httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: cvs commit: apache-1.3/src/main http_vhost.c
Date Tue, 03 Feb 1998 00:12:45 GMT
On Mon, 2 Feb 1998, Dean Gaudet wrote:

> On Mon, 2 Feb 1998, Marc Slemko wrote:
> 
> > On Mon, 2 Feb 1998, Dean Gaudet wrote:
> > 
> > > On Mon, 2 Feb 1998, Marc Slemko wrote:
> > > 
> > > > "nslookup valis." should fail even though "nslookup valis" works.
> > > 
> > > "nslookup valid." should fail, because the trailing . is an anchor to the
> > > root, it avoids local search rules. 
> > 
> > Exactly, but the point is that to preserve this you can't just strip
> > trailing '.'s. 
> 
> Oh.  That's an excellent point.  Ugh.
> 
> Does anyone see a solution that doesn't involve the lame-ass DNS lookups
> that cause DoS? (the same ones that I'm trying to get rid of right now)
> 
> My head hurts.

There is no solution except drinking lots of beer, then you stop worrying
about it for some reason.

What we can do is say that we do _NOT_ allow normal DNS names in
(whereever we need to do this), but we require that they be in this (ie.
no names rooted by a trailing '.') form and we will do that (ie. strip or
not strip trailing '.'s) with them. 

Then we can do what we want and not be against any specs because we are
doing our own thing.  <g>

What we are stuck with is the fact that there is no canonical form for a
DNS name that can be found without doing lookups; you can argue that even
with lookups we can't.


Mime
View raw message