Re: [DNSOP] Another look - draft-ietf-dnsop-attrleaf-05.txt

John C Klensin <> Mon, 26 March 2018 20:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 90EF81276AF; Mon, 26 Mar 2018 13:21:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Rp3C6IOY78zu; Mon, 26 Mar 2018 13:21:42 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2A5E7126CC4; Mon, 26 Mar 2018 13:21:41 -0700 (PDT)
Received: from [] (helo=PSB) by with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <>) id 1f0Ycd-000HpW-QT; Mon, 26 Mar 2018 16:21:39 -0400
Date: Mon, 26 Mar 2018 16:21:33 -0400
From: John C Klensin <>
Message-ID: <C10EFF0FB6AC68625A75D485@PSB>
In-Reply-To: <>
References: <> <> <> <> <> <alpine.OSX.2.21.1803211104210.9553@ary.local> <> <5F44FA5B42805C52479DE491@PSB> <> <1DF1564CC2B88726B2B54CF4@PSB> <> <32837C4DF5CB5BDD00DAD0FD@PSB> <>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Archived-At: <>
Subject: Re: [DNSOP] Another look - draft-ietf-dnsop-attrleaf-05.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Mar 2018 20:21:44 -0000

(top post) 


I identified that issue as a nit deliberately.  This is a WG
document and I believe the document would be improved if a less
strong assertion were made, just because the issues of what,
exactly, a "host" is for DNS purposes and what it can be called
has been a source of controversy among those who seem to enjoy
such discussions for about as long as I can remember. Trying to
address that issue through this document is unnecessary and has
a bit of a "side effect" feel to it -- it would be sufficient to
say that there is a convention about using leading underscore
followed by a keyword with some RRTYPEs and then move on.

To answer your specific question, RFC 2181, Section 11, says
"...any binary string whatever can be used as the label of any
resource record."  I have not checked as to whether one of the
many updates to that document modifies that statement, but the
point is that 
   _tcp IN A
is a perfectly valid record, whether it identifies a "host" or
not.  It just doesn't have any special interpretation there
because there is no special namespace for "_" keywords
associated with the "A" RRTYPE.

Yes, that means that the use of leading underscores as a
contention is a risk, just as the use of "xn--" to identify the
need for IDNA processing is a risk.  In practice, the risks have
proven to be low for both.  Maybe they are lower for "_" because
the label strings are interpreted only in the context of
specific label types, but that is just one more argument for
binding the concept of a namespace for these names to the
RRTYPE, not global, RRTYPE-independent, use of the DNS.

However, I certainly don't have the time or energy to turn the
validity of hostnames into a long, drawn-0ut, debate.    It is
not, IMO, a really serious error in the context of this
document, at least unless a explanatory statement made here is
cited later as an authoritative definition.   If no one else in
the WG cares about it, so be it.


--On Monday, March 26, 2018 09:54 -0700 Dave Crocker
<> wrote:

> On 3/26/2018 9:14 AM, John C Klensin wrote:
>> (1) The text in Section 1.1 says
>> 	'the DNS rules for a "host" (host name) are not allowed
>> 	to use the underscore character... legal host names
>> 	[RFC1035]'
>> 1035 does not say that.  Its section 2.3.1 is about what is
>> preferred, not what is required (or "legal").  It says
>> "should"
> Note that when that spec was written, we didn't have such
> precise and rigid vocabulary rules.
> But RFC 1123 should be cited, especially since it has more
> forceful language: "The syntax of a legal Internet host name".
> (RFC6055 seems to have missed the import of 'legal'.)
>> and "preferred", but there is no requirement.  As far as I
>> know, there has never been a serious attempt to turn that
>> preference into a requirement.  Indeed, RFC 8121 says exactly
>> the opposite
> Please cite the specific text in that RFC you are referencing.
>> and, if there were a prohibition, RFC 6055 would have been
>> largely unnecessary.
> Overall, it appears that your claim is that the underscore
> naming convention is predicated on an erroneous interpretation
> of 'hostname' restrictions.  As such, the entire activity is
> broken.
> d/