hostname="?"

We already had that covered. But a TLD is just a domain too. On the internet it has a special meaning (due to IANA) but for internal DNS it doesn't really matter.
 
It's not "just a domain", but of course, having a hostname with just ONE dot will confuse software that doesn't make this distinction. Technically, a TLD is a domain, but it does have specific semantics (e.g. can't be registered by anyone, does not name any organization's network, etc).

Therefore it WOULD be a sane assumption that an MTA doesn't just enable relaying for a TLD.

Anyways, the insanity goes even further, look at this: https://www.iab.org/documents/corre...statement-dotless-domains-considered-harmful/

Do domain name registries have marketing departments? :-/
 
Zirias said:
Technically, a TLD is a domain, but it does have specific semantics (e.g. can't be registered by anyone, does not name any organization's network, etc).
Click to expand...
Yes, but this assumes you're talking about internet registrations. For internal DNS this is irrelevant.
 
Also the root domain (.) is a domain. The correct way to write a domain is with a dot at the end representing this root domain. This is very important when configuring DNS.
 
A TLD is a valid domain. A domain consists of one or more components. The first component is also called TLD, but it is a valid domain on its own, too. So, a valid FQDN can contain just one dot.

For example, www.de is a valid FQDN on the internet. It has an “A” record, so you can connect to it (it’s running a small web server, although it’s just redirecting elsewhere).

In theory, you can even put “A” records on a TLD like de. Technically this is perfectly valid, and there is nothing in the RFCs that would disallow that. In practice it isn’t done because users would have to use the canonical (some call this “absolute”) form to access it, and most users don’t know how to do this. Hosts usually perform canonicalization, i.e. the resolver appends its own domain to names that are unqualified, i.e. names that don’t contain a dot. To write a TLD as a qualified (“absolute”) name, you have to append a dot. So, to access a hypothetical web server running on the TLD de, you would have to write https://de./ (note the dot). If you’re curious, you can try this yourself at home with BIND and a zone file for the example domain.
 
That's all correct, and simply put, a domain is "qualified" as soon as it contains at least one dot. I'm just saying an option trying to derive your domain from your hostname (both technically FQDNs) by just stripping off everything up to the first dot is guesswork that only gives the correct result if you follow common practices. Maybe the best way for an MTA would be not to offer such an option at all and require explicit configuration of domains to relay for.
 
Zirias said:
That's all correct, and simply put, a domain is "qualified" as soon as it contains at least one dot. I'm just saying an option trying to derive your domain from your hostname (both technically FQDNs) by just stripping off everything up to the first dot is guesswork that only gives the correct result if you follow common practices. Maybe the best way for an MTA would be not to offer such an option at all and require explicit configuration of domains to relay for.
Click to expand...
That’s what sendmail does.

Actually, for the most part, sendmail does not make a distinction between host names and domain names. It doesn’t have to, because technically it’s the same. It only has to provide special handling for unqualified names (canonicalization). This is fully configurable, you can even switch it off completely if that makes sense for your site.
 
hruodr said:
I have a server with name name.tld running sendmail as MTA, cyrus-imap, apache, and other
software, without problems. But it would be not a surprise if some other software at some point make troubles.
Click to expand...
That's a root domain record. They're very popular nowadays. I would much rather have proper host records ("www" should be a host or an alias to a host, for example), but I appear to be very much in the minority.
hruodr said:
Also the root domain (.) is a domain. The correct way to write a domain is with a dot at the end representing this root domain. This is very important when configuring DNS.
Click to expand...
The dot is not a domain. It's used to prevent origin substitution, both in zone files, and for the resolver, as Olli@ points out. I think origin substitution is also called "canonicalization", which is quite a typeful.
hruodr said:
BTW. It was much more complicated to get cyrus-imap than sendmail to work. The old
uw-imap worked out of the box, it was a nice solution for small personal servers, but unfortunately
is not mantained anymore.
Click to expand...
I used UW-IMAP for years, and was also very happy with it. Eventually my mailbox file got too big and started causing problems. I've just read that the author of UW-IMAP refused to add support for maildirs due a disagreement with DJB:

FUD

www.courier-mta.org www.courier-mta.org
 
olli@ said:
Actually, for the most part, sendmail does not make a distinction between host names and domain names. It doesn’t have to, because technically it’s the same.
Click to expand...
I suspect this behavior was deliberately added when MX records were introduced. The standard before then was that mail would be sent to a particular host with an A record. This is from back in the day when having a mail account meant having a user account on some big Unix machine on campus. That approach works to this day if your domain does not have an MX record.

DJB gets into this in his IPv6 critique:
 
Jose said:
The dot is not a domain. It's used to prevent origin substitution, both in zone files, and for the resolver, as Olli@ points out. I think origin substitution is also called "canonicalization", which is quite a typeful.
Click to expand...
Actually, both is correct.

Technically, the dot is a domain, as hruodr mentioned. You can think of it as the zone that contains the delegations for com, net, org, info etc. Just try the command host -a . or drill . any that lists the delegation for the root name servers.
As an analogy, it’s similar to “/” that is the root directory in a file system that contains entries for bin, usr, var, etc.

At the same time, the dot is used to mark an FQDN as absolute, to prevent appending the local domain. Just like “/” is used to denote an absolute path name, to prevent prepending the current working directory.

Jose said:
I suspect this behavior was deliberately added when MX records were introduced. The standard before then was that mail would be sent to a particular host with an A record. This is from back in the day when having a mail account meant having a user account on some big Unix machine on campus. That approach works to this day if your domain does not have an MX record.
Click to expand...
Of course, that’s what the RFC requires. If there is no MX record, then the address record (A or AAAA) is used, with an implicit preference of 0.
But that has nothing to do with the meaning and format of FQDNs.

Actually, the (E)SMTP standard explicitly states that FQDNs may have just one component, and that foo@com is a valid email address for the com TLD (at least formally – I’m not saying that this particular address actually exists).
 
olli@ said:
Yes, and this gets us back to the original question of this thread, because one of arpa’s subdomains – home.arpa – is meant to be used as the domain for private home networks. See RFC 8375.
Click to expand...
Indeed – I dismissed it earlier, having overlooked this paragraph:
Code: 
   Although this document makes specific reference to [RFC7788], it is
   not intended that the use of 'home.arpa.' be restricted solely to
   networks where HNCP is deployed.  Rather, 'home.arpa.' is intended to
   be the correct domain for uses like the one described for '.home' in
   [RFC7788]: local name service in residential homenets.
Then this requirement was actually solved in 2018, nice!

Still I've seen rationale about RFC2606 explicitly NOT reserving something for "home use" because it will result in networks that can't be joined later. Seems these concerns were dropped.
 
olli@ said:
Yes, and this gets us back to the original question of this thread, because one of arpa’s subdomains – home.arpa – is meant to be used as the domain for private home networks. See RFC 8375.
Click to expand...
I don't love it. The other subdomain for ARPA, "in-addr" is clearly meant to specify the Internet protocol class. Stuffing home under arpa seems to violate Section 2.1 of RFC 3172. I know it's only a recommendation, but still, it's messy.

I thought all the other DNS protocol classes besides "IN" were obsolete. Turns out there was at least an attempt to stuff PSTN* numbers in DNS:
tools.ietf.org

RFC 3026: Liaison to IETF/ISOC on ENUM

Working Party 1/2, of the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) held a meeting of its collaborators in Berlin Germany 19-26 October 2000. This liaison from WP1/2 to the IETF/ISOC conveys the understandings of the WP1/2 collaborators resulting from...
tools.ietf.org tools.ietf.org

* Public, Switched Telephone Network
 
Jose said:
The other subdomain for ARPA, "in-addr" is clearly meant to specify the Internet protocol class.
Click to expand...
Don't forget ip6.arpa.
Jose said:
Stuffing home under arpa seems to violate Section 2.1 of RFC 3172. I know it's only a recommendation, but still, it's messy.
Click to expand...
Indeed, it's a misuse. Looks like IETF wanted to reserve some TLD, but IANA didn't agree…
As long as nobody introduces a "home" protocol class that needs lookup keys below arpa, it will work ;)
 
You must log in or register to reply here.
Back
Top