your thoughts. Regards, -- Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Why does checkdnsrr() default to MX??
On 18 September 2014 22:19:46 GMT+01:00, Rowan Collins rowan.coll...@gmail.com wrote: I hope this message doesn't sound too negative, and look forward to clarification of your thoughts. Apologies, I've just realised that that message wasn't in fact the beginning of the thread, so some of my comments are way off base. Out of context, it looked like a bit of a rant about how ANY could never be a useful option. Still, the only line that really addressed the question was this: I don't think there's anything askew in MX being the default for checkdnsrr() if you think of it as a cut-down generalization of checkdmsmx() (Sorry, that's not a direct quote because I'm having copy and paste issues.) Sorry again for the misunderstanding. -- Rowan
Re: [PHP-DEV] Why does checkdnsrr() default to MX??
I was just composing an e-mail advising you to follow general netiquette rules and read the original post. :) I disagree utterly that I did not sufficiently address the question. I addressed it in multiple ways: [1] ANY queries create extraneous traffic, so you want fewer PHP functions defaulting to them, not more; [2] ANY queries may fail, giving a false negative, when individual RRs would succeed; [3] An ANY query that only reduces to a *boolean *is a particular waste of energy and network traffic if you're trying to see whether a domain has any records, as you can use SOA for that, with no loss of fidelity; [4] *if* checkdnsrr() is generalized from dns_get_mx() that is another explanation I think [4] is actually my weakest point. -- S. On Thu, Sep 18, 2014 at 5:32 PM, Rowan Collins rowan.coll...@gmail.com wrote: On 18 September 2014 22:19:46 GMT+01:00, Rowan Collins rowan.coll...@gmail.com wrote: I hope this message doesn't sound too negative, and look forward to clarification of your thoughts. Apologies, I've just realised that that message wasn't in fact the beginning of the thread, so some of my comments are way off base. Out of context, it looked like a bit of a rant about how ANY could never be a useful option. Still, the only line that really addressed the question was this: I don't think there's anything askew in MX being the default for checkdnsrr() if you think of it as a cut-down generalization of checkdmsmx() (Sorry, that's not a direct quote because I'm having copy and paste issues.) Sorry again for the misunderstanding. -- Rowan
Re: [PHP-DEV] Why does checkdnsrr() default to MX??
... thought I just top-posted for the first time in, like, ever -- b/c I guess janky Gmail does that by default (I had to switch my subscribed address as php.net was deleting mail relayed through my ISP).
Re: [PHP-DEV] Why does checkdnsrr() default to MX??
On 18 September 2014 22:47:36 GMT+01:00, Sanford Whiteman figureone...@gmail.com wrote: I was just composing an e-mail advising you to follow general netiquette rules and read the original post. :) Yeah, for some reason your first message shows up as a standalone post, with no hint that it was a reply, so I completely missed the context. :/ I disagree utterly that I did not sufficiently address the question. Fair enough. I'll let others take up the conversation, before I dig myself in any deeper. Personally, I've never used *any* DNS functionality from PHP, so the whole thing is rather academic to me. Apologies again for any offence. -- Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
