[Dnsmasq-discuss] Filtering non-latin1 or non-ASCIII dns requests?
Dominik Derigs
dl6er at dl6er.de
Thu May 11 16:39:54 UTC 2023
Hey Burton and Petr,
On Wed, 2023-05-10 at 21:12 -0500, B at us wrote:
> domains that don’t match \.[A-Za-z0-9]\.
You'd probably want to allow for - and _ too but Petr has the better
idea how to achieve this:
On Thu, 2023-05-11 at 17:56 +0200, Petr Menšík wrote:
> reject all IDN names, which start with xn-- prefix
Even when truly non-ASCII domains would be possible (dig äöü), none of
the larger registrars allow registering such domains directly and will
always Punycode translation of the Unicode representation of the
language-specific alphabet.
Burton, the feature you are asking for would be blocking IDNA domains?
Petr, I concur that this should be handled at a larger scale, however, I
do also think it'd be okay to have such a feature when the administrator
of a local dnsmasq says that international domains aren't something that
will happen at their place and wants some extra protection against such
letter confusion "attacks".
Best
Dominik
More information about the Dnsmasq-discuss
mailing list