[Xymon] Hostname validation (was Re: Xymon 4.3.29 Released - Important Security Update)

Tue Aug 6 01:04:12 CEST 2019

I did not mean for this to get into a debate.  The systems I am monitoring with Xymon do not have underscores in their hostnames but many have the hyphen.  When I queried my companies DNS server, a few CNAME records have underscores, but no A records have an underscore.  Xymon could monitor a system using a CNAME record, so IMHO it should still allow it for the reporting and history features.

Tom Schmidt
Sr Manager, IT, Product Engineering
IT ETD Eng Sites US
Micron Technology, Inc.
Office: +1 (208) 368-4058  Fax: (208)368-2807
Email: tschmidt at micron.com  Website: micron.com
Micron Technology, Inc., Confidential and Proprietary.

-----Original Message-----
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Axel Beckert
Sent: Monday, August 5, 2019 3:48 PM
To: xymon at xymon.com
Subject: [EXT] Re: [Xymon] Hostname validation (was Re: Xymon 4.3.29 Released - Important Security Update)

Hi,

On Mon, Aug 05, 2019 at 05:21:33PM -0400, Richard L. Hamilton wrote:
> Seems to me that underscore is mainly a problem with address 0.0.0.0 
> in hosts.cfg (name to IP address resolution via host naming services, 
> esp. if that ends up being DNS). If an IP address in hosts.cfg is 
> used, and the hostname there isn't used in some other way, I don't 
> guess it would matter.

Hmmm, indeed
https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FDomain_Name_System%23Domain_name_syntax%2C_internationalization&data=02%7C01%7Ctschmidt%40micron.com%7C7bdb890c737b4e9b908708d719eea31b%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C637006385051444790&sdata=Uo0pyo9e0AkeTihN9nPvLDW%2BizoaHNpp%2BCEuIFBkcVI%3D&reserved=0
as well as RFC 608, 810 and 952 say that no other characters than letters, digits and hyphens are allowed.

I'm though quite sure to already have seen hostnames with underscore and even a slash in the wild. The latter was though about 20 years ago or so where I saw router names of a university with a slash in their hostname.

Traces of hostnames with slashes can also be found on the web, e.g.
https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fserverfault.com%2Fquestions%2F963735%2Fsyslog-ng-hostnames-with-slashes&data=02%7C01%7Ctschmidt%40micron.com%7C7bdb890c737b4e9b908708d719eea31b%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C637006385051444790&sdata=YCiH8mRaATsBxF8w9APxCcYMdi81zSz1tzD2JnhWkZY%3D&reserved=0

And underscore is explicitly mentioned in
https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FHostname%23Restrictions_on_valid_hostnames&data=02%7C01%7Ctschmidt%40micron.com%7C7bdb890c737b4e9b908708d719eea31b%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C637006385051444790&sdata=2TieCKA%2F1VVIIEMVdm7A3hU5q2CDggPp0b2R%2B9iEzhE%3D&reserved=0

So IMHO while not being standard-compliant hostnames, Xymon should accept at least hostnames with underscore, too.

On the other hand, I don't think, it's necessary to also add the slash to the list of valid characters for hostnames as the dot is already in there, too, and hostnames which are allowed to contain "/../" are definitely no good. :-)

			Kind regards, Axel
-- 
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Farc.pasp.de%2F&data=02%7C01%7Ctschmidt%40micron.com%7C7bdb890c737b4e9b908708d719eea31b%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C637006385051444790&sdata=kOqlxKf4e0vbLMpzY35g6DFpoCOQUcNWY1XNPxxEZ70%3D&reserved=0
Mail: abe at deuxchevaux.org  \ /  Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org  X
https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faxel.beckert.ch%2F&data=02%7C01%7Ctschmidt%40micron.com%7C7bdb890c737b4e9b908708d719eea31b%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C637006385051444790&sdata=4Se04HoJvPJxfJOsYsrC2TZSCNu3AzyyMvva9kKheLc%3D&reserved=0   / \  I love long mails: https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Femail.is-not-s.ms%2F&data=02%7C01%7Ctschmidt%40micron.com%7C7bdb890c737b4e9b908708d719eea31b%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C637006385051444790&sdata=L3cvgw%2BcX2HFum8x74E3Yzu%2FlydwUHBrRYwubJLt6NM%3D&reserved=0
_______________________________________________
Xymon mailing list
Xymon at xymon.com
https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=02%7C01%7Ctschmidt%40micron.com%7C7bdb890c737b4e9b908708d719eea31b%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C637006385051444790&sdata=52FvEs55HokI0b6yzOwR0G%2BM3wC8guVoyKpAU2GBzY0%3D&reserved=0