[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

fqdn and trailing dot in IDs



Ricky Charlet writes:
> 	So when we use a FQDN as a name to Identify an endpoint, do we require
> and/or enforce that the 'trailing dot' be applied?

No, you never put that trailing dot to the FQDN in the IKE. The DOI
says:
----------------------------------------------------------------------
4.6.2.3 ID_FQDN

   The ID_FQDN type specifies a fully-qualified domain name string.  An
   example of a ID_FQDN is, "foo.bar.com".  The string should not
   contain any terminators.
----------------------------------------------------------------------

So it does not contain any terminators (no nul character, no dots). 

> 	An FQDN without a trailing dot is ambigous as pointed out by rfc1912
> sect 3.2  (exerpt below)

In the DNS world FQDN is defined to contain the dot, but I general
FQDN is just a domain name that identifies the name completely, i.e.
include all parts of. From the RFC1594/FYI4 (FYI Q/A - for New Internet
Users): 
----------------------------------------------------------------------
   5.2  What is a Fully Qualified Domain Name?

      A Fully Qualified Domain Name (FQDN) is a domain name that
      includes all higher level domains relevant to the entity named.
      If you think of the DNS as a tree-structure with each node having
      its own label, a Fully Qualified Domain Name for a specific node
      would be its label followed by the labels of all the other nodes
      between it and the root of the tree.  For example, for a host, a
      FQDN would include the string that identifies the particular host,
      plus all domains of which the host is a part up to and including
      the top-level domain (the root domain is always null).  For
      example, atlas.arc.nasa.gov is a Fully Qualified Domain Name for
      the host at 128.102.128.50.  In addition, arc.nasa.gov is the FQDN
      for the Ames Research Center (ARC) domain under nasa.gov.
----------------------------------------------------------------------
That entry seems to have disappeared in the later version of the FYI4,
I don't know why...
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/


Follow-Ups: References: