> On 5 Nov 2021, at 07:11, Grant Taylor via bind-users > <bind-users@lists.isc.org> wrote: > > On 11/4/21 1:27 PM, Bruce Johnson via bind-users wrote: >> named-checkconf -z revealed a name had been entered with underscores. The >> person responsible has been sacked. (not really, merely reminded no >> underscores are allowed in A records :-) > > You might want to apologize to them. > > Underscores are legitimate in DNS record owner names, despite the > disagreement of their use in hostnames. > > Underscores are used in _acme-challenge.<domain name>, TLSA records > _25._tcp._smtp.<domain name>, and DMARC _dmarc.<domain name> to name a few > legitimate uses. (from a quick `fgrep dig $HISTFILE | fgrep _`) > > Remember, DNS is (a lot more) than /just/ hostnames.
If the policy is no underscores in A record then there is nothing to apologise for. Additionally publishing A records with non LDH owners and expecting them to work in the context of address lookups is asking for trouble. Sane software checks responses from the DNS. There are lots of security issues if you don’t. https://storage.googleapis.com/site-media-prod/meetings/NANOG83/2399/20211101_Jeitner_Injection_Attacks_Reloaded__v1.pdf > -- > Grant. . . . > unix || die > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
