[tor-bugs] #16430 [Tor]: tor relay rejecting DNS names containing underscore

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 24 00:27:26 UTC 2015


#16430: tor relay rejecting DNS names containing underscore
---------------------------+--------------------------
     Reporter:  starlight  |      Owner:
         Type:  defect     |     Status:  new
     Priority:  normal     |  Milestone:
    Component:  Tor        |    Version:  Tor: 0.2.6.9
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+--------------------------

Comment (by yawning):

 > It appears the prohibition against use of underscore characters in DNS
 names is canonical rather than
 a hard rule enforced by the DNS system. The below DNS names are rejected
 by tor though they resolve properly.

 It's not enforced by the DNS system on the server side because RFC 2181
 says that DNS servers must serve broken zones.  I'm indifferent here for
 the most part except that Tor should reject obviously malformed queries as
 early as possible to minimize network use.

 RFC 1912:
 {{{
    Allowable characters in a label for a host name are only ASCII
    letters, digits, and the `-' character.  Labels may not be all
    numbers, but may have a leading digit  (e.g., 3com.com).  Labels must
    end and begin only with a letter or digit.  See [RFC 1035] and [RFC
    1123].  (Labels were initially restricted in [RFC 1035] to start with
    a letter, and some older hosts still reportedly have problems with
    the relaxation in [RFC 1123].)  Note there are some Internet
    hostnames which violate this rule (411.org, 1776.com).  The presence
    of underscores in a label is allowed in [RFC 1033], except [RFC 1033]
    is informational only and was not defining a standard.
 }}}

 RFC 2181:
 {{{
    Note however, that the various applications that make use of DNS data
    can have restrictions imposed on what particular values are
    acceptable in their environment.  For example, that any binary label
    can have an MX record does not imply that any binary name can be used
    as the host part of an e-mail address.  Clients of the DNS can impose
    whatever restrictions are appropriate to their circumstances on the
    values they use as keys for DNS lookup requests, and on the values
    returned by the DNS.
 }}}

 Someone should e-mail the New York Times and tell them that their zone
 file is busted, because things like: `core3_euw1.fabrik.nytimes.com. 3600
 IN     A       54.229.241.196` is broken and horrible.  Yes, things like
 DomainKeys use `_` in `CNAME` records, but when a `CNAME` is (eventually)
 pointing to an `A` or `AAAA` record, it needs to follow the hostname
 rules, which is the situation that's relevant to Tor's SOCKS proxy.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16430#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list