Re: what's a valid domain name?
In message <20110129053051.bad452d...@mail.nsbeta.info>, p...@mail.nsbeta.info w rites: > Barry Margolin writes: > > > In article , > > p...@mail.nsbeta.info wrote: > > > >> I googled and found this: > > > > It's on the Internet, so it must be true. :) > > > >> > >> * A domain name can be up to 63 characters long plus a dot plus the > >> characters used to identify the top-level domain (i.e "com", "info", "biz" > , > >> etc. > >> * Valid characters in a domain name include letters, numbers and > >> hyphens "-". The domain name must start and end with a letter or number. > >> > >> > >> So, for this domain name of > >> "www.xyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxy.com" > > >> whose size is larger than 64, is not a valid domain name? > >> > >> And is there a RFC item for a valid domain name? > > > > RFC 1035 section 3.1 says: "To simplify implementations, the total > > length of a domain name (i.e., label octets and label length octets) is > > restricted to 255 octets or less." > > > > The length of each label within a domain name is limited to 63 > > characters. > > > > Thanks for the kind info. Remember domain names are not the same things as hostnames. Hostnames are limited to letter digit hyphen (LDH). Other domain names are not limited and things last SRV records deliberately use labels that are not legal in hostnames to prevent collisions of the two namespaces when they are stored in the DNS. > Regards. > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: root hints
In message , Barry Mar golin writes: > In article , > Joseph S D Yao wrote: > > > [This does leave a security hole - if a root name server's IP changes, > > and a Bad Guy gets the old one; or on another internet, if the Bad Guy > > gets all the IP addresses in the default file. It's not just lust for > > control that has me using a visible root hints file.] > > I'm sure the folks who run these networks are quite aware of this > danger. If a root server changes, I'll bet it will be several years > before the old address goes to some other organization. > > How would a Bad Guy get these blocks, anyway? Since when do > organizations return IP blocks. > > And if you check the registrations, several of them are assigned > specifically to reserve the blocks for root servers. Presumably the > intent is that even if the organizations operating them change, the IPs > shouldn't -- they simply route the IPs to someone else. > > inetnum:202.12.27.0 - 202.12.27.255 > netname:NSPIXP-2 > descr: root DNS server > > NetRange: 199.7.83.0 - 199.7.83.255 > CIDR: 199.7.83.0/24 > OriginAS: AS20144 > NetName:L-ROOT > > -- > Barry Margolin, bar...@alum.mit.edu > Arlington, MA > *** PLEASE don't copy me on replies, I'll read them in the group *** > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users And one can always turn on DNSSEC and then it doesn't matter which server gives you the information. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: cache server with authoritative answer
In article , p...@mail.nsbeta.info wrote: > The book "Pro DNS and BIND" says: > > If the caching server obtains its data directly from an authoritative DNS, > then it too will respond as authoritative. Ohterwise, if the data is > supplied from its cache, the response is nonauthoritative. > > So this means even for a cache only server it can answer with authoritative > response? I have been thinking the cache only server shouldn't do this. BIND 4 worked this way, but I think it was changed in BIND 8. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: root hints
On Fri, Jan 28, 2011 at 11:12:29PM -0500, Barry Margolin wrote: ... > I'm sure the folks who run these networks are quite aware of this > danger. If a root server changes, I'll bet it will be several years > before the old address goes to some other organization. ... Yah, I know. May not be true on some private internets, tho. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: what's a valid domain name?
As noted before, RFC 1035 set some specifications. But there were a number of clarifications and changes, notably RFC 1123 and RFC 2181. So, Pyh, your quote is not quite correct today. The first part never was - it only refers to second-level domains. The second part is correct for hostnames only. RFC 1035: ::= [ [ ] ] ::= | ::= | "-" ::= | ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case ::= any one of the ten digits 0 through 9 Note that while upper and lower case letters are allowed in domain names, no significance is attached to the case. That is, two names with the same spelling but different case are to be treated as if identical. The labels must follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. There are also some restrictions on the length. Labels must be 63 characters or less. [Joe note: but see RFC 1123 below.] RFC 1123: 2.1 Host Names and Numbers The syntax of a legal Internet host name was specified in RFC-952 [DNS:4]. One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax. Host software MUST handle host names of up to 63 characters and SHOULD handle host names of up to 255 characters. RFC 2181: 11. Name syntax Occasionally it is assumed that the Domain Name System serves only the purpose of mapping Internet host names to data, and mapping Internet addresses to host names. This is not correct, the DNS is a general (if somewhat limited) hierarchical database, and can store almost any kind of data, for almost any purpose. The DNS itself places only one restriction on the particular labels that can be used to identify resource records. That one restriction relates to the length of the label and the full name. The length of any one label is limited to between 1 and 63 octets. A full domain name is limited to 255 octets (including the separators). The zero length full name is defined as representing the root of the DNS tree, and is typically written and displayed as ".". Those restrictions aside, any binary string whatever can be used as the label of any resource record. Similarly, any binary string can serve as the value of any record that includes a domain name as some or all of its value (SOA, NS, MX, PTR, CNAME, and any others that may be added). Implementations of the DNS protocols must not place any restrictions on the labels that can be used. In particular, DNS servers must not refuse to serve a zone because it contains labels that might not be acceptable to some DNS client programs. A DNS server may be configurable to issue warnings when loading, or even to refuse to load, a primary zone containing labels that might be considered questionable, however this should not happen by default. Note however, that the various applications that make use of DNS data can have restrictions imposed on what particular values are acceptable in their environment. For example, that any binary label can have an MX record does not imply that any binary name can be used as the host part of an e-mail address. Clients of the DNS can impose whatever restrictions are appropriate to their circumstances on the values they use as keys for DNS lookup requests, and on the values returned by the DNS. If the client has such restrictions, it is solely responsible for validating the data from the DNS to ensure that it conforms before it makes any use of that data. See also [RFC1123] section 6.1.3.5. [Joe note: I think the section number is incorrect.] -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Recursive DNS problem
On Fri, Jan 28, 2011 at 10:52:42AM +0800, bangla desh wrote: ... > I am wondering, is there a dns rule/standard (or RFC) that explains about > delegation? Here are some simple rules for DNS delegation. [If I have oversimplified, the generous souls on this mailing list will let me know!] (1) All publicly available authoritative name servers for a zone on the same internet MUST serve identical copies of the domain. [Split DNS is excepted, I think, by the modifiers.] (2) Not all authoritative name servers must be listed in NS records in the zone, but enough should be that the zone is available whenever any members of the zone are available. [This is not a technical requirement, it is merely prudent.] (3) The list of name servers (NS records) in the delegating (parent) zone MUST be identical to the list of name servers in the zone itself. (4) The delegating (parent) zone MUST have "glue" A records for any name server names that are in that zone itself or any "descendant" zones, but MUST NOT for any non-descendant name server names. For example: zone "example.int" is delegating "bd.example.int". The name servers are "ns.example.int", "ns.bd.example.int", "ns.support.in.example.int", and "ns.example.seato.int". The first one would have an A record in the delegating zone anyway. The second two MUST have "glue" A records because they both are in "descendant" zones. The last MUST NOT have a glue "A" record because it is NOT a descendant. (5) Any changes in the name servers of the delegated zone MUST be communicated freely between delegator and delegatee before the change, with a mutually agreed-on time to make the change (and using decreased TTLs etc. as usual with such a change). -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: what's a valid domain name?
Mark Andrews writes: Remember domain names are not the same things as hostnames. Hostnames are limited to letter digit hyphen (LDH). Other domain names are not limited and things last SRV records deliberately use labels that are not legal in hostnames to prevent collisions of the two namespaces when they are stored in the DNS. Could you show an example for the difference between a hostname and a domain name? Thanks again. Regards. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: what's a valid domain name?
Joseph S D Yao writes: The labels must follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. There are also some restrictions on the length. Labels must be 63 characters or less. A label must start with a letter? oh I don't think so. How about these domains which all have huge DNS traffic? 163.com 126.com 51.com 56.com yes 163.com is a domain name but "163" also can be treated as a label for domain "com.", is it? Thanks. Regards. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: what's a valid domain name?
In message <20110130013241.dff772d...@mail.nsbeta.info>, p...@mail.nsbeta.info wri tes: > Mark Andrews writes: > > > > Remember domain names are not the same things as hostnames. Hostnames > > are limited to letter digit hyphen (LDH). Other domain names are not > > limited and things last SRV records deliberately use labels that are > > not legal in hostnames to prevent collisions of the two namespaces when > > they are stored in the DNS. > > > > Could you show an example for the difference between a hostname and a > domain name? _http._srv.example.com is not a hostname but is a domain name. example.com is a hostname and a domain name. > Thanks again. > > Regards. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users