[dns-operations] bug in Apache handling of real FQDNs

Bob Harold rharolde at umich.edu
Mon Jun 8 21:01:41 UTC 2015


On Mon, Jun 8, 2015 at 3:04 PM, Fred Morris <m3047 at m3047.net> wrote:

> If anyone on here wants to weigh in on whether from a DNS perspective
> www.example.com and www.example.com. are intended to represent the same
> host
> (from the host's perspective at least) now is the time.
>
>   https://bz.apache.org/bugzilla/show_bug.cgi?id=58007
>
> This concerns broken HTTP + TLS clients exposing what I consider to be a
> bug
> in Apache's sanity checking of SNI + Host headers. There seems to be some
> concern that the dot means something and that these cannot be treated
> equivalently from the host's perspective. (Notwithstanding that from a
> named
> virtual hosting perspective, Apache does treat them the same.)
>
> --
>
> Fred Morris
>
> "www.example.com." is exact, but "www.example.com" depends on your
'ndots' setting and how your client resolver handles search paths.  I would
certainly like applications to accept trailing dots and handle them
properly.  Then perhaps we could configure domain names in config files as
fully qualified, so that there are no chances of misinterpretation, and no
extra traffic due to search paths.  Ideally, we could even train users to
use fully qualified names, although that is asking a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150608/9bfedb2f/attachment.html>


More information about the dns-operations mailing list