Underscores in hostnames (was Re: Message for Bind-users)

Jim Reid jim at rfc1035.com
Wed Jun 14 05:04:01 UTC 2000 

>>>>> "Kevin" == Kevin Darcy <kcd at daimlerchrysler.com> writes:

    >> McNair, Dan wrote:
    >> Correct me if I am wrong, but the underscore is not a legal
    >> character in any domain name.  This is not a limitation of
    >> BIND, it is a restriction imposed by the domain name standard.
    >> My guess is that there are both practical and historical
    >> reasons for the restriction.

    Kevin> There is no "practical" reason other than "this is the
    Kevin> standard we agreed to way back when and we're afraid to
    Kevin> change it because then we might break some lazy
    Kevin> programmers' code (possibly causing security holes, cancer,
    Kevin> famine, or maybe even global thermonuclear devastation)".

Any names that are in the DNS are by implication domain names. The DNS
protocol places almost no restrictions of the characters that can be
used: they can even be 8-bit or UTF-8. [Using dot "." or NULL in a
domain name is at best tricky and at worst impossible.] Now many of
the domain names in the DNS - not all of them! - refer to hostnames.
These have a much stricter character set to choose from. The
composition of a hostname is given in RFC1123, a *mandatory* RFC. It's
this RFC that says hostnames cannot contain underscores. Likewise,
names used for mail domains have to comply with RFC822 syntax, another
mandatory RFC.

BTW, the syntax from RFC1035 that someone quoted here eariler omitted
important and very relevant context:

	The DNS specifications attempt to be as general as possible in
	the rules for constructing domain names.  The idea is that the
	name of any existing object can be expressed as a domain name
	with minimal changes.

	However, when assigning a domain name for an object, the prudent
	user will select a name which satisfies both the rules of the
	domain system and any existing rules for the object, whether
	these rules are published or implied by existing programs.

	For example, when naming a mail domain, the user should
	satisfy both the rules of this memo and those in RFC-822.
	When creating a new host name, the old rules for HOSTS.TXT
	should be followed. This avoids problems when old software is
	converted to use domain names.

	The following syntax will result in fewer problems with many
	applications that use domain names (e.g., mail, TELNET).

So even from the earliest days of the DNS, it was recommended to stick
to the HOSTS.TXT syntax (slightly modified by RFC1123) when choosing
host names.

Underscores in hostnames did cause security problems. IIRC Apple's
TCP/IP code slavishly followed RFC1123 and choked on illegal
hostnames, including those that has underscores in them. So the IETF
leaned on the ISC to make BIND check for illegal names and reject them
by default.

More information about the bind-users mailing list