mirage / ocaml-dns

OCaml implementation of the DNS protocol
BSD 2-Clause "Simplified" License
105 stars 43 forks source link

Punycode features? #65

Open dsheets opened 9 years ago

dsheets commented 9 years ago

It's frightening but it does exist. :-(

See https://tools.ietf.org/html/rfc3492 and https://tools.ietf.org/html/rfc5891.

This might want to be a codec lib that we depend on in some future utopia.

hannesm commented 8 years ago

some lib (not yet packaged, needs mli and tests) appeared https://github.com/cfcs/ocaml-punycode

avsm commented 5 years ago

@hannesm @cfcs is this in scope for integration now that we use domain-names here?

hannesm commented 5 years ago

it should not need any changes to dns itself (ok, maybe to the client code), but instead some transformation before passing the request to the internet via the above linked punycode library

cfcs commented 5 years ago

The library now has tests and docstrings, and I think it should work pretty well now, at least I haven't been able to find misbehaviour.

Due to phishing and so on I'm a little bit concerned about transparently encoding Punycode names from unicode strings, see: https://github.com/cfcs/ocaml-punycode/issues/6

I'm not 100% up to date on what countermeasures browsers deploy to prevent stuff like this, but I think a common one is to complain if the unicode string contains characters from mixed unicode character planes, ie all-cyrillic or all-latin is fine, but mixed cyrillic and latin is rejected. The Wikipedia article referenced in the issue has some more details.