Saturday, March 26, 2016

DNS Ass-hattery [6]

About 3 years back, I answered a DNS-related ServerFault question about underscores in domain names.  The answer amounted to a short work-around for dealing with the difference between Windows' DNS and BIND (short version: former allows them in A records, the latter doesn't).

This week, I received thanks from someone helped by my answer.  (Thanks for the point Steve!)

Since no good deed should go unpunished, someone else commented with the following ass-hattery: "Such customers should be gently pointed to appropriate documentation, then told to obey the RFCs - or get off the internet."

To steal from John Scalzi's practice of grading hate mail, I have the following (rhetorical) questions:

  • Would you define appropriate?  There _are_ DNS servers (e.g., from Microsoft) which allow the use of the underscore.  Shouldn't you beat them up first?  You know: stomp out the root cause of the problem.  One problem: MS was using the underscore in hostnames before it was using the IP protocol.  You're going to have difficulty in getting them to change a ~30-year practice.  Another: there are A LOT of MS admins & users.  I'm thinking they out-number you.
  • You're also going to have to point out which RFC's are inappropriate.  At least one DNS RFC indicates that "the rules" are voluntary (to quote: "they are there for those who wish to minimize problems"[1]).
  • Are you somehow implying that the IETF now has an enforcement arm?  What if the customer doesn't want to "get off the Internet"?
  • I can't shake this feeling that customers are somehow (at least indirectly) responsible for our salaries.  If we start dictating to our customers, won't they take their business elsewhere?

Technically, my work-around does not violate the RFCs (putting the underscore in a CNAME record is allowed).  At the same time, it helped Steve.  If the RFC's are actually read, the prohibition against the underscore is limited only to A records (not CNAME, SRV, or other records).  The stated purpose is to differentiate host records from other records.[2]

The RFC's are Internet standards, somewhat like table manners[3].  Compliance is considered polite but not mandatory.[4]  There's no fines or prison terms involved for being mildly rude.[7]


[1] From RFC1912. That's the most derogatory statement I've yet seen in an RFC.
[3] I'm attempting to use the same level of subtle-ness as that used in [1].
[4] If everyone on the Internet complied with all of the RFCs, we wouldn't be able to use the Internet, not to mention that pigeons would become an overworked (and probably endangered) species [5].
[5] In some parts of the world, avian transport is actually faster.  (see "Pigeon versus Telkom SA" near the end of
[6] I wanted to entitle this post "Ass-hattery in Comments" with a subtitle of "What's wrong with ServerFault nowadays".  Since the blog engine doesn't allow such, I went with "DNS Ass-hattery".  I'm hoping that ServerFault has recognized that negative-value comments, such as described above, actually damage their business.
[7] See?  I'm not disagreeing that it's "a bad thing".  The difference is that I'd provided a solution rather than recommending that people get off of the Internet.