On Thu, Jan 25, 2018 at 10:10 AM, Tony Finch <d...@dotat.at> wrote: > (catching up on old messages) > > Warren Kumari <war...@kumari.net> wrote (and I liberally snipped): >> >> I publish this in my a zone: >> >> _is-ta-12345.example.com. 600 IN A 192.0.2.1 >> _is-ta-12345.example.com. 600 IN RRSIG A <valid signature> >> >> I now tell users to please browse to www.example.com, where I have a >> webpage which includes the following links: >> http://_is-ta-12345.example.com/ > > Isn't this going to cause problems with software that checks hostname > syntax? >
Good catch; I stumbled into this on Monday when setting up an example... BIND (for one) checks names with underscores, but only for A records: $ ~/src/code/scripts/ddns.sh > update add _tony.dnssec-example.com 600 IN A 127.0.0.1 check-names failed: bad owner '_tony.dnssec-example.com' > update add _tony.dnssec-example.com 600 IN CNAME www.example.com > ^c $ For this reason, when setting up my toy example I used CNAMES: $dig _is-ta-20236.dnssec-example.com ... ;; ANSWER SECTION: _is-ta-20236.dnssec-example.com. 30 IN CNAME ron.kumari.net. ron.kumari.net. 600 IN A 204.194.23.4 There is a (very incomplete) example at http://www.dnssec-example.com/ -- I had created this for some slides, and so the code favors length / clarity over prettiness. Also, the "invalid" part test doesn't work yet, because, well, BIND keeps resigning my "invalid.dnssec-example.com" record and making it valid :-) > Wouldn't it be better to use something like a double hyphen to avoid > collisions? Possibly, or using CNAMES. I (personally) liked the underscores as it separated this from the rest of the namespace, but the double hyphen also sounds like an interesting idea. What does the WG think? W > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode > Shannon, Rockall: Northwest backing south later, 5 to 7, occasionally gale 8, > decreasing 4 for a time. Very rough or high, becoming rough or very rough. > Showers, rain later. Mainly good. -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
