Re: [squid-users] Proxy blocks underscore in hostname - DNS RFC2181 says undersc

From: Jason Roysdon <[email protected]>
Date: Thu, 22 Aug 2002 13:15:58 -0700

Ah, I believe I found the answer to my own question and on Microsoft's site,
no less:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/iis/deploy/depovg/CfgBIND.asp

"Active Directory Interoperability Issues with BIND 8

As shown earlier, Active Directory records contain underscores. There is a
prohibition on the use of underscore in hostnames (RFC 952, and 1123) and
mail domains (RFC 821), but the use of underscores is not prohibited in
domain names. Because underscores are allowed in domain names�and due to the
number and complexity of the records required by Active Directory�Microsoft
opted to use underscores in the domain name portion of the records to reduce
the possibility of Active Directory data conflicting with existing DNS data.
"

So underscore in hostnames is still not ok, but it is permitted in domain
names.

>Subject: [squid-users] Proxy blocks underscore in hostname - DNS RFC2181
>says underscore now valid, no?
>Date: Thu, 22 Aug 2002 13:00:09 -0700
>
>I just got an email from one of my users complaining that when using the
>Proxy he can't reach http://subscription_services.cmp.com but if he
>disables the proxy it works.
>
>My reply to him was:
>"Underscore in a hostname used to violate the DNS RFCs. The Proxy was just
>following the RFC.
>
>http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.8
>
>http://www.acmebw.com/askmrdns/archive.php?category=81&question=604
>
>The most recent DNS RFC 2181 is somewhat vague on what may be allowed, but
>basically any �binary string� is considered valid now, even though not all
>applications have implemented this:
>
>http://www.lucent.com/livelink/0900940380004a18_White_paper.pdf (search on
>underscore).
>"
>
>Can I get some feedback from the Squid folks? Is underscore (or any binary
>string) not valid now for DNS hostnames per RFC 2181? If so, can this
>change be made in the default compile of Squid? (I'm aware of the flag to
>compile and disable this check)?
>
>Jason Roysdon, CCDP/CCNP:Security, MCSE, CNA, Network+, A+
>Public email : jroysdon@hotmail.com
>Homepage : http://jason.roysdon.net/
>
>PS: Don't use a subject like that looks like spam, as your message will end
>up in my junk filter and never be read.
>
>
>_________________________________________________________________
>Join the world�s largest e-mail service with MSN Hotmail.
>http://www.hotmail.com

Jason Roysdon, CCDP/CCNP:Security, MCSE, CNA, Network+, A+
Public email : jroysdon@hotmail.com
Homepage : http://jason.roysdon.net/

PS: Don't use a subject like that looks like spam, as your message will end
up in my junk filter and never be read.

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
Received on Thu Aug 22 2002 - 14:16:00 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:48 MST