[dns-operations] What's a "suffix"?

David Conrad drc at virtualized.org
Mon Jan 21 19:02:05 UTC 2013

On Jan 21, 2013, at 1:00 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> On Mon, Jan 21, 2013 at 09:25:03AM +0100,
> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
> a message of 21 lines which said:
>> A "suffix" is any string ending a domain name. 
> A reader even more nazi than I am suggested a definition closer to the
> DNS semantics:
> A suffix is any sequence of labels ending a domain name.

The term 'suffix' isn't really the issue -- it is the subset of 'suffixes' deemed 'public'.

Quoting RFC 6265:

  NOTE: A "public suffix" is a domain that is controlled by a
  public registry, such as "com", "co.uk", and "pvt.k12.wy.us".
  This step is essential for preventing attacker.com from
  disrupting the integrity of example.com by setting a cookie
  with a Domain attribute of "com".  Unfortunately, the set of
  public suffixes (also known as "registry controlled domains")
  changes over time.  If feasible, user agents SHOULD use an
  up-to-date public suffix list, such as the one maintained by
  the Mozilla project at <http://publicsuffix.org/>.

I have to admit this definition has confused me for some time (e.g., what does "public registry" mean in this context?), but ignoring this, I find it odd that a registry as important to Internet operations as the "public suffix list" is not maintained by IANA. The fact that .CW was not automatically added to the list increases the oddness factor for me.


More information about the dns-operations mailing list