IETF Logo Mail Archive

Re: [DNSOP] back to: Some distinctions and a request

Edward Lewis <edward.lewis@icann.org> Thu, 02 July 2015 12:51 UTC

Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83E891A1AC1 for <dnsop@ietfa.amsl.com>; Thu, 2 Jul 2015 05:51:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.43
X-Spam-Level:
X-Spam-Status: No, score=-3.43 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imFNJ7oE7z9J for <dnsop@ietfa.amsl.com>; Thu, 2 Jul 2015 05:51:20 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A1A11A1AD9 for <dnsop@ietf.org>; Thu, 2 Jul 2015 05:51:20 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Thu, 2 Jul 2015 05:51:18 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Thu, 2 Jul 2015 05:51:18 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: Hugo Maxwell Connery <hmco@env.dtu.dk>, Andrew Sullivan <ajs@anvilwalrusden.com>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] back to: Some distinctions and a request
Thread-Index: AQHQtK33drk+QB922UaqZ1na3WF2v53IVH0A
Date: Thu, 02 Jul 2015 12:51:17 +0000
Message-ID: <D1BAA21E.CA2E%edward.lewis@icann.org>
References: <6CB05D82CE245B4083BBF3B97E2ED470C27498@ait-pex01mbx01.win.dtu.dk>
In-Reply-To: <6CB05D82CE245B4083BBF3B97E2ED470C27498@ait-pex01mbx01.win.dtu.dk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.2.150604
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.234]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3518671874_528750"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/ySy9kCHzUlqK7tCIQXE34XEJQH8>
Subject: Re: [DNSOP] back to: Some distinctions and a request
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2015 12:51:22 -0000

On 7/2/15, 6:02, "DNSOP on behalf of Hugo Maxwell Connery"
<dnsop-bounces@ietf.org on behalf of hmco@env.dtu.dk> wrote:

>Hi,
>
>I think that Andrew's effort to distinguish between a domain name and
>a DNS name is useful.  It gives us some clear terminology to use to
>discuss domain names that wish to use a non-DNS name resolution
>method.

Until this message, I wasn't clear on Andrew's distinction - we have been
talking off-list for the past few days too.

To me a domain name is: a sequence of bits that, when rendered in hex
notation, can look like this:

0x03 0x61 0x62 0x63 0x07 0x65 0x78 0x61 0x6d 0x70 0x6c 0x65 0x00

That is what is sent over the wire, through ports and is deposited in
memory of name servers.  Note the lack of dots.  And this is why I can't
see a difference between domain names and DNS names.  To me, they are one
in the same.

This dates back to a discussion had while the labs I was in was developing
DNSSEC code.  Our boss (Russ Mundy) made the statement that there are two
versions of a domain name, on-the-wire and in-the-file and it was the
on-the-wire format that mattered.  Later in my career I worked with a firm
that developed it's own DNS code based on some legacy stuff from it's
start-up days.  The start-up operated on the in-the-file format,
converting to and from on-the-wire format constantly.  This was not a good
approach.

So when I hear "domain name" I think of the format that includes an octet
with flags and a number and then that number of octets of data,
terminating with a null octet.  What is seen in files is just a
transliteration of that, "abc.example." is just a conventional way to
represent the domain name above.

Now, if times have changed and a broader audience thinks "abc.example." is
a domain name, there's a need to document that.  In an old RFC there are
rules for representing a domain name in a file, rules that are
inconsistently understood and applied.  Maybe it's not times, it's
perspectives.  I'm coming up through the DNS, I didn't come across the DNS
from application space.

What I mean by rules inconsistently applied is a case of apparently
mis-aligned RFCs on ENUM.  In one RFC, domain names were presented as
conversions to ASCII and the other following the rules of the old RFC for
escaping characters.  Specifically, a back-slash was the issue, in one RFC
it was bare, in the the other escaped, and this difference caused
implementers of ENUM code headaches.

(I should look this up.  I lost the notes on that incident, but probably
can try to dig up the references.)

I'll ask this, are these (thought to be) domain names:

\097\098\099.example.  { 97 is the decimal equivalent of 'a' in RFC 20's
ascii table }

\a\b\c.example.

example.中国. {latter two characters are Chinese, meaning the country of
China}

现在我跟老婆住华盛顿可是以后我飞到IETF.练习 { a sequence of Chinese
charaters, IDNA2008 code
says label too long }

The latter is a placeholder for names that would be "too long" for the DNS
but otherwise look like, in a file, a domain name.  This is said to be
true in Tor's use.

I am not asking to be facetious.  I have had to deal with these questions
over the years.  The latter I have code to test because I'd been asked to
look at official names of geographic regions and whether what would
'appear' to be a domain name from that could possibly be carried across
port 53.

If there is a distinction to be made between domain names and DNS names,
the former needs to be defined first. What are the rules in an http:// or
ftp:// URL?  Colloquially I think the first name is a 'domain name' but I
have never been able to trace that down.  I doubt that the 'domain name'
there is ever processed in on-the-wire format (as I started with) until
the DNS stub resolver accepts the request and spits out something to a
recursive server at port 53 somewhere.

(This omits the other under-worldly distinction of what names are eligible
for registration, etc., which is a distinction I've had to deal with.  In
a world where one can write in any script with any kind of pen or pencil,
you have to know where do, um, draw, the line.  IDNA2008?  Punycode?
Different rules for different systems?  And, is the "domain" of the
problem all code, all protocols, or what's in common use on the global
public Interent?)

v2.23.0 | Report a Bug | By Email