Refine DNS s2s tree algorithm to account for international domains

Description

The DNS search tree algorithm in the s2s should account for international domain names. For example "co.uk" is a common domain name. So, if searching for:

conference.example.co.uk

the search should stop at example.co.uk and should not continue to co.uk. The algorithm can be that if the last portion of the domain is a two-letter domain, then stop the search at the 3rd level domain instead of 2nd level domain. However, we need to research this to confirm that this is how international domains work.

Although this is a minor security issue, it should be fixed.

Environment

None

Activity

Show:
Daryl Herzmann
January 7, 2010, 7:15 AM

Closing issue for now, can reopen if somebody thinks there is still an issue here...

Norman Rasmussen
November 13, 2007, 9:36 PM

The code has been refactored so much since this bug was reported, I'm not even sure the originally reported bug is still present.

What used to happen was: assuming no dns entries were present, lookups for a s2s connection used to check:

transport.example.co.uk, then
example.co.uk, then
co.uk, then
uk

Now there's no where in the xmpp rfc's that say that if a dns lookup fails that you should strip the left most part and re-try. If the behaviour in trunk today is to fail after the first dns lookup, then I think we can just close this ticket as 'fixed-due-to-previous-refactoring'.

LG
November 13, 2007, 9:14 PM

I would close this issue with wont-fix. In UK the ccSLD for companies with commercial interests is .co.uk while in Singapore it's .com.sg. In Germany there are no ccSLDs.
So you would have to build and also manage a list of all ccSLDs, I guess that this is something you don't want to do.

Norman Rasmussen
July 5, 2006, 3:11 AM

Perhaps there shouldn't be a DNS search tree at all?

Probably the best way to go forward would be to make a server setting for search depth.

Those admins that don't want ANY 'searching' can set it to 0.
Conservative admins can set it to 1 or 2,
For the existing behaviour it can be set to any higher number - eg: 9.

Joe Auricchio
October 6, 2005, 8:04 AM

There are plenty of domains that do NOT work like this. Quick counterexample: www.sony.jp.

Won't Fix

Assignee

Gaston Dombiak

Reporter

MattM

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Critical