Deprecate And Remove Support For Invalid DNS Names

We have a security vulnerability that is rather long in the tooth (not yet public) that depends, in part, on our DNS resolver’s willingness to attempt to resolve arbitrary garbage strings, including strings that could not ever be valid hostnames. I propose to remove support for such requests in our DNS resolution code, and attempt only to resolve legal hostnames (“preferred name syntax”). Additionally, I propose we accept underscores (_) in names. (See the measurement CL.) Note that IDNs are P

Documentation

Status in Chromium

In development (launch bug)

Consensus & Standardization

  • No public signals
  • No public signals
  • No public signals
  • No signals

Owner

Last updated on 2017-04-28