nanog mailing list archives

Re: Should host/domain names travel over the internet with a trailing dot?

From: Valdis.Kletnieks () vt edu
Date: Tue, 26 Feb 2013 13:12:53 -0500

On Mon, 25 Feb 2013 19:07:20 -0600, Jimmy Hess said:

If  the domain in a certificate were not interpreted as a FQDN by the
client,   this would mean,  that the certificate for
CN=bigbank.example.com
might be used to authenticate a connection to  https://bigbank.example.com
which do the local resolver search order, is in fact a DNS lookup of
bigbank.example.com.intranet.example.com

Which might be captured by a Wildcard A record for  *.com  found in
the   intranet.example.com.   zone  and pointed to a server
containing a phishing attack against bigbank.example.com;   with  a
DNS cache poisoned by  a false negative cache NXDOMAIN entry   for
bigbank.example.com.


I am *sooo* tempted to say "I recommend my competitors do DNS lookups this way"

:)

Attachment: _bin
Description:

Current thread:

Re: Should host/domain names travel over the internet with a trailing dot?, (continued)
- - - Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Brian Reichert (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jimmy Hess (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Valdis . Kletnieks (Feb 26)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Owen DeLong (Feb 25)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs David Miller (Feb 25)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 25)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Owen DeLong (Feb 25)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 25)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Doug Barton (Feb 25)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 25)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 25)
    - Message not available
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Andrew Sullivan (Feb 22)

(Thread continues...)