Windows 2003 DNS and the Underscore

Author: NetworkAdminKB.com
Created: 2008-03-12
Modified: 2009-05-16

Issue:

There is a lot of information on the internet about DNS and the use of the underscore ( _ ) in hostnames.  Most of the information is accurate to a certain degree, but the information provided does not give the complete picture of DNS and its allowed use of the underscore (and other special characters).

 

In this article I will attempt to provide you the needed information about how using an underscore in Windows 2003 DNS may affect your compatibility with other environments, some common questions/issues that may arise, and the where, why, and how the DNS standard implemented support for the underscore.

 

Issue #1

Is the underscore a supported character for DNS hostnames (my_hostname.domain.com)?

 

Issue #2

Is the underscore allowed in DNS domain names (hostname.my_domain.com)?

 

Issue #3

Is the underscore explicitly reserved for use in SRV records (_srv.domain.com)?

 

Issue #4

Is the underscore explicitly forbidden for use with SMTP hostnames (my_smtp.domain.com)?

 

Issue #5

Another issue that arises is the use of the underscore in an Active Directory Site Name (which is used in DNS).  You may receive this message when you to attempt to configure a site name using an underscore or other special character.

The site name Site_example does not conform to Internet standard for naming.  Using this name might affect your ability to interoperate with networks using non-Microsoft DNS servers.  Do you want to use this name anyway?

 

 

Cause:

The underlying issues regarding the use of the underscore (and other special characters) in DNS hostnames center around two major items.

1)      RFC 1035 explicitly defines hostnames as starting “with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen.”

2)      Compatibility with non-Microsoft or older DNS servers.

 

While RFC 1035 is still the foundation for most of the DNS standard, RFC 2181 (Clarifications to the DNS Specification) introduced support for non-English languages and special characters.  However, just because there is an RFC that supports the use of the underscore (and other special characters) it does not mean that every DNS server implements that RFC.  Thus, compatibility with non-Microsoft or older DNS servers may become very important in certain environments (like using the names on the internet).  However, the need to worry about DNS server compatibility on the internet has been greatly reduced in recent years.

 

Solution:

By default Windows 2003 DNS implements support for RFC 2181 by using the UTF-8 character set.  The UTF-8 character set can implement any binary string as a hostname.  The ability to implement any binary string as a hostname is defined in RFC 2181 section 11 Name Syntax. 

 

Below is a screen shot showing the various settings for the Name checking setting on Windows 2003 DNS Server.  The default setting is Multibyte (UTF8).  The other settings are provided for backwards compatibility or compatibility with other DNS servers.

 

 

 

Issue #1

Is the underscore a supported character for DNS hostnames (my_hostname.domain.com)?

Yes, RFC 2181 added support for the underscore and other non-English characters.  Prior to RFC 2181, RFC 1035 explicitly limited the character for use in hostnames to English letters, numbers, and a hyphen.

 

Issue #2

Is the underscore allowed in DNS domain names (hostname.my_domain.com)?

Yes, the general consensus is that RFC 1035 explicitly defined the character set for hostnames as English letters, numbers, and a hyphen, but did not limit domain names to this character set.  Regardless, the introduction of RFC 2181 allows underscores to be used regardless of it being in a hostname or domain name.

 

Issue #3

Is the underscore explicitly reserved for use in SRV records (_srv.domain.com)?

No, RFC 2782 uses a prefix underscore as a way to try and prevent collisions with existing hostname records when creating these records in DNS.  Thus, it is evidence of the support for the underscore in DNS, the RFC does not limit its use to SRV records.

 

Issue #4

Is the underscore explicitly forbidden for use with SMTP hostnames (my_smtp.domain.com)?

Yes, unfortunately the SMTP RFC 2821 explicit forbids the underscore in SMTP hostnames.  The following is from section 4.1.2 Command Argument Syntax of RFC 2821

 

To promote interoperability and consistent with long-standing guidance about conservative use of the DNS in naming and applications (e.g., see section 2.3.1 of the base DNS document, RFC1035 [22]), characters outside the set of alphas, digits, and hyphen MUST NOT appear in domain name labels for SMTP clients or servers.  In particular, the underscore character is not permitted.  SMTP servers that receive a command in which invalid character codes have been employed, and for which there are no other reasons for rejection, MUST reject that command with a 501 response.

 

Issue #5

Using the underscore in an Active Directory Site Name is only of concern if you are using (replicating to) non-Windows 2003 DNS servers and/or the Windows 2003 DNS servers in use are not configured to use the UTF-8 character set.  Otherwise you can safely ignore this message.

 

More Information:
RFC 1034: DOMAIN NAMES - CONCEPTS AND FACILITIES

RFC 1035: DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION

RFC 1123: Requirements for Internet Hosts -- Application and Support

RFC 2181: Clarifications to the DNS Specification

RFC 2821: Simple Mail Transfer Protocol

RFC 2782: A DNS RR for specifying the location of services (DNS SRV)

http://en.wikipedia.org/wiki/Domain_name

 

Other Facts about DNS names

1)      RFC 1123 allows hostnames to start with a digit

2)      RFC 2181 defines maximum length of a DNS fully qualified domain name (FQDN) at 254 bytes (255 bytes with ending period) and 63 bytes per DNS label.  A single DNS label is the text before, after, or between the periods of the FQDN.

a.       Notice the length is in bytes not characters.  RFC 2181 (UTF-8) allows multi-byte characters.

 

Article ID: 156, Created On: 9/18/2011, Modified: 9/18/2011