Last Comment Bug 913785 - fqdn for smtp server name not accepted
: fqdn for smtp server name not accepted
Status: RESOLVED FIXED
:
Product: MailNews Core
Classification: Components
Component: Account Manager (show other bugs)
: 24
: All All
: -- normal (vote)
: Thunderbird 26.0
Assigned To: :aceman
:
Mentors:
Depends on: 134402 80855
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-07 03:18 PDT by bjoern
Modified: 2013-09-30 03:09 PDT (History)
5 users (show)
ryanvm: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
fixed
25+
fixed


Attachments
patch (3.70 KB, patch)
2013-09-13 12:21 PDT, :aceman
no flags Details | Diff | Splinter Review
patch v2 (3.70 KB, patch)
2013-09-15 04:32 PDT, :aceman
neil: review+
standard8: approval‑comm‑beta+
standard8: approval‑comm‑esr24+
Details | Diff | Splinter Review

Description bjoern 2013-09-07 03:18:17 PDT
User Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 2013081600

Steps to reproduce:

I see the smtp server DNS name being resolved with DNS search list. To stop this I tried setting the SMTP server in the settings as FQDN, e.g. not "smtp.gmail.com" but "smtp.gmail.com." (with trailing dot).


Actual results:

the trailing dot is not accepted and thunderbird says "Please enter a valid server name."


Expected results:

The FQDN "smtp.gmail.com." should be accepted and be used correctly so that smtp.gmail.com.dns.searchlist is not being tried.
Comment 1 bjoern 2013-09-07 03:39:09 PDT
same for imap server settings. editing the server in the advanced config editor works, just the gui refuses to accept the fqdn.
Comment 2 bjoern 2013-09-07 05:05:16 PDT
and even if the fqdn is entered in ther config editor the bug #134402 pops in and prevents certificate name matching. :-|
Comment 3 :aceman 2013-09-12 07:08:24 PDT
I do not really understand what you are trying to do. What is wrong with DNS resolving smtp.gmail.com ? Can you elaborate on that?

"smtp.gmail.com." does not seem to be a valid hostname per the RFC we implement (see bug 80855). Do you know any application that accepts such hostnames?
If this form is generally accepted in apps, and if it does actually work to be resolved in gecko core networking, we may allow it too.
Comment 4 bjoern 2013-09-13 01:33:44 PDT
if upstream nameserver is unreachable or has a failure then the DNS search list is being appended to the DNS name. If the search list contains "example.com mycompany.example.com" then smtp.gmail.com.example.com and smtp.gmail.com.mycompany.example.com would be looked up also.

The trailing dot/period at the end of the hostname prevents the DNS searchlist being appended to the DNS name because the host name with tailing dot is by definition an absolute FQDN. This still seems to be a not widely known fact though, there are some bugzilla bugs, where developers say that this is an invalid host name. This is actually a valid AND nonambiguous host name.

From RFC 1034:
--snip--
Relative names are either taken relative to a well known origin, or to a
list of domains used as a search list.  Relative names appear mostly at
the user interface, where their interpretation varies from
implementation to implementation, and in master files, where they are
relative to a single origin domain name.  The most common interpretation
uses the root "." as either the single origin or as one of the members
of the search list, so a multi-label relative name is often one where
the trailing dot has been omitted to save typing.
...
Since a complete
domain name ends with the root label, this leads to a printed form which
ends in a dot.
...
The most common interpretation
uses the root "." as either the single origin or as one of the members
of the search list, so a multi-label relative name is often one where
the trailing dot has been omitted to save typing.
--snap--

See also wikipedia:
--snip--
DNS root domain is unnamed, which is expressed by an empty label, resulting in a domain name ending with the dot separator. However, many DNS resolvers process a domain name that contains a dot in any position as being fully qualified
--snap--

Also Microsoft does it right (http://technet.microsoft.com/en-us/library/cc958812.aspx):
--snip--
The trailing period ( . ) denotes that this is an FQDN with the name relative to the root of the domain namespace. The trailing period is usually not required for FQDNs and if it is missing it is assumed to be present.
--snap--

I hope we can agree that the trailing dot in fqdn's is a standard now. To test this you can put "example.com" into your DNS search list. Then:

nslookup www     (resolves www.example.com)
nslookup www.example.com.      (resolves www.example.com)
nslookup www.    (fails because it is fqdn and the search list is not used)

If I know programs that support this? Yes almost all programms do. "curl www" gets www.example.com while "curl www." gets nothing.

I don't say that Mozilla should put the period at the end by default in this case but if someone puts the FQDN dot there intentionally to prevent lookups like smtp.gmail.com.example.com then Mozilla should not say that this is not right but accept it.
Comment 5 :aceman 2013-09-13 02:58:23 PDT
Thanks for a great explanation. At least Firefox seems to support the trailing dot too. E.g. inputting www.google.com. works fine (on Win XP), the site even does the standard redirection to www.google.<country> .

It looks like there should be no harm in allowing this form.
Neil, what do you think?
Comment 6 neil@parkwaycc.co.uk 2013-09-13 04:12:23 PDT
Seems reasonable to me.
Comment 7 :aceman 2013-09-13 12:21:51 PDT
Created attachment 804619 [details] [diff] [review]
patch
Comment 8 neil@parkwaycc.co.uk 2013-09-13 16:49:45 PDT
Comment on attachment 804619 [details] [diff] [review]
patch

Doesn't \.? work?
Comment 9 :aceman 2013-09-15 04:32:37 PDT
Created attachment 804999 [details] [diff] [review]
patch v2

Yes it does.
Comment 10 :aceman 2013-09-15 07:53:20 PDT
Thanks.
Comment 11 Ryan VanderMeulen [:RyanVM] 2013-09-15 13:01:44 PDT
https://hg.mozilla.org/comm-central/rev/3090543fb5e2
Comment 12 :aceman 2013-09-16 00:29:33 PDT
Comment on attachment 804999 [details] [diff] [review]
patch v2

[Approval Request Comment]
Regression caused by (bug #): bug 80855
User impact if declined: some valid hostnames may be incorrectly rejected, mostly for enterprise users utilizing features of DNS.
Testing completed (on c-c, etc.): 
Risk to taking this patch (and alternatives if risky): none known

This is expected fallout from bug 80855. I propose we land tweaks like this also in the stable branch (24.0.x)
Comment 13 Mark Banner (:standard8) 2013-09-23 04:28:14 PDT
Comment on attachment 804999 [details] [diff] [review]
patch v2

Already on aurora, so we'll land on beta, and get out onto 24 later.
Comment 14 Mark Banner (:standard8) 2013-09-23 04:33:00 PDT
https://hg.mozilla.org/releases/comm-beta/rev/e477d19f8863
Comment 15 Mark Banner (:standard8) 2013-09-26 02:50:39 PDT
Comment on attachment 804999 [details] [diff] [review]
patch v2

I landed this on comm-esr24 now as we'll probably land it anyway, and I wanted to give the tree a bump to test some other things:

https://hg.mozilla.org/releases/comm-esr24/rev/f078c31148c3
Comment 16 bjoern 2013-09-30 02:03:57 PDT
did you actually try that this works? bug #134402 should be a blocker for this bug. At least with my test with Thunderbird 24 changing the server name to FQDN not via GUI but via config editor I was told by thunderbird, that the ssl certificate for *.google.com does not match the host "smtp.gmail.com."
Comment 17 :aceman 2013-09-30 03:09:51 PDT
This patch does not fix bug #134402, that is a separate problem I can't fix.
But this patch should allow inputting FQDN in the UI. However the patch is not in TB24, will be in 24.0.1.

Note You need to log in before you can comment on or make changes to this bug.