Bernhard discovered this in https://community.ipfire.org/t/unbound-is-not-running/5695/6.
Is this something for you, Leo?
(In reply to Michael Tremer from comment #1) > Is this something for you, Leo? Hi Michael, this looks like something for the next rainy evening :) At the moment the function would also accept an IP (in the format 1.2.3.4) as the domain name. Is that intentional, or should it require letters in the TLD?
RFC1123 states explicitly that IPs are allowed as host names. So it is ok, if the function allows that. Investigations about usage of validdomainname show, that dnsforward.cgi is the only file not checking for empty host/domain names. In wio.cgi it is perhaps better to use validfqdn() instead of validdomainname().
Another view to the empty string would be to allow the top domain ( . ).
Hi Bernhard, thank you! Have I understood this correctly now? Allowed names: "abc123xyz", "_-abc.xyz", "." Invalid names: "" (empty string), "-.abc", "-", "..."
Allowed names are those of the cited RFCs. This little program helps to check #!/usr/bin/perl my @parts; my ($part,$n); my @t = ("host","host.dom.tld",".","","...","host.dom.tld."); foreach $t(@t) { @parts = split(/\./,$t); $n = scalar(@parts); printf "t=%-20s\t n=%2d\tparts=", $t, $n; foreach $part(@parts) { printf ">%s< ",$part; } print "\n"; } The empty string and the strings containing '.' only result in a empty parts list. So it isn't allowed to use the top domain. Further it is allowed to use the FQDN ( with trailing '.' ). This is true for the validfqdn() function also.
Bernhard, since you are much more familiar with these RFCs and have already researched and written code, I think you should take over. I'm handing this back. Sorry for the noise.