Host namesThe definition of a host name is defined in rfc 952, but modified by rfc 1035, rfc 1123 and rfc 2181. The definition is unclear (e.g. should a label have minimum of one alphanumeric character or two). A minor issue is that it does not take account of IPv6 addresses. A major issue is that only one alphabetic character anywhere in a host name is sufficient to make it a host name rather than an IPv4 dotted decimal address. For example, rfc 1123 defines 138.25.1.22 as an IPv4 address, whilst allowing 138.25.l.22 as a host name. Clearly this is a security weakness. We propose that the last character of a host name MUST be an alphabetic character, which confirms the assumption made in rfc 1123. This means, for example, 138.25.22.1 is an IPv4 address, whilst 138.25.22.l is a host name. Whilst still difficult to tell apart, at least only one character must be examined.If thought useful we would propose that an rfc based on these clarifications and proposals be issued.Andy Simmonds, simmonds@it.uts.edu.au, 25 Oct 2006Summarizing how we believe rfc 952, 1035, 1123 and 2181 define a host nameA host name is a Fully Qualified Domain Name (FQDN), e.g. kakadu.it.uts.edu.au, whilst a hostname is the name of the computer, e.g. kakadu.<host name> ::= <label> | [<host name> "." <label>]<label> ::= <alphanumeric> | [<alphanumeric> <alphanumeric>] | [<alphanumeric> <alphanumeric+string> <alphanumeric>]<alphanumeric+string> ::= [<alphanumeric> | <"-">] | [<alphanumeric+string> [<alphanumeric> | <"-">] ]<alphanumeric> ::= <letter> | <digit><letter> ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case<digit> ::= any one of the ten digits 0 through 9Labels must start with a letter or digit, end with a letter or digit, and have as interior characters only letters, digits, and hyphens (i.e. no underline or blank characters). Labels must be 63 characters or less. A label must contain at least one alphanumeric character. Note that while upper and lower case letters are allowed in host names, no significance is attached to the case. That is, two names with the same spelling but different case are to be treated as if identical. A host name, or Fully Qualified Domain Name, must be 255 characters or less. Host software MUST handle host names of up to 63 characters and SHOULD handle host names of up to 255 characters.Whenever a user inputs the identity of an Internet host, it SHOULD be possible to enter either (1) a host name or (2) an IPv4 address in dotted-decimal ("#.#.#.#") form or (3) an IPv6 address as groups of 4 hexadecimal characters with colon separators. The host SHOULD check the string syntactically for an IPv4 or IPv6 number before looking it up in the Domain Name System. The presence of at least one colon is sufficient to identify an IPv6 address. A hostname must contain at least one letter to distinguish it from an IPv4 address in dotted-decimal form. It is currently assumed that the top level domain is alphabetic (e.g. the two character country code) and will be used in the host name.We propose that the last character of a host name MUST be an alphabetic character, which confirms the assumption made in rfc 1123.Note that the Domain Name System (DNS) is not restricted to mapping between host names and IP addresses. From rfc 2181, the DNS itself places only one restriction on the particular labels that can be used to identify resource records. That one restriction relates to the length of the label and the full name. The length of any one label is limited to between 1 and 63 octets. A full domain name is limited to 255 octets (including the separators). The zero length full name is defined as representing the root of the DNS tree, and is typically written and displayed as ".". Those restrictions aside, any binary string whatever can be used as the label of any resource record.
|
