Allowed Characters in DNS names in unbound's local data: IDN
Patrik Fältström
paf at frobbit.se
Thu Nov 28 13:18:15 UTC 2019
On 28 Nov 2019, at 13:22, Ron Varburg via Unbound-users wrote:
> I think, though I haven't checked, that:
> 1. IDN is designed so that each byte, on 8 bit boundaries, would look like a printable ASCII character.
Correct, and this is called A-Label which can be converted to and from a U-Label without any loss.
> 2. Therefore, any DNS software would support it out of the box, without being aware of it.
Yes.
> So just meet IDN restrictions in your plans to your org DNS Names/CNAME, unbound local data, whatever.
That is exactly how it works. You do place the A-Label in the DNS config, and things will work just fine. Not the U-Label.
Patrik
> On Wednesday, November 27, 2019, 9:33:42 PM GMT, Patrik Fältström <paf at frobbit.se> wrote:
>
> What is called "IDNA2008" is in use "all over the place" and is the way of encoding Unicode so that the encoded strings can be used as domain names.
>
> Patrik Fältström
>
> On 27 Nov 2019, at 8:51, Ron Varburg via Unbound-users wrote:
>
>> Does https://en.wikipedia.org/wiki/Internationalized_domain_name related
>> to your question? Even if it does, I wonder myself how much it is used. On Tuesday, November 26, 2019, 3:04:31 PM GMT, Shanmuga Rao via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
>>
>> Hello,
>> We are planning to use unbound to perform DNS overrides for traffic redirection in certain locations within our org. I was wondering if there are any restrictions imposed on the DNS Names/CNAMEs we would add in the unbound.conf under local zone and data?
>>
>> For example, AD DNS contains a list of characters that are not allowed, list of characters/digits a record should not start with etc. Do the same rule apply to unbound as well or can we go a bit crazy with our naming conventions ?
>>
>> I apologize in advance If there is already some documentation on this. Please redirect me to them if available.
>>
>> Thanks!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20191128/5c195cef/attachment.bin>
More information about the Unbound-users
mailing list