Author Topic: underscores are used in latest update - they are illegal chars  (Read 17011 times)

0 Members and 1 Guest are viewing this topic.

January 27, 2012, 05:49:16 pm
Read 17011 times

dsl

  • Jr. Member

  • Offline
  • **

  • 10
Today's list (which we convert to bind format from hosts.txt file) contains invalid domains (they use underscores!) as per below and need to be fixed... RNDC RECONFIG command in BIND  reports the following errors in syslog. The underscores are actually hyphens (I know because if you try to reolve the names with hyphens, they then work. Underscores are illiegal chars in dns naming conventions. So they need to be update with hyphens (i.e. "abel_guimaraes.sites.uol.com.br" changed to "abel-guimaraes.sites.uol.com.br").

Jan 27 09:35:37 ****** named[3671]: content-block.db:11: abel_guimaraes.sites.uol.com.br: bad owner name (check-names)
Jan 27 09:35:37 ****** named[3671]: zone abel_guimaraes.sites.uol.com.br/IN/localhost_resolver: loading master file content-block.db: bad owner name (check-names)
Jan 27 09:35:37 ****** named[3671]: content-block.db:11: andrea_antonacci.sites.uol.com.br: bad owner name (check-names)
Jan 27 09:35:37 ****** named[3671]: zone andrea_antonacci.sites.uol.com.br/IN/localhost_resolver: loading master file content-block.db: bad owner name (check-names)
Jan 27 09:35:37 ****** named[3671]: content-block.db:11: eder_rogerio.sites.uol.com.br: bad owner name (check-names)
Jan 27 09:35:37 ****** named[3671]: zone eder_rogerio.sites.uol.com.br/IN/localhost_resolver: loading master file content-block.db: bad owner name (check-names)
Jan 27 09:35:37 ****** named[3671]: content-block.db:11: tadeu_borges.sites.uol.com.br: bad owner name (check-names)
Jan 27 09:35:37 ****** named[3671]: zone tadeu_borges.sites.uol.com.br/IN/localhost_resolver: loading master file content-block.db: bad owner name (check-names)
Jan 27 09:36:15 ****** named[3671]: content-block.db:11: abel_guimaraes.sites.uol.com.br: bad owner name (check-names)
Jan 27 09:36:15 ****** named[3671]: zone abel_guimaraes.sites.uol.com.br/IN/localhost_resolver: loading master file content-block.db: bad owner name (check-names)
Jan 27 09:36:15 ****** named[3671]: content-block.db:11: andrea_antonacci.sites.uol.com.br: bad owner name (check-names)
Jan 27 09:36:15 ****** named[3671]: zone andrea_antonacci.sites.uol.com.br/IN/localhost_resolver: loading master file content-block.db: bad owner name (check-names)
Jan 27 09:36:15 ****** named[3671]: content-block.db:11: eder_rogerio.sites.uol.com.br: bad owner name (check-names)
Jan 27 09:36:15 ****** named[3671]: zone eder_rogerio.sites.uol.com.br/IN/localhost_resolver: loading master file content-block.db: bad owner name (check-names)
Jan 27 09:36:15 ****** named[3671]: content-block.db:11: tadeu_borges.sites.uol.com.br: bad owner name (check-names)
Jan 27 09:36:15 ****** named[3671]: zone tadeu_borges.sites.uol.com.br/IN/localhost_resolver: loading master file content-block.db: bad owner name (check-names)

January 27, 2012, 06:04:47 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
I'm not sure if underscores are forbidden or not.

They exist, for example : hxxp://abel_guimaraes.sites.uol.com.br/carla.jpg
The name contains an underscore. That's a fact. We have to accept it and list the name as it is.
Ruining the bad guy's day

January 27, 2012, 06:17:33 pm
Reply #2

dsl

  • Jr. Member

  • Offline
  • **

  • 10
Well, the fact is that they are not part of the standard DNS FQDN naming convention. Valid legal chars are the 26 letters , 0-9, and hyphens only. Our DNS servers spit out those messages because it recognized the names were 'bad'. Also, if you try to resolve those names I listed , it will fail resolution on any dns system. If you replace the unerscore with a hyohen, you can then resolve them. So that alone is a clear indication that underscores are illegal. Google it.


January 27, 2012, 07:07:20 pm
Reply #4

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Hi Dan,

please understand that it doesn't matter if underscores are allowed.
They exist in the wild, e.g. hxxp://abel_guimaraes.sites.uol.com.br/carla.jpg
I can't modify the hostname from underscore to dash, because abel-guimaraes.sites.uol.com.br
doesn't exist. If someone wants to block abel_guimaraes.sites.uol.com.br, then name has to be listed as it is.
Ruining the bad guy's day

January 27, 2012, 07:49:20 pm
Reply #5

dsl

  • Jr. Member

  • Offline
  • **

  • 10
I simply cannot believe the aforementioned, supposed domains exist in the wild. If they are unresolvable through any dns system, they are technically unreachable, and if unreachable, they don't exist for all intents and purposes. Someone has typo'd somewhere is what I believe happened, it could even be the purp hinmself that typo'd.


See the results of a DIG on each variation (one with hyphen, one with underscore) below:

[xxxxxx@xxxxxxx etc]# dig abel-guimaraes.sites.uol.com.br

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 <<>> abel-guimaraes.sites.uol.com.br
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5796
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;abel-guimaraes.sites.uol.com.br. IN    A

;; ANSWER SECTION:
abel-guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.19
abel-guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.21
abel-guimaraes.sites.uol.com.br. 3600 IN A      200.147.1.41
abel-guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.17

;; AUTHORITY SECTION:
sites.uol.com.br.       3600    IN      NS      borges.uol.com.br.
sites.uol.com.br.       3600    IN      NS      eliot.uol.com.br.

;; Query time: 459 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jan 27 11:33:50 2012
;; MSG SIZE  rcvd: 154

[xxxxxx@xxxxxxx etc]# dig abel_guimaraes.sites.uol.com.br

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 <<>> abel_guimaraes.sites.uol.com.br
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34294
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;abel_guimaraes.sites.uol.com.br. IN    A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jan 27 11:33:56 2012
;; MSG SIZE  rcvd: 49

<EOT>

January 27, 2012, 08:18:52 pm
Reply #6

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Resolves without problems, otherwise we wouldn't be able to add the host to our database.

; <<>> DiG 9.6.0 <<>> abel_guimaraes.sites.uol.com.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15828
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;abel_guimaraes.sites.uol.com.br. IN    A

;; ANSWER SECTION:
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.19
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.21
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.1.41
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.17

;; Query time: 194 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jan 27 21:13:15 2012
;; MSG SIZE  rcvd: 113

Start downloading hxxp://abel_guimaraes.sites.uol.com.br/carla.jpg. It works
Try downloading hxxp://abel-guimaraes.sites.uol.com.br/carla.jpg. It fails.

Ruining the bad guy's day

January 27, 2012, 09:58:56 pm
Reply #7

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
Resolves without problems, otherwise we wouldn't be able to add the host to our database.

; <<>> DiG 9.6.0 <<>> abel_guimaraes.sites.uol.com.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15828
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;abel_guimaraes.sites.uol.com.br. IN    A

;; ANSWER SECTION:
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.19
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.21
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.1.41
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.17

;; Query time: 194 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jan 27 21:13:15 2012
;; MSG SIZE  rcvd: 113

Start downloading hxxp://abel_guimaraes.sites.uol.com.br/carla.jpg. It works
Try downloading hxxp://abel-guimaraes.sites.uol.com.br/carla.jpg. It fails.




yep same her google resolves these !


 dig abel_guimaraes.sites.uol.com.br any

; <<>> DiG 9.6-ESV-R4 <<>> abel_guimaraes.sites.uol.com.br any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58263
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;abel_guimaraes.sites.uol.com.br. IN    ANY

;; ANSWER SECTION:
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.1.41
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.17
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.19
abel_guimaraes.sites.uol.com.br. 3600 IN A      200.147.33.21

;; Query time: 253 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jan 27 22:57:41 2012
;; MSG SIZE  rcvd: 113


-- gerhard

January 27, 2012, 10:29:34 pm
Reply #8

dsl

  • Jr. Member

  • Offline
  • **

  • 10
I imagine we configured our bind servers for strict RFC support of dns naming, otherwise running the "rndc reconfig" would not have generated the error messages referring to them as "bad names". So it appears the resolution issue is local to us and we just don't allow resolution of names with underscores as they are not strict RFC compliant.

OK. So we're all right about this I guess?? Had to be discussed imho.

At least the true RFC compliant names in the list are being blocked, the non RFC names only generate the error, they don't get loaded into blackhole list though.

Nuff said.

Thanks
Dan.

January 27, 2012, 10:32:56 pm
Reply #9

dsl

  • Jr. Member

  • Offline
  • **

  • 10

January 27, 2012, 10:59:37 pm
Reply #10

dsl

  • Jr. Member

  • Offline
  • **

  • 10
one last thing to mention...

Even though our BIND implementation cannot currently resolve names with underscores, it does mean that If I can't resolve the names, neither can the rest of our machines. This BIND server is the external side of the split/split dns architecture. It has no need to resolve internal Windows AD fqdns that may contain underscores. The bottom line...our internal systems cannot get to those domains with underscores and thus are protected from them.

Dan.
I've said it all so...
End of Thread.