[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-eastlake-2606bis-00.txt: Suggestions for modifications

# I must be feeling rather uncharitable today.

welcome.

# ...
# We (the IETF, which has protocols ranging from layers 2 to 7) have defined
# protocols which break in the presence of all-numeric hostnames; if you can
# put the following record into the DNS:
# 
#   129.241.1.99.   A    158.38.152.233
# 
# two reasonable interpretations of the HTTP spec can end up querying two
# different webservers for the URL
# 
#   http://129.241.1.99/proof-of-concept.html
# 
# just to give one example.
# 
# That is, in my book, a problem, and should be fixed.

it's a problem, yes.  maybe it should be fixed.  maybe the fix is in dns
rather than in http.  maybe it just needs to be documented and recommended
against?

# If there is a rule about numeric TLDs not being allowed, this problem is
# fixed once, and for all protocols with this problem.

if only that were true.  consider RFC 1535.  this isn't just a TLD problem
unless you think browsers won't use domain-suffix search lists or you think
users will put a "." at the end of the dotted-quad-thing.

# If not, each and every protocol needs updating with its own "tie-breaker
# rule" - that's stupid.
# 
# It's possible to write that rule in many different forms.
# But I think it's the IETF's job to pick one.

when did the ietf community start ruling by law rather than leading by
recommendations?  can't we just say "any application or library which
does DNS lookups to translate presentation-layer endpoint identifiers
into network-layer endpoint identifiers should take care to avoid doing
DNS lookups for presentation-layer content which is syntactically valid
as an IPv4 or IPv6 host name"?  we can leave open the possibility that
the conversion will be done using string arithmetic or not, but what we
really care about is that a DNS lookup not be made for such names.  we
do NOT have to say that the lookup is undefined or invalid, since that
would mean defining which domain names are "hostnames", which i'd regard
as an overspecification.  we just have to recommend that the queries not
be made.

that would also help reduce the unwanted traffic on the root name servers,
assuming that a lot of end systems were upgraded to follow this
recommendation.

note that bind's gethostbyname() has had this logic for some years now:

                                /*
                                 * All-numeric, no dot at the end.
                                 * Fake up a hostent as if we'd actually
                                 * done a lookup.
                                 */
                                if (!inet_aton(name, &host_addr)) {
				   ...

(that's from bind4's gethnamaddr.c file, similar stuff is in bind8/bind9.)

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>