From owner-freebsd-stable@FreeBSD.ORG Tue Mar 25 21:23:31 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7329D37B401 for ; Tue, 25 Mar 2003 21:23:31 -0800 (PST) Received: from bsdi.dv.isc.org (c17249.carlnfd1.nsw.optusnet.com.au [210.49.138.109]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14C0943F3F for ; Tue, 25 Mar 2003 21:23:30 -0800 (PST) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [192.168.191.236]) by bsdi.dv.isc.org (8.12.8/8.12.8) with ESMTP id h2Q5NQbk002548; Wed, 26 Mar 2003 16:23:26 +1100 (EST) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.12.8/8.12.8) with ESMTP id h2Q5NFpE029121; Wed, 26 Mar 2003 16:23:15 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200303260523.h2Q5NFpE029121@drugs.dv.isc.org> To: David J Duchscher From: Mark.Andrews@isc.org In-reply-to: Your message of "Tue, 25 Mar 2003 22:51:44 MDT." Date: Wed, 26 Mar 2003 16:23:15 +1100 Sender: marka@isc.org X-Spam-Status: No, hits=-6.1 required=5.0 tests=AWL,IN_REP_TO,NO_REAL_NAME,QUOTED_EMAIL_TEXT,QUOTE_TWICE_1 autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: stable@freebsd.org cc: Mark_Andrews@isc.org cc: Terry Lambert Subject: Re: Resolver Issues (non valid hostname characters) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2003 05:23:35 -0000 X-List-Received-Date: Wed, 26 Mar 2003 05:23:35 -0000 > On Tuesday, March 25, 2003, at 09:53 PM, Mark.Andrews@isc.org wrote: > > > The current implementation fits this. It handles (accepts) > > garbage in and only returns (generates) clean respones to > > the application. > > > > Which I would say it not the intention of what being 'generous on what > you accept' to mean. IMHO, the maxim is to stop exactly what is > happening. We are being restrictive on what we return to the > application so things are breaking. I can't change the remote end so > communication does not flow. From my perspective, you advocating > being restrict on what you will accept and what you will send. This is a security matter. Sendmail was compromised due to lack of checking the results returned by gethostbyaddr(). get*by*() and get*info() enforce RFC 952 so that every application written doesn't have to validate the results returned. Allowing underscore (or IHN) is a API change and will potentially break applications that correctly depend upon get*by*() and get*info() filtering out the garbage. If you want to be liberal in what you accept bypass get*by*() and get*info() and call the resolver directly. > > If the resolver died receiving underscore you would something > > to complain about. Currently it just filters out ALL illegal > > responses. > > I can't talk to some hosts on the internet because FreeBSD will not > resolve the host name which over 99% of the host on the Internet will. > I guess that just doesn't matter. If the name contains a underscore it is not a hostname by definition. Nothing stops you talking to the DNS directly and entering IP literals. Mark > DaveD -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org