[dns-operations] Monday rant againt the uses of the Public Suffix List

Warren Kumari warren at kumari.net
Mon Jan 21 20:29:28 UTC 2013


On Jan 21, 2013, at 2:12 PM, Vernon Schryver <vjs at rhyolite.com> wrote:

>> From: Paul Vixie <paul at redbarn.org>
> 
>> Stephane Bortzmeyer wrote:
> 
>>>> used by numerous software developers, programming languages,
>>>> browsers (cookies), search engines, security software, and many
>>>> other places.
>>> 
>>> And 95 % of these uses are bad ideas: it creates false positives
>>> (.CW...) and false negatives (it's not because .COM exists that
>>> anything.com has a meaning).
>> 
>> passionate +1.
> 
> Why is anyone using such lists to validate domain suffixes?  I recently
> discovered a global, distributed database with nearby caching that
> allows HTTP and SMTP servers to check whether the right hand side of
> user at example.com is valid.  It does not require that servers act exactly
> miscreants doing dictionary attacks to find spam targets ("sender
> address verification") or exactly like spammers sending unsolicited
> bulk mail.
> 
> Continuing the sarcasm is too much effort, so I'll simply ask why not
> do DNS MX and A requests?  (both because of the fall-back-to-A-if-no-MX
> rule)  If you get NXDOMAIN or NODATA for both MX and A, you know it
> is invalid in an SMTP Rcpt_To command (unless you still believe in
> SMTP source routing).  If you get A or MX records, then it is at least
> as likely to be valid as a name in other list.


Please sir, if I run www.images.example.co.uk, can I set a cookie at images.example.co.uk? How about example.co.uk? Fine… Now .co.uk? Hmm…

There is no DNS query that will (or should) tell me that...

W


> 
> 
> Vernon Schryver    vjs at rhyolite.com
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> 

--
"I think perhaps the most important problem is that we are trying to understand the fundamental workings of the universe via a language devised for telling one another when the best fruit is." --Terry Prachett 





More information about the dns-operations mailing list