Odd behavior when clicking on internal link that is using a non-FQDN

Smith, William E. (Bill), Jr. Bill.Smith at jhuapl.edu
Fri Dec 2 12:50:59 UTC 2005 

As far as I know, the clients that initially reported the problem had
just jhuapl.edu listed in their suffix search order.  In my case, it was
jhuapl.edu and dom1.jhuapl.edu, neither of which would apply here, thus
piquing my interest even further about the whole scenario.  Point taken
re: fully qualifying domain names and agree with your stance as well
there.

- Bill

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Kevin Darcy
Sent: Thursday, December 01, 2005 6:48 PM
To: bind-users at isc.org
Subject: Re: Odd behavior when clicking on internal link that is using a
non-FQDN

What do your clients have as their "suffix search order" and/or
"connection-specific suffixes"? That's what determines how they resolve
shortnames.

If they're going through a web proxy, then you'd need to look at that
web proxy's resolution configuration in the same way.

This is one reason why shortnames are inherently evil. Just think if the
MacBidouille site was a Trojan Horse site that looked even passingly
like your internal "mbserv1" site: it could entice your users (at least
some of them -- the less observant ones) to authenticate to their site
and steal their passwords, which are likely to be the same passwords
they use for authenticating elsewhere. That could then be used to
leverage identity theft, unauthorized system access, etc. Using
fully-qualified domain names everywhere mitigates these security risks
as well as making for more efficient name resolution all around. I
realize I'm a voice in the wilderness here...

- Kevin

Smith, William E. (Bill), Jr. wrote:

>On one of our internal web pages, the following link is present, 
>http://mbserv1/pdp.  The server known as mbserv1 was shutdown about 2 
>months ago and is no longer present on our network.  Despite this, some

>users have reported that when clicking the link, they are taken to a 
>French site.  When I reproduced this problem, I was taken to the 
>following page.
>
>http://forum.macbidouille.com/index.php?showtopic=73116&st=90
>
>What exactly would be causing this?  My only guess is that it's related

>to the hostname not being fully qualified and the browser subsequently 
>trying to resolve the request by appending a myriad of other domain 
>names before it finally found a match with mbserv1.macbidouille.com, 
>which in turn takes you to the MacBidouille home page.  The obvious fix

>would be to fully qualify the domain name or better yet just remove the

>link altogether since it's no longer valid.  That said, I'm curious as 
>to what is causing this and even more curious as to why I'm taking 
>directly to the forum page when clicking on the internal link but to 
>the home page when going to http://mbserv1.macbidouille.com
>
>Bill Smith
><mailto:bill.smith at jhuapl.edu>
>ISS Server Systems Group
>Johns Hopkins University Applied Physics Laboratory 11100 Johns Hopkins

>Road Laurel, MD 20723
>Phone:  443-778-5523 
>Web:  http://www.jhuapl.edu    
>
>
>
>
>
>  
>

More information about the bind-users mailing list