Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Devel
Dealing With Trailing Dots
daryl.odnert at tumbleweed
Apr 8, 2004, 4:04 PM
Post #1 of 8 (3502 views)
Permalink
I think the SPF specification needs some language added to clarify that
implementations must remove any trailing dot characters in domain names when
expanding the macro letters o, d, and p.

I noticed this issue when implementing the macro letter p. The PTR RR
returned from the DNS always includes a dot at the end of the domain name.
However, the examples of macro expansion in section 7.2 clearly do not
include this trailing dot. Moreover, I think that people using SPF macros
would want to know that there will not be any such trailing dot when the
macro is expanded.

Comments?

Daryl Odnert
Tumbleweed Communications
Redwood City, California


-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
RE: Dealing With Trailing Dots [ In reply to ]
daryl.odnert at tumbleweed
Apr 9, 2004, 9:32 AM
Post #2 of 8 (3474 views)
Permalink
> The raw PTR RR data does not contain any dots. It is your DNS query
software
> that builds the domain name and adds the dots. If it adds a trailing dot,
> then of course your have to remove it because domain names do not have
> trailing dots (RFC1035).

Hmmm. I think there may be confusion on this point.

Clearly, the preferred domain name syntax defined in RFC 1035 does not
include the possibility of a trailing dot. But my experience is that some
DNS servers on the Internet do return a trailing dot in the domain names of
many types of RRs including PTR, NS, and A RRs.

Note also that RFC 1034, section 3.1 mentions that trailing dots may be used
in written domain names to distinguish an "absolute" domain name from a
"relative" domain name.

In any case, we are in agreement that the SPF spec should be clarified with
respect to trailing dots in macro expansion.

Daryl Odnert
Tumbleweed Communications
Redwood City, California

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Re: Dealing With Trailing Dots [ In reply to ]
wayne at midwestcs
Apr 9, 2004, 9:37 AM
Post #3 of 8 (3496 views)
Permalink
In <7382FCA44E27D411BD4A00508BD68F950AE31039@pigeon.tumbleweed.com> "Daryl Odnert" <daryl.odnert@tumbleweed.com> writes:

>> The raw PTR RR data does not contain any dots. It is your DNS query
> software
>> that builds the domain name and adds the dots. If it adds a trailing dot,
>> then of course your have to remove it because domain names do not have
>> trailing dots (RFC1035).
>
> Hmmm. I think there may be confusion on this point.
>
> Clearly, the preferred domain name syntax defined in RFC 1035 does not
> include the possibility of a trailing dot. But my experience is that some
> DNS servers on the Internet do return a trailing dot in the domain names of
> many types of RRs including PTR, NS, and A RRs.

Can you give some examples of such domains?

I can't see how A RRs would have a trailing dot, but the RHS of the
PTR, NS, MX, CNAME, etc. RRs could. Actually, I think they can
contain any old garbage, can't they?


-wayne

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
RE: Dealing With Trailing Dots [ In reply to ]
daryl.odnert at tumbleweed
Apr 9, 2004, 10:02 AM
Post #4 of 8 (3509 views)
Permalink
> I can't see how A RRs would have a trailing dot

Sorry. My bad. What I meant is that some DNS servers append a trailing dot
on the domain in the NAME field of the RR (i.e. the LHS of the RR) even when
the dot was not there when the client issued the query. One needs to be
aware of this when ensuring that the RR returned by the query matches the
name that was specified in the query.

Daryl

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Dealing With Trailing Dots [ In reply to ]
Roger.Moser at pamho
Apr 9, 2004, 10:10 AM
Post #5 of 8 (3511 views)
Permalink
Daryl Odnert wrote:

> I think the SPF specification needs some language added to clarify that
> implementations must remove any trailing dot characters in domain names
> when expanding the macro letters o, d, and p.
>
> I noticed this issue when implementing the macro letter p. The PTR RR
> returned from the DNS always includes a dot at the end of the domain name.

The raw PTR RR data does not contain any dots. It is your DNS query software
that builds the domain name and adds the dots. If it adds a trailing dot,
then of course your have to remove it because domain names do not have
trailing dots (RFC1035).

> However, the examples of macro expansion in section 7.2 clearly do not
> include this trailing dot. Moreover, I think that people using SPF macros
> would want to know that there will not be any such trailing dot when the
> macro is expanded.

Yes, such a note should be added, just for clarity.

Roger

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
RE: Dealing With Trailing Dots [ In reply to ]
daryl.odnert at tumbleweed
Apr 9, 2004, 3:23 PM
Post #6 of 8 (3493 views)
Permalink
My bad again. This trailing dot I've been fussing about is being appended
by the DNS client software I am using. Its not in the raw data returned
from the DNS server. Apologies if I've caused any consternation.

Daryl Odnert
Tumbleweed Communications
Redwood City, California

-----Original Message-----
From: owner-spf-devel@v2.listbox.com
[mailto:owner-spf-devel@v2.listbox.com]On Behalf Of Roger Moser
Sent: Friday, April 09, 2004 1:52 PM
To: spf-devel@v2.listbox.com
Subject: [spf-devel] Dealing With Trailing Dots


Daryl wrote:

> Sorry. My bad. What I meant is that some DNS servers append a trailing
> dot on the domain in the NAME field of the RR (i.e. the LHS of the RR)
> even when the dot was not there when the client issued the query. One
> needs to be aware of this when ensuring that the RR returned by the query
> matches the name that was specified in the query.

Where did you see that dot? In the raw data or in the output of dig?

Roger

-------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Re: Dealing With Trailing Dots [ In reply to ]
mengwong at dumbo
Apr 9, 2004, 3:28 PM
Post #7 of 8 (3519 views)
Permalink
On Fri, Apr 09, 2004 at 03:23:39PM -0700, Daryl Odnert wrote:
| My bad again. This trailing dot I've been fussing about is being appended
| by the DNS client software I am using. Its not in the raw data returned
| from the DNS server. Apologies if I've caused any consternation.

Mail::SPF::Query does a sanitization thing on any DNS names it queries:

s/\.\.+/\./g;
s/^\.//;

I recommend other implementations do the same.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Dealing With Trailing Dots [ In reply to ]
Roger.Moser at pamho
Apr 9, 2004, 10:52 PM
Post #8 of 8 (3479 views)
Permalink
Daryl wrote:

> Sorry. My bad. What I meant is that some DNS servers append a trailing
> dot on the domain in the NAME field of the RR (i.e. the LHS of the RR)
> even when the dot was not there when the client issued the query. One
> needs to be aware of this when ensuring that the RR returned by the query
> matches the name that was specified in the query.

Where did you see that dot? In the raw data or in the output of dig?

Roger

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal