On a Sunday in 2022, Laine Stump wrote:
On 1/27/22 4:33 PM, Ján Tomko wrote:We used to validate that the first character of the hostname is a letter. Later, RFC1123 relaxed the requirements to allow a number as well. Drop the validation completely, since we do not care about the following characters, and neither does dnsmasq (even if it's a comma, which is a delimiter in the hosts file).Was there some discussion somewhere that prompted this patch (and thus invalidates the opinion I'm about to spout)? The only email I could find about it was the email of the "reverted" patch itself (sent by Peter on behalf of the author, with r-b given in the same email).My opinion is that if a current RFC restricts the first letter of a hostname,
It restricts all of the characters, not just the first one. But in the past we only checked for one specific restriction of the first character, that it is a letter. So I believe the better way to remove the restriction is to remove the first check, not add a new one. I am unsure where the restriction came from (looking at the dates of the RFCs the "reverted" commit references, I was too young to care at the time.) The libvirt commit: commit b73d4957540938a61b95bd30696efa6553d14b5f CommitDate: 2008-08-20 12:50:29 +0000 * src/network_conf.c src/network_conf.h src/qemu_driver.c: allow to add static host definition for dnsmasq added the check with no explanation. From RFC 952 (Oct 1985): The old check enforced one specific restriction <hname> ::= <name>*["."<name>] <name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>] RFC 1123 (Oct 1989): The syntax of a legal Internet host name was specified in RFC-952 [DNS:4]. One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax. So, someone could add a validation for all of these constraints, but I have not verified whether non-compliant hostnames actually are broken with dnsmasq.
then we should validate that too, *especially* if dnsmasq doesn't; who knows what entity beyond dnsmasq will barf on it in some way, and the closer to the source the non-compliance is reported, the easier it will be to fix. (Additionally, it's easy to remove extra validation, but much more difficult to add it back later if we decide it shouldn't have been removed)
Right, we don't seem to have a separate validation step for network parsing at the moment so adding a new check would be tedious. But as-is, this check is pointless. Jano
Attachment:
signature.asc
Description: PGP signature