httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Dean Gaudet)
Subject Re: security holes and other fun stuff
Date Tue, 16 Jul 1996 01:42:57 GMT
In article <>,
Alexei Kosut  <> wrote:
>Correct me if I'm wrong, but I thought I'd read somewhere that
>starting domain names with a number was in the "technically allowed,
>but we don't reccomend it, and we think it's a really bad idea, and if
>you do it, be warned that we're likely to make it illegal sometime
>soon" category.

I brought this up in february (you can check the mail archive) and this
is what happened:

Dean> mod_access shouldn't use isalpha(first_char) to distinguish ip vs.
Dean> name rules

Rob McCool> My understanding of Preferred Name Syntax (RFC 1034 or 1035
Rob McCool> I think) is that it is a valid assumption.
Rob McCool> Am I misreading something?

Dirk> :-( No it is not; one of the few exception areas where it is
Dirk> allowed to have a number as first; (quoting an explicit warning
Dirk> from the O'Reilly BIND/DNS book so not tooo authorative :-()

David Robinson> Yes, you must be misreading something. This is not
David Robinson> a valid assumption.  The restriction is that the last
David Robinson> component of a domain name must start with an alphabetic
David Robinson> character; thus "" _is_ a valid domain name.

... I'm actually not going to worry about it.  I'd rather see two
different directives (for performance and robustness reasons) one that
takes DNS names and one that takes network/netmasks.  I'll submit this.
(backwards compat of course)


View raw message