Unbound DNS vulnerability exploit DDOS attack

[Fright]

@schnipp
Thank you for the clarification! didn't know that.
nevertheless, from a practical point of view, I think the limitation of min 2 characters is logical and allows to identify garbage records

It's a decision of IANA that nowadays no one character TLDs are existing. But the tech specs still allow them.

[Fright]

tested some file changes.
so it is quite possible to make the field to accept full regexps (with commas and quantifiers), and the plugin will process them correctly. so user will be able to independently choose the restrictions (use the length of the TLD he likes))
but a decent number of files changed (plugin and core). I don't know how @franco and @AdSchellevis will look at it

[schnipp]

nevertheless, from a practical point of view, I think the limitation of min 2 characters is logical and allows to identify garbage records

Sorry, I don't understand the logic to enforce TLDs with a minimum of two characters. The logic is in the well-defined specifications and not in any subjective perception. So, I don't reccomend taking this step because it will introduce a bug in verification of syntactical correct FQDNs.

[Fright]

disagree. the logic is not in creating a generic expression for checking a string for compliance with RFCs, but in trying to find erroneous or non-working records. and while domains of this length are practically not used (https://www.icann.org/resources/pages/tlds-2012-02-25-en), we can use an expression that allows to define garbage and not take up resources for a record that has no practical use.

[schnipp]

disagree. the logic is not in creating a generic expression for checking a string for compliance with RFCs, but in trying to find erroneous or non-working records.

It is not my intention to change your philosophy in software development. But, I have seen a lot of software in the past which showed bugs or incompatibilities after a period of time due to developers did not care about standards or just followed trial and error principles.

Just my 2 cents.

[Fright]

too general statement about devs and principles
the proposed solution assumes the ability for the user to independently choose a regular expression and follow those standards or policies that he sees fit.
a discussion of how RFC standards and  ICAAN policies relate, and how big the news would be if ICAAN approves a policy for issuing a single character TLDs, I think, is not suitable for this topic.
and yes, i am not a developer )

[gogol]

At first your next step should be to disable one of the two and compare the results again to identify the problem




ข่าวกีฬาออนไลน์