[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#851357: Regression: No longer supports ServerName containing underscore

On Saturday, 14 January 2017 19:36:34 CET Ondřej Surý wrote:
> Stefan,
> JFTR underscores in domain names are allowed, just not for hostnames. SRV,
> TLSA and other RRs make use of them.

But the character restriction for hostnames is valid for all parts of the FQDN 
of a host. From RFC1035 section 2.3.1 (a FQDN consists of multiple labels 
separated by dots):

  The labels must follow the rules for ARPANET host names.  They must
  start with a letter, end with a letter or digit, and have as interior
  characters only letters, digits, and hyphen.  There are also some
  restrictions on the length.  Labels must be 63 characters or less.

For example, while TLSA uses things like _tcp and _443 in the looked up RRs, 
its spec RFC  6698 section 3 explicitly states that the labels in the "base 
domain name" must meet the restrictions from RFC 952, which means no 

And for http/https, only hostnames are relevant. Even if they look like a 
domain name like heise.de. 

Jonathan, So , host/domain names with underscores are not RFC compliant even 
though they are common in internal networks. And I looked up some discussions 
on the upstream httpd-dev list and consensus was that they wanted only a 
single knob to switch to legacy behavior. Though underscores in domain names 
were not discussed explicitly.

Also interesting: RFC 7230 section 5.4 says that a http server must respond 
with "400 bad request" if the Host header field contains an invalid field-value 
(though it does not define "invalid" explicitly).

Reply to: