Date: Wed, 26 Mar 2003 16:23:15 +1100 From: Mark.Andrews@isc.org To: David J Duchscher <daved@nostrum.com> Cc: Terry Lambert <tlambert2@mindspring.com> Subject: Re: Resolver Issues (non valid hostname characters) Message-ID: <200303260523.h2Q5NFpE029121@drugs.dv.isc.org> In-Reply-To: Your message of "Tue, 25 Mar 2003 22:51:44 MDT." <A4C37B8C-5F46-11D7-9839-0003930B3DA4@nostrum.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tuesday, March 25, 2003, at 09:53 PM, Mark.Andrews@isc.org wrote: > > > The current implementation fits this. It handles (accepts) > > garbage in and only returns (generates) clean respones to > > the application. > > > > Which I would say it not the intention of what being 'generous on what > you accept' to mean. IMHO, the maxim is to stop exactly what is > happening. We are being restrictive on what we return to the > application so things are breaking. I can't change the remote end so > communication does not flow. From my perspective, you advocating > being restrict on what you will accept and what you will send. This is a security matter. Sendmail was compromised due to lack of checking the results returned by gethostbyaddr(). get*by*() and get*info() enforce RFC 952 so that every application written doesn't have to validate the results returned. Allowing underscore (or IHN) is a API change and will potentially break applications that correctly depend upon get*by*() and get*info() filtering out the garbage. If you want to be liberal in what you accept bypass get*by*() and get*info() and call the resolver directly. > > If the resolver died receiving underscore you would something > > to complain about. Currently it just filters out ALL illegal > > responses. > > I can't talk to some hosts on the internet because FreeBSD will not > resolve the host name which over 99% of the host on the Internet will. > I guess that just doesn't matter. If the name contains a underscore it is not a hostname by definition. Nothing stops you talking to the DNS directly and entering IP literals. Mark > DaveD -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303260523.h2Q5NFpE029121>