DNS character not accepted

In the “Local DNS Records” section of network, I can’t enter any names that contain an underscore. Like nlb_xyz.company.pvt It will not accept anything with an underscore.

I’m on version 8.1.0 build 4942

1 Like

@C_Metz

“Underscore” is a disallowed character for the “Local DNS Records”.

This is debatable topics :grinning::grinning::grinning::grinning:
Some other vendors also not allowing this.
https://support.microsoft.com/en-my/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and#:~:text=DNS%20host%20names-,Allowed%20characters,components%20of%20domain%20style%20names.

Do you have detail info for the use case that require this ?

2 Likes

Here’s the use case…

My wife’s work computer is making a ton of false requests over DNS using the domain “company.pvt”. I urged her security department to fix it since I now have a list of most of the servers within their network, but you know how that goes, they don’t see that as a security problem. They have 1000 employees working from home and every single laptop is handing out the server names to every DNS system owner. But I digress :-)… So I’m using local DNS records to block the really bad offending DNS names to keep them off the internet. So while it’s working for most of them, as you can see from the screenshot below there are at least 2 major ones I can’t block because they contain underscores.

I love the link showing Microsoft doesn’t allow underscore, yet they are using it for LDAP stuff…

1 Like

I wanted to add, I tried using this policy to point it to a dead internet connection, but the DNS proxy seemed to just failover to a working connection, so it didn’t let me blackhole the requests this way…

1 Like

The standard for what can constitute a “label” (the between-dots components of a DNS domain name, such as “peplink” in “peplink.com”) are governed (mostly) by RFC 5890 with antecedents going all the way back to RFC 810.

Ignoring for the moment the complexities of unicode, the labels consist only of letters, digits and hyphens:

Briefly, it is a string consisting of ASCII letters, digits, and the hyphen with the further restriction that the hyphen cannot appear at the beginning or end of the string. Like all DNS labels, its total length must not exceed 63 octets.
[RFC 5890, 2.3.1]

Underscores are simply not allowable characters when used in a domain name. One may lament that fact, but I would not recommend that a vendor deviate from international standards, even for private network use.

If the IT department allows non-standard domain names then I think there are larger challenges afoot.

Just my $0.02

Cheers,

Z

3 Likes

This is the Microsoft standard causing the problems…

1 Like

Fair enough - SRV records do not have to (and by usage do not) comply with the domain name standards - they are not domain names :slight_smile:

I think the request for allowing “_” (or other non-compliant characters) in the Host Name field moves the whole table from being a mapping from domain names (with the statutory syntax limitations) to IP addresses to becoming more generically a map from any name-string to generic resource records. Thus a change of both columns would be in order, possibly adding other DNS RR fields as well.

However (another $0.02) in the absence such a change of the whole table format I would likely think of the admission of non-compliant domain names in the Host Name field to represent a bit of a kluge, a hack to serve a different purpose (in this case, an indifferent IT department).

I would be wary of that (but then I am an IETF standards guy).

Cheers,

Z

3 Likes