Dňa 7. októbra 2024 6:42:28 UTC používateľ Viktor Dukhovni via mailop 
<mailop@mailop.org> napísal:
>One can reasonably take the view that U-labels are largely a matter of
>the user-interface (presentation) layer, the *real* domain name is the
>A-label form!  But users don't directly work with attrleaf names, these
>arise only internally in applications, and applications that support
>U-labels should convert names to A-label form *before* adding any
>attrleaf prefixes, as part of converting what the user typed to internal
>form.  Similarly, IDNA A-labels are converted to U-labels as part of
>displaying them to the user.

Yes, but the border between UI (user interface) andd app use can be
not as clear, consider this:

I have script to shows some info about IP, including its PTR name. That
is clearly UI, thus it shows decoded (U-label) form. From time to time
i am interested in details about PTR's name/domain, eg. its DMARC
record, thus i copy&paste that PTR name, prepend it by _dmarc and
voila, we have service record in UI...

Another case, where underscores causes problem are the PTR names
itself. I mostly inspect suspicious IPs/names (rejected/blocked and
so), thus (while not as common) i meet PTR with underscore. We
can state, that it is not valid char, we can complain, but it happens...

My main problem is, that i use aiodns for DNS in that script (as it is
minimalistic) and pycares doesn't care about decoding, Dnspython
does it, but i don't want to depend on both libs nor to switch library,
thus i have to decode PTR names by self. The idna is near to zero
documented, and its basic usage (as shown in readme) is not usable
in all cases.

When i send ASCII only name (no IDNA) to idna.decode(), it returns
it as is. That is what i am expecting from it, but it fails with these
underscores and that is not what i expect from such library, especially
that i cannot distinguish invalid char in ASCII-only label from that in
U-label...

I checked in depth how both, the pycares (aiodns backend) and the
dnspython does encoding, and both basically does the same, they
splits name to labels, then sends to idna only U-labels and finally
joins labels back (the dnspython does more checks). I am able now
to do that for decoding too, split, send to idna only R-LDH labels and
then join labels back, seems to work.

BTW, Cyrillic domain names are relative common PTRs for these
suspicious IPs. I checked .rus (no Cyrillic keyboard here) price and
it is about 2 €/year...

regards


-- 
Slavko
https://www.slavino.sk/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to