Home page logo

nanog logo nanog mailing list archives

Re: What do people use public suffix for?
From: Bjørn Mork <bjorn () mork no>
Date: Fri, 19 Apr 2013 20:17:38 +0200

Jay Ashworth <jra () baylink com> writes:

----- Original Message -----
From: "John Levine" <johnl () iecc com>

The public suffix list contains points in the DNS where (roughly
speaking) names below that point are under different management from
each other and from that name. It's here: http://publicsuffix.org/

The idea is that abc.foo.com and xyz.foo.com have the same management,
but abc.co.uk and xyz.co.uk do not.

You don't have to tell me that it's a gross crock, but it seems to
be a useful one. What do people use it for? Here's what I know of:

* Web browsers use it to manage cookies to keep a site from putting
cookies that will affect other sites, e.g. abc.foo.co.uk can set a
cookie for foo.co.uk but not for co.uk.

* DMARC (www.dmarc.org) uses it to find a policy record in the DNS
that describes a subtree, e.g., if you get mail that purports to be
from eBay () reply1 ebay com it checks the policy at ebay.com.

What other current applications are there?

Seems to me that it's a crock because *it should be in the DNS*.

It is already, isn't it?  The NS and SOA records will tell you all there
is to know about zone splits and cross zone relations.

I should be able to retrieve the AS (administrative split) record 
for .co.uk, and there should be one that says, "yup, there's an
administrative split below me; nothing under there is mine unless 
you also get an exception record for a subdomain".

Use the SOA record.  If it is identical for two zones, then the
adminstrative authority for those zones is the same.

For example, "microsoft.co.uk" and "microsoft.com" can be considered
under the same administration:

 bjorn () nemi:~$ dig +short soa microsoft.co.uk 
 ns1.msft.net. msnhst.microsoft.com. 2013032601 1800 900 2419200 3600
 bjorn () nemi:~$ dig +short soa microsoft.com
 ns1.msft.net. msnhst.microsoft.com. 2013041803 300 600 2419200 3600

While "apple.co.uk" and "apple.com" may be, depending on how strict you
are going to be when comparing:

 bjorn () nemi:~$ dig +short soa apple.co.uk 
 nserver.euro.apple.com. hostmaster.apple.com. 10 1800 900 2592000 1800
 bjorn () nemi:~$ dig +short soa apple.com
 gridmaster-ib.apple.com. hostmaster.apple.com. 2010086586 1800 900 2016000 86500



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]