Checknames, Legal Hostnames

Previous page
Table of content
Next page

Formally, a domain name consists of labels connected with periods (.). For example, www.penguin.bv consists of three labels the leftmost label is also a hostname. Hostnames are more restricted than labels.

RFC 952 defines hostnames as consisting of the letters A Z, the numbers 0 9, the minus sign or dash (-), and the period. Periods are allowed as delimiters only in domain style names. The first character must be a letter, and the last character can't be a - or .. It also does not allow single-character names. RFC 1035 recommends following RFC 952 for hostname strings.

RFC 1123 changes one rule. It allows a digit as the first character. The obvious example here is http://3com.com. It also sets the maximum length of labels to 63 characters, but says that names up to 255 characters should be handled. Modern versions of this say that a label part should be restricted to 63 characters and that the complete FQDN of a host should not be longer than 255 characters.

RFC 1912 has its own opinions and adds, "Labels may not be all numbers." However, because RFC 1912 is an informational RFC, not a standards RFC, this has been largely ignored.

The trick then is to remember what a label is and what hostnames are. The restriction is on hostnames. Hostnames are on the left side of A and MX records, and on the right side of NS, SOA, PTR, SRV, and some other records. The left side of an SRV record is a label. This is why Windows 2000 can place SRV records with a slash (/) in their names into DNS, and why reverse zones for classless networks often have names with slashes in them. Slashes and underscores are not legal in hostnames.

As mentioned, BIND now enforces these restrictions. Earlier versions of BIND 4 did not enforce them, and a lot of interesting names were found in DNS at the time.

BIND 8 has an option to control these checks and how fatal they are. The default configuration is

 options {     …     check-names master fail;     check-names slave warn;     check-names response ignore;     … };

This means, of course, that if any illegal hostnames are found in your master zones, they will not be loaded. However, any illegal hostnames found in your slave zones result in warnings. This is good because you do not control the contents of your slave zones not always, anyway. You should send a friendly note to the master server administrator saying that illegal names exist in his (or her) zones, which are in need of fixing. Not checking the composition of what DNS returns to us when we query it is a good idea. It enables us to resolve names even if they are illegal.

It is, in spite of the option to allow everything, a good idea to stay on the right side of the RFCs. If you use illegal characters in hostnames, you risk people on the Internet (or even in your own company) being unable to resolve names because their resolver implementations are less graceful than yours. So, just say no to illegal names.

Previous page
Table of content
Next page
The Concise Guide to DNS and BIND
The Concise Guide to DNS and BIND
ISBN: 0789722739
EAN: 2147483647
Year: 1999
Pages: 183
Authors: Nicolai Langfeldt
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
C++ How to Program (5th Edition)
Cisco Voice Gateways and Gatekeepers
Information Dashboard Design: The Effective Visual Communication of Data
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy