Refine DNS s2s tree algorithm to account for international domains
The DNS search tree algorithm in the s2s should account for international domain names. For example "co.uk" is a common domain name. So, if searching for:
the search should stop at example.co.uk and should not continue to co.uk. The algorithm can be that if the last portion of the domain is a two-letter domain, then stop the search at the 3rd level domain instead of 2nd level domain. However, we need to research this to confirm that this is how international domains work.
Although this is a minor security issue, it should be fixed.
Closing issue for now, can reopen if somebody thinks there is still an issue here...
The code has been refactored so much since this bug was reported, I'm not even sure the originally reported bug is still present.
What used to happen was: assuming no dns entries were present, lookups for a s2s connection used to check:
Now there's no where in the xmpp rfc's that say that if a dns lookup fails that you should strip the left most part and re-try. If the behaviour in trunk today is to fail after the first dns lookup, then I think we can just close this ticket as 'fixed-due-to-previous-refactoring'.
I would close this issue with wont-fix. In UK the ccSLD for companies with commercial interests is .co.uk while in Singapore it's .com.sg. In Germany there are no ccSLDs.
So you would have to build and also manage a list of all ccSLDs, I guess that this is something you don't want to do.
Perhaps there shouldn't be a DNS search tree at all?
Probably the best way to go forward would be to make a server setting for search depth.
Those admins that don't want ANY 'searching' can set it to 0.
Conservative admins can set it to 1 or 2,
For the existing behaviour it can be set to any higher number - eg: 9.
There are plenty of domains that do NOT work like this. Quick counterexample: www.sony.jp.