Re: Non-ASCII in DNS queries

From: Eugene Gershnik (gershnik_at_hotmail.com)
Date: 03/18/04

Next message: Eugene Gershnik: "Re: loopback interface/Firewall/Winsock"
Previous message: Ken Spreitzer: "Re: Help with WpPost or WpWiz"
In reply to: Gary Krall: "Re: Non-ASCII in DNS queries"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 18 Mar 2004 01:36:36 -0800

Gary Krall wrote:
> Eugene:
>
> Hmmm...a Windows machine will always send the DNS query as
> xn--sgard-lra.no to the DNS server if it is being used within an IDNA
> supported application such as Netscape 7.1+, Opera 7.2+, Safari 1.2+,
> SmartFTP, and Internet Explorer through i-Nav (to name a few). I am
> unclear as to why you think Windows is stripping off the "xn-"
> portion of the address. Windows Sockets is rather dumb in this
> regard and to my knowledge it does not make the type of decisions you
> are talking about. It would rely on the client application layer to
> make these kinds of changes before sending the query.

I was talking about the registration not the query. When you name a Windows
machine during the setup (or afterwards) the actual DNS name will be as I
described. Quite surprising for a user.
As for various browser plugins they are fine but this thing really ought to
be done by Winsock. There are many non-browser clients and if they don't
work while browser does this will drive user crazy. Imagine not being able
to ftp but being able to browse.

> In your example, cnn.com (U+0063 U+006E U+006E) will always be an
> ASCII address. The Russian form, ?nn.com (U+0441 U+006E U+006E) will
> be converted by the IDNA application to its Punycode counterpart
> during transport or xn--nn-nmc.com.

The user will see www.cnn.com in the address field of his browser. The
resultant IDN name is invisible to him. One more way for social engineering.

> There are obviously all kinds of
> complaints related to this especially as it relates to overlapping
> Cyrillic and Latin characters, but the standard is published and
> client applications are starting to support it.

Maybe. It doesn't make I18Nized DNS names a good idea though.

--
Eugene

Next message: Eugene Gershnik: "Re: loopback interface/Firewall/Winsock"
Previous message: Ken Spreitzer: "Re: Help with WpPost or WpWiz"
In reply to: Gary Krall: "Re: Non-ASCII in DNS queries"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: DNS problem
... >>Something on your FreeBSD box is sending DNS queries to your Windows box ... >>and is timing out its query and closing the socket it used to send the ... >>query before the Windows box returns its response. ...
(freebsd-stable)
Catch-22: DNS <=> Comcast registration
... it did not work, because my DNS connection was blocked, but I ... a Windows machine would also need to have DNS access ...
(comp.os.linux.networking)
Resolver issue
... I'm having some troubles with the Windows DNS resolver (the behaviour is the ... the resolver should first query the DNS ...
(microsoft.public.win2000.dns)
Re: Win2K DNS cannot query BIND 9
... cannot query any of our domains. ... > coming into the firewall and I can see the queries logged in the BIND ... So are you saying the Windows DNS cannot get an answer to a referral to your ...
(microsoft.public.win2000.dns)
Re: Very slow DNS
... > DNS query could take up to 30 seconds. ... While Windows was unaffected, this ... If it's IPv6, the problem is common with other distros, notably Mandrake ... > it's actually the DNS servers at fault. ...
(alt.linux)