<div dir="ltr"><div>Guys and gals</div><div><br></div>The restriction on underscores is:<div>* for DNS - and may not apply to other naming systems (eg NIS, LDAP, NetBIOS)</div><div>* for hostnames - which has a specific meaning in the DNS standards</div><div><br></div><div>We shouldn't assume that a name in /etc/hosts or /etc/xymon/hosts.cfg is a hostname in a *DNS* sense. A name that's invalid in a DNS record might still be valid in /etc/hosts or /etc/hostname or wherever. I'm not arguing for a proposal to allow carte blanche, just to not be too restrictive due to our bias towards what we use ourselves (ie, DNS, and mostly DNS hostnames).</div><div><br></div><div>A DNS hostname is often associated with an "A" record, but not necessarily. The "hostname" part of a FQDN is *the name of a host*. This seems obvious, but it has (perhaps non-obvious) implications:</div><div><br></div><div>1) It's possible to have DNS domain names that are not hostnames. For example <a href="http://www.example.com">www.example.com</a> is often a *service* name, that may also happen to be the name of a host that runs a webserver, but it might not be a hostname at all. If it's a DNS hostname, then it cannot contain underscores; if it isn't a hostname, then it technically is permitted to contain underscores. When Microsoft developed Active Directory, it intentionally used underscores in *service* names (eg _ldap._<a href="http://tcp.example.com">tcp.example.com</a>, _sip._<a href="http://udp.example.com">udp.example.com</a>) because they could not legally be used as hostnames, thus ensuring there would be no name collisions with existing hostnames. (Such records are type SRV, in case anyone wants to look it up.)</div><div><br></div><div>2) DNS records that refer to hostnames cannot use underscores in the hostname part. For example, MX (mail exchange) records are required to point to hostnames, and so the right-hand-side of an MX record can not have underscores. The same probably applies to NS records. The same applies to CNAME records that refer to A records on the RHS. CNAMEs aren't always pointing at A records (eg one can have a CNAME point to a TXT record), but when they are, the RHS would not be compliant with an underscore.</div><div><br></div><div>That's a bit of a tangent, but it gives a bit more context, to help illustrate where underscores may or may not be used. In essence, there are a few situations where underscores are not permitted in DNS records, but there are plenty of places where they are.</div><div><br></div><div>In conclusion, I think we shouldn't be mandating hosts.cfg comply with *DNS* naming standards, and furthermore we shouldn't assume an entry in hosts.cfg is a hostname (vs a service name). However, I believe we should be cautious about what we permit within hosts.cfg (and other sources) to avoid triggering bugs and edge cases.</div><div><br></div><div>We should also consider the source if the hostname string. If we receive a string from within hosts.cfg, we should allow the sysadmin to shoot themself in the foot, if they feel they need to, because we can't predict their needs (although we probably want to detect and report obvious typos). On the other hand, if we receive a hostname string from a Xymon client or Xymon proxy, we should be cautious.</div><div><br></div><div>Johns's run-around with the CNAME-to-A chain works for an underscore in the CNAME label, at least in BIND DNS. But that doesn't mean it's standards-compliant, nor does it mean it will work with all DNS software. TBH I don't know enough to say that it's not compliant, because it's complicated. BIND will warn about all sorts of semantic problems in a zone, but many of them are accepted-with-warnings, and many others can be accepted by configuration options. RFC2181 specifically says that DNS servers should not refuse to serve a zone based on the make-up of labels in the zone. [<a href="https://tools.ietf.org/html/rfc2181#section-11">https://tools.ietf.org/html/rfc2181#section-11</a>]</div><div><br></div><div>In hosts.cfg, we're not necessarily using DNS names, so we should not force the sysadmin to use DNS-compatible names.</div><div><br></div><div>Cheers</div><div>Jeremy</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 6 Aug 2019 at 08:52, Richard L. Hamilton <<a href="mailto:rlhamil2@gmail.com">rlhamil2@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">You're probably right...but that's just sick, using a CNAME to make an end run around the A record restriction. :-)<br>
<br>
> On Aug 5, 2019, at 17:38, John Thurston <<a href="mailto:john.thurston@alaska.gov" target="_blank">john.thurston@alaska.gov</a>> wrote:<br>
> <br>
> Hang on. I don't think there is any prohibition on hostnames with underscores. There is a prohibition for *A Records* with underscores, but the character remains valid for use in other record types.<br>
> <br>
> A *hostname* of <a href="http://foo_1.bar.com" rel="noreferrer" target="_blank">foo_1.bar.com</a> is legal. It just can't be defined in a zone file as:<br>
> <a href="http://foo_1.bar.com" rel="noreferrer" target="_blank">foo_1.bar.com</a>. A 10.11.12.13<br>
> <br>
> but it could be defined as:<br>
> <a href="http://foo_1.bar.com" rel="noreferrer" target="_blank">foo_1.bar.com</a>. CNAME <a href="http://baz.bar.com" rel="noreferrer" target="_blank">baz.bar.com</a>.<br>
> <a href="http://baz.bar.com" rel="noreferrer" target="_blank">baz.bar.com</a>. A 10.11.12.13<br>
> <br>
> To a resolving client, the end result is the same (a name gets turned into an address).<br>
> <br>
> And I sure hope xymon would correctly handle a line in hosts.cfg<br>
> 0.0.0.0 <a href="http://foo_1.bar.com" rel="noreferrer" target="_blank">foo_1.bar.com</a> #<br>
> <br>
> <br>
> --<br>
> Do things because you should, not just because you can.<br>
> <br>
> John Thurston 907-465-8591<br>
> <a href="mailto:John.Thurston@alaska.gov" target="_blank">John.Thurston@alaska.gov</a><br>
> Department of Administration<br>
> State of Alaska<br>
> <br>
> On 8/5/2019 1:21 PM, Richard L. Hamilton wrote:<br>
>> Seems to me that underscore is mainly a problem with address 0.0.0.0 in hosts.cfg (name to IP address resolution via host naming services, esp. if that ends up being DNS). If an IP address in hosts.cfg is used, and the hostname there isn't used in some other way, I don't guess it would matter.<br>
>> Either a reminder in documentation (including in the hosts.cfg.5.html file) or a check and warning in case a name with underscore was used with non hosts.cfg resolution would probably keep people out of trouble; although underscores are wrong, they're widely tolerated in non-DNS hostnames, so I can see allowing them when they wouldn't cause further problems.<br>
> _______________________________________________<br>
> Xymon mailing list<br>
> <a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
> <a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br>
_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
</blockquote></div>