[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
fqdn and trailing dot in IDs
Ricky Charlet writes:
> So when we use a FQDN as a name to Identify an endpoint, do we require
> and/or enforce that the 'trailing dot' be applied?
No, you never put that trailing dot to the FQDN in the IKE. The DOI
says:
----------------------------------------------------------------------
4.6.2.3 ID_FQDN
The ID_FQDN type specifies a fully-qualified domain name string. An
example of a ID_FQDN is, "foo.bar.com". The string should not
contain any terminators.
----------------------------------------------------------------------
So it does not contain any terminators (no nul character, no dots).
> An FQDN without a trailing dot is ambigous as pointed out by rfc1912
> sect 3.2 (exerpt below)
In the DNS world FQDN is defined to contain the dot, but I general
FQDN is just a domain name that identifies the name completely, i.e.
include all parts of. From the RFC1594/FYI4 (FYI Q/A - for New Internet
Users):
----------------------------------------------------------------------
5.2 What is a Fully Qualified Domain Name?
A Fully Qualified Domain Name (FQDN) is a domain name that
includes all higher level domains relevant to the entity named.
If you think of the DNS as a tree-structure with each node having
its own label, a Fully Qualified Domain Name for a specific node
would be its label followed by the labels of all the other nodes
between it and the root of the tree. For example, for a host, a
FQDN would include the string that identifies the particular host,
plus all domains of which the host is a part up to and including
the top-level domain (the root domain is always null). For
example, atlas.arc.nasa.gov is a Fully Qualified Domain Name for
the host at 128.102.128.50. In addition, arc.nasa.gov is the FQDN
for the Ames Research Center (ARC) domain under nasa.gov.
----------------------------------------------------------------------
That entry seems to have disappeared in the later version of the FYI4,
I don't know why...
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
Follow-Ups:
References: