Search rules (was: Re: A-label definition)

Mark Andrews Mark_Andrews at isc.org
Wed Jun 25 00:13:26 CEST 2008


> --On Tuesday, 24 June, 2008 12:34 +0200 Patrik Fältström
> <patrik at frobbit.se> wrote:
> 
> > 
> > On 24 jun 2008, at 05.18, Mark Andrews wrote:
> > 
> >> If you have a host called 0x7f.0x01.example.com and
> >> a search list containg example.com the when someone attempts
> >> to telnet to 0x7f.0x01 it won't go to the address in the A
> >> record associated with 0x7f.0x01.example.com.
> > 
> > Can not someone write a draft that say "search lists are bad
> > for you"?
> 
> Written many years ago (I don't have the RFC number handy; Mark
> and Frank probably do).

	Default search lists (contructed by stripping labels) should
	have disappeared with RFC 1535 as should have applying the
	search list before the arguement by itself if it contains a
	period.

	Search lists themselves, when manually constructed, are
	very much in favour and we keep getting requests to increase
	the number of elements being supported.

	Search lists can also have bad interactions if the stopping
	criteria is not right.

	e.g.
	     libresolv stops on positive data.  This has interesting
	effects when the arguement matches one element for one query
	type and a different element for another query type.  "foo
	A", "foo AAAA" and "foo MX" can all end up refering to
	different fully qualified domains.  Additionally "foo.example.net
	AAAA" can end up matching "foo.example.net.<element> AAAA".

	This is a hangover from the pre-RFC 1535 behaviour, which I
	can only rationalise, as a mechanism to skip over wildcard
	records which didn't have the requested type.

	I'm on the hook to write something about this.

> > And then turn off the search list features in software....
> 
> While it is usually off by default these days, people keep
> discovering (or re-inventing) them.   Note that search lists, or
> variations on them that recognize particular labels and
> "promote" them, have become extremely popular with IDNs,
> especially to simulate IDN TLDs.  We also have searching
> implemented on both servers, in resolver-front-end code, and in
> various forwarders and DNS query interception systems.  It is
> not at all clear to me that introduction of IDN TLDs, when and
> if that occurs, will eliminate their use.
> 
> While I dislike DNS searching, I fear that getting rid of it is
> a lost cause.
> 
>     john

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the Idna-update mailing list