Hello,
We are planning to use unbound to perform DNS overrides for traffic redirection in certain locations within our org. I was wondering if there are any restrictions imposed on the DNS Names/CNAMEs we would add in the unbound.conf under local zone and data?
For example, AD DNS contains a list of characters that are not allowed, list of characters/digits a record should not start with etc. Do the same rule apply to unbound as well or can we go a bit crazy with our naming conventions ?
I apologize in advance If there is already some documentation on this. Please redirect me to them if available.
Thanks!!
Does https://en.wikipedia.org/wiki/Internationalized_domain_name related
to your question? Even if it does, I wonder myself how much it is used.
What is called "IDNA2008" is in use "all over the place" and is the way of encoding Unicode so that the encoded strings can be used as domain names.
Patrik Fältström
I think, though I haven’t checked, that:
- IDN is designed so that each byte, on 8 bit boundaries, would look like a printable ASCII character.
- Therefore, any DNS software would support it out of the box, without being aware of it.
So just meet IDN restrictions in your plans to your org DNS Names/CNAME, unbound local data, whatever.
What is called “IDNA2008” is in use “all over the place” and is the way of encoding Unicode so that the encoded strings can be used as domain names.
Patrik Fältström
I think, though I haven't checked, that:
1. IDN is designed so that each byte, on 8 bit boundaries, would look like a printable ASCII character.
Correct, and this is called A-Label which can be converted to and from a U-Label without any loss.
2. Therefore, any DNS software would support it out of the box, without being aware of it.
Yes.
So just meet IDN restrictions in your plans to your org DNS Names/CNAME, unbound local data, whatever.
That is exactly how it works. You do place the A-Label in the DNS config, and things will work just fine. Not the U-Label.
Patrik