Deprecate And Remove Support For Invalid DNS Names (removed)

We have a security vulnerability that is rather long in the tooth (not yet public) that depends, in part, on our DNS resolver’s willingness to attempt to resolve arbitrary garbage strings, including strings that could not ever be valid hostnames. I propose to remove support for such requests in our DNS resolution code, and attempt only to resolve legal hostnames (“preferred name syntax”). Additionally, I propose we accept underscores (_) in names. (See the measurement CL.)

Reduce exposure to bugs.

Comments

This removal shipped in Chrome 69. The CL was https://chromium-review.googlesource.com/c/chromium/src/+/569298.

Documentation

Status in Chromium

Internals>Network>DNS


Removed (tracking bug) in:

  • Chrome for desktop release 69
  • Chrome for Android release 69
  • Android WebView release 69

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No public signals
  • No public signals
  • No public signals
  • No signals

Owner

Last updated on 2019-03-18