-
Notifications
You must be signed in to change notification settings - Fork 425
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non leading underscore in Name::from_utf8 parsing fails #1904
Comments
In general my understanding is that underscores are forbidden for host names but may occur in domain names in other contexts as the DNS is general beyond host names. Notably there's a pattern of using a leading |
Thank you! I was under the impression that underscores are forbidden in host names but all other labels allow them. The leading underscore seems like more of convention that a hard requirement but maybe I'm wrong? For instance, Shopify now (newly?) requires creating a TXT record at Edit: or is this an opportunity to loosen the requirements of |
That makes it sound like you think "host names" is used to refer to the first label? I'm not sure that is the case. The aforelinked RFC 8552 section 1.1 (Scoped Interpretation of DNS Resource Records through "Underscored" Naming of Attribute Leaves) says:
RFC 952 ("DOD INTERNET HOST TABLE SPECIFICATION") says:
So I guess the way I understand it is that names generally probably allow underscore, but specifically names referring to an (IP?) endpoint would, I guess, not? It's not completely obvious to me if/how we should change the trust-dns-proto API based on these observations, though. |
Just in the case of Basically, from my reading, |
@bluejekyll curious about your thoughts on this! I feel like making |
Sorry, for the late response. When I implemented a lot of this stuff, I did it strictly... it turns out that in the wild people do things that aren't to the standard, and other nameservers/clients out there are much more flexible. I think that the end of the day, we're probably too strict and should just allow it. |
Basically the question becomes, do we want to restrict the name in some way in any record, or leave that up to the caller to determine if |
Thanks @bluejekyll! I actually think that sticking to the spec is ideal here. We do have a way to work around this using However, I couldn't find any RFC that definitively prohibits non-leading underscores. So I think we could improve the docs here to reference the relevant RFC sections and/or make this more lenient if there is no hard rule against non-leading underscores. Do we know that |
The problem is this notion of “hostname” vs. other names. We can’t know if something is a hostname or not, it’s a distinction that would only be in context from the API user. If that’s the case, then trust-dns shouldn’t try to determine if it’s a hostname or not. Is Shopify’s usage wrong? By my reading of the RFCs I’d say yes, but I can see someone else saying TXT records are never “host names” so therefor it’s ok. Which is why given their real world usage, I’m inclined to say that we’re being too strict. |
I think it's good material and precision that can end-up in this future RFC from NLnet labs https://github.com/NLnetLabs/draft-koekkoek-dnsop-zone-file-format, now it seems paused since they first do their own SIMD zone parser https://github.com/NLnetLabs/simdzone. Also seen at work (gandi.net registar) lot of record using either for TXT like SVCB/HTTPS records will also accept https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/
My reading leaded to this RFC: Scoped Interpretation of DNS Resource Records through "Underscored" Naming of Attribute Leaves Like @cpu aleady pointer in #1904 (comment) But also point to this one that try to fix-it-all: "DNS AttrLeaf Changes: Fixing Specifications That Use Underscored Node Names"https://www.rfc-editor.org/rfc/rfc8553.html Found via https://www.bortzmeyer.org/8553.html Checkout: https://www.rfc-editor.org/rfc/rfc8553.html#section-2 Sorry for the edits: last minute reading was worth editing myself. :) |
This allows DNS labels used for lookups to contain underscores, which may not be allowed as host names. Prevents false TempError result, which masks underlying "proto error: Label contains invalid characters: Err(Errors { invalid_mapping, disallowed_by_std3_ascii_rules })" See also hickory-dns/hickory-dns#1904 hickory-dns/hickory-dns#2009
This allows DNS labels used for lookups to contain underscores, which may not be allowed as host names. Prevents false TempError result, which masks underlying "proto error: Label contains invalid characters: Err(Errors { invalid_mapping, disallowed_by_std3_ascii_rules })" See also hickory-dns/hickory-dns#1904 hickory-dns/hickory-dns#2009
Hello. I'm wondering where I can find more information about this particular parsing logic:
https://github.com/bluejekyll/trust-dns/blob/5492bdedba3479b480fcb904844568fd82d12500/crates/proto/src/rr/domain/name.rs#L495-L512
Underscores are allowed at the beginning of a label but not anywhere else.
I couldn't find any mention of this in https://www.rfc-editor.org/rfc/rfc1035.html. Could anyone point me to the relevant rfc?
Thanks!
The text was updated successfully, but these errors were encountered: