Bug#851357: Regression: No longer supports ServerName containing underscore
On Saturday, 14 January 2017 19:36:34 CET Ondřej Surý wrote:
> JFTR underscores in domain names are allowed, just not for hostnames. SRV,
> TLSA and other RRs make use of them.
But the character restriction for hostnames is valid for all parts of the FQDN
of a host. From RFC1035 section 2.3.1 (a FQDN consists of multiple labels
separated by dots):
The labels must follow the rules for ARPANET host names. They must
start with a letter, end with a letter or digit, and have as interior
characters only letters, digits, and hyphen. There are also some
restrictions on the length. Labels must be 63 characters or less.
For example, while TLSA uses things like _tcp and _443 in the looked up RRs,
its spec RFC 6698 section 3 explicitly states that the labels in the "base
domain name" must meet the restrictions from RFC 952, which means no
And for http/https, only hostnames are relevant. Even if they look like a
domain name like heise.de.
Jonathan, So , host/domain names with underscores are not RFC compliant even
though they are common in internal networks. And I looked up some discussions
on the upstream httpd-dev list and consensus was that they wanted only a
single knob to switch to legacy behavior. Though underscores in domain names
were not discussed explicitly.
Also interesting: RFC 7230 section 5.4 says that a http server must respond
with "400 bad request" if the Host header field contains an invalid field-value
(though it does not define "invalid" explicitly).