Google Answers Logo
View Question
 
Q: please explain RFC 1535 - mother911-ga ( Answered 5 out of 5 stars,   2 Comments )
Question  
Subject: please explain RFC 1535 - mother911-ga
Category: Computers > Internet
Asked by: qwertz-ga
List Price: $50.00
Posted: 08 Aug 2006 23:48 PDT
Expires: 07 Sep 2006 23:48 PDT
Question ID: 754137
this question is for mother911-ga unless otherwise mentioned below

please explain rfc 1535 in layman's terms.

is it still a problem today?

what is it good for?

how does it relate to *.edu.com today if at all?

thank you
Answer  
Subject: Re: please explain RFC 1535 - mother911-ga
Answered By: mother911-ga on 09 Aug 2006 15:45 PDT
Rated:5 out of 5 stars
 
The basis of the RFC1535 was related to the last part of my answer in
question http://answers.google.com/answers/threadview?id=754114.

An Absolute Rooted FQDN must end in a trailing ".", this was to
indicate you had reached the top level of domain to search. As you
remember from the previous question, a FQDN in folder structure looks
like:
/com
/google
/answers

The Absolute Rooted FQDN would look like this:
Answers.Google.com. (note the trailing ".", it is not an error. It
indicated there is no domain above "COM" that needs to be searched.

RFC1535 addresses a potential for errors in attempting to resolve
domain names when using certain versions of BSD BIND software which
was used to resolve FQDNs to IP addresses.

So for arguments sake, if you failed to add a trailing "." on the end
of a domain you could possibly be mis-directed to another domain.

So if you entered Answers.Google.com (note there is no trailing ".")
the BIND resolver client would then continue searching all top level
domains until it finds a match. So Answers.Google.com would be
searched for in:

Answers.Google.com.edu
Answers.Google.com.mil
Answers.Google.com.de
Answers.Google.com.mx
Answers.Google.com.org

The second part of the RFC is a security risk based on this issue. If
someone were to enter a DNS entry for ?Harvard.edu.com? on their local
server, then when anyone on a ?.com? site searching would be
redirected to "Harvard.edu.com" instead of "Harvard.edu". To use a
scary example, if someone wanted to maliciously use this available
hole in security, they could add the DNS entry for a ".net" bank
domain on a ".com" server, then everyone searching for that bank's
domain would wind up on their fake domain because "ExampleBank.net"
(without a trailing ".") would resolve on ?.com? servers to
"ExampleBank.net.com". Now they would just need to setup a fake login
page for that bank and they could collect username and passwords all
day.

This would even be further complicated if people registered TLD names
as domains, ?EDU.com?, ?NET.com? etc.

The suggested solution basically limits the way BIND clients would
search for the actual domain to help avoid these situations. The end
result was that this caused the necessary changes and the trailing ?.?
is no longer a requirement for a FQDN.

Rules of domain naming were changed to avoid the edu.com or mil.gov
issues, and currently there have been no new issues surfacing in this
debate since about 1995 (and most of those were admins who had poorly
formatted their own DNS servers.

It was obviously good to point out a potential issue which would have
quickly become a HUGE problem had it not been corrected.

It is no longer an issue today based on the numerous changes that were
made since 1993 when the RFC was written.

Edu.com addresses are no longer an issue as DNS resolution has been
drastically changed.

Of course if you have any need for further information please use the
request clarification button before rating this question.

Thanks for the interesting questions; I had to really scrape the back
of my brain for the details of these situations.

[-- Mother911-ga --]
qwertz-ga rated this answer:5 out of 5 stars and gave an additional tip of: $10.00
Thanks again. Well answered.

Comments  
Subject: Re: please explain RFC 1535 - mother911-ga
From: mother911-ga on 09 Aug 2006 00:03 PDT
 
Hi qwertz-ga, 

I will work on this question for you in the morning. It's 3am here,
and that 6am alarm seems to go off earlier and earlier every day.


[-- Mother911-ga --]
Subject: Re: please explain RFC 1535 - mother911-ga
From: qwertz-ga on 09 Aug 2006 00:09 PDT
 
Thank you for the update.

The sooner you can get to it the better :-)

Sleep well.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy