Re: [exim] problem with certain DNS lookups for NS records

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: g
CC: exim-users
Subject: Re: [exim] problem with certain DNS lookups for NS records
On Mon, 6 Feb 2006, g wrote:
>
> That is CNAMES and Zones can have a slash in their value, while a
> slash is not allowed in a domain name.


Your terminology is mixed up. Domain names can have any characters in
them. Hostnames (which resolve to A or AAAA records) and mail domains
(which resolve to MX records) are subsets of domain names which have a
restricted syntax.

The problem is that RFC 2317 suggested that people make use of the less
restricted syntax of non-hostname non-mail-domain names, despite the
likelihood of compatibility problems, and some hostmasters didn't take
heed of the warning paragraph:

Some DNS implementations are not kind to special characters in domain
names, e.g. the "/" used in the above examples. As [RFC 2181] makes clear,
these are legal, though some might feel unsightly. Because these are
not host names the restriction of [RFC 952] does not apply. Modern clients
and servers have an option to act in the liberal and correct fashion.
The examples here use "/" because it was felt to be more visible and
pedantic reviewers felt that the 'these are not hostnames' argument
needed to be repeated. We advise you not to be so pedantic, and to
not precisely copy the above examples, e.g. substitute a more
conservative character, such as hyphen, for "/".

> > You can fix this by setting dns_check_names_pattern. I wonder if I
> > should change the default to include slashes?
>
> only for CNAME results (but you do not check names on the results already), NS
> and PTR keys and ZONE names (but there is no place where to specify a zone in
> exim).


NS records are zone names :-)

> I would then limit it to NS and PTR.
> I am not sure changing it with dns_check_names_pattern would be a good idea as
> a slash in all other cases is illegal as far as I can tell.
> (http://a/test.humph.com/ !)


I agree. The more relaxed syntax check should probably be a separate
option.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}