FQDN for Leafnode

Peter D.

on Wednesday 09 January 2008 11:25
in the Usenet newsgroup alt.os.linux.mandriva
Moe Trin wrote:

> On Tue, 08 Jan 2008, in the Usenet newsgroup alt.os.linux.mandriva, in
> article <.gnode.com.au>, Peter D. wrote:
>
>>Moe Trin wrote:

[snip]
>>What would be wrong with a LHS of a time stamp and a sequential
>>message count? (Assuming unique RHS.)
>
> Probably nothing - what's the resolution of your timestamp, and how
> fast can you post?

In general, computers are really good at counting. I would be
prepared to trust the count part of the LHS for a given installation.
The date part of the LHS only has to have enough resolution to
distinguish between re-installations.

>>> Though other algorithms will work, it is
>>> RECOMMENDED that the right hand side contain some domain identifier
>>> (either of the host itself or otherwise) such that the generator of
>>> the message identifier can guarantee the uniqueness of the left hand
>>> side within the scope of that domain.
>>>
>>> Notice the last sentence.
>>
>>I haven't read that before, but it makes sense. "Guarantee" is a bit
>>of a problem if there happens to be even one bozo on the 'net doing
>>something wrong.
>
> Yeah, but this is assuming (as all RFCs do) that everyone is playing by
> the rules. If the RHS is unique, duplicate LHS are no matter. If the
> RHS is using some other scheme you may run into a problem. When the
> graybeards were setting up these various concepts, recall that even
> SLIP (RFC1055) wasn't that common. For the user who was not at "the"
> computer, they were likely at a serial terminal of some kind, and as
> far as the Internet was concerned, they were just another user on "the"
> computer (check the dates on RFC0931 and 1413) and it had it's own
> FQDN. Thus, the suggestion that the RHS was to be (at least) based on
> the FQDN was reasonable (or at the very least, not unrealistic).
>
>>There are some instructions from Matthias Andree (the Leafnode author)
>>but they are not included in the leafnode rpm. A packaging error?
>>Here is a link, <http://leafnode.sourceforge.net/doc_en/README-FQDN.html>.
>
> Which to me, isn't very helpful. It's a reasonable description of why,
> but not how. If you have a registered domain - yeah, that's fine, but
> if you don't he has three items:
>
> news.individual.de or news.individual.net
>
> T-Online
>
> Ask your network administrator or your Internet service provider.
> Your local network administrator can assign you a domain to use
> for Message-IDs.
> Your Internet service provider may have reserved a special sub
> domain for the sole purpose of letting users create their own
> unique Message-IDs.
>
> I don't think I've ever encountered the later.

The instructions helped me work out how things were supposed to
work and what my ISP should do. My ISP wasn't interested and
probably didn't understand the problem, but I was able to get
a working solution anyway.

>>> In twentyfive years on the Internet (1983), I don't think I've never
>>> encountered this. Domain names are not usernames.
>>
>>Twentyfive years on the Internet and you've never encountered a
>>competent ISP? ;-) Sad, but believable.
>
> Very few. Most staff I speak to can't even _spell_ IP, never mind
> know what it might mean. And it's so much fun to catch the new guy
> on the hell-desk when I call in to report a problem they are having
> (or causing) and he asks when was the last time I rebooted. "Well,
> lessee... 'uptime' says it was <mumble> months ago". Did you hear
> that CLUNK as their jaw hits the floor?
>
>>Or did you mean user names as domain names?
>
> That's really not very common,

I guess it is uncommon.

> and in todays paranoia and spam-laden
> world, not very likely. Heck, the usernames I have at four ISPs are
> all generated from /dev/urandom (piped to mimencode or uuencode) just
> to avoid the phonebook version of a dictionary attack by spammers.
>
>>web site at <http://home.alpahlink.com.au/~psd>
>
> web page is not hostname.

I was just illustrating how they worked.

>>Alphalink used to offer what they called "partial domain" hosting.
>>If I had of paid a little more I could have had my home page at
>><http://psd.alphalink.com.au>.
>
> Many ISPs allow/provide the web page option, but I don't see that
> much of the username.ISP.tld construct. It's easy enough to do.
>
>>Chariot does not seem to offer partial domain hosting, although
>>both Alphalink and Chariot offer(ed) "full domain hosting" for
>>addresses of the form, < registered name].com.au>.
>
> I have _no_ idea how many hosting services there are in the world.
> I've got over 300 of them in the firewall block lists alone because
> of non-responded abuse complaints.
>
>>I knew at the time that psd.alphalink.com.au was not in use,
>>or available to anyone else, because Alphalink was trying to
>>sell it to me.
>
> Not unreasonable.
>
>>Partial domain hosting seems to have fallen out of fashion.
>>I just googled "partial domain hosting" and only got two hits.
>
> That may just be a search term problem - I know that both the local
> telco and cable-TV provider offered small-business accounts (at a mere
> 20 times the cost of a residential account), but they were all
> , and they did mail as
> (I vaguely recall it was limited to something like ten usernames). For
> the most part, the minimum business setup is a full domain, with the
> web page (what more could you possibly need) hosted by some hosting
> service, and the mail forwarded to your residential account (if they
> aren't doing POP or IMAP).
>
>>If you are composing off line your modem, cable or otherwise, does
>>not have a FQDN. My adsl modem/router/firewall has a single
>>address for long periods, but can change unexpectedly. I'm not
>>sure how I could go about finding my current IP address or its
>>human readable equivalent for each and every Message_ID.
>
> There are a number of services - generally web pages - where you can
> connect and it returns the IP and possibly even hostname you are
> connecting from. Problem: There are quite a number of providers who
> haven't figured out how to provide rDNS, and most of the rest are
> returning a generic address (hostname might return the in-addr.arpa
> name, or dot.ted.quad.ISP.tld). Both of those get your mail server
> blocked/refused, although the later would allow you to form the RHS
> of a Message-ID.
>
>>That is what I have been referring to as a "fake" FQDN. It is world
>>wide unique to me (assuming that everyone follows the rules) but is
>>not resolvable.
>>
>>My computer could then be; off line, on dial up, on adsl, or
>>connected to both dial up and adsl to two different ISPs at
>>the same time - neither of which is called Motzarella. It would
>>be a silly arrangement, but valid.
>
> I'm not sure how reliable it would be. Certainly it would be a near
> zero cost type of thing - the provider need only set up a sub-domain
> like "phony.ISP.tld", and hand out "unique.phony.ISP.tld" to all and
> sundry - but if the names are going to be unique, there is a finite
> cost in "man-seconds" and disk-space (to retain the records). And
> there is nothing that would prevent some other user from using the
> name (unlike a real hostname).

Is there anything stopping everyone using microsoft.com in the
RHS of their message_IDs (apart from it being really silly)?

> [using /dev/random to create RHS]
>
>>> It got trimmed, but that was referring to generating a RHS part during
>>> the software installation.
>>
>>OK, but random (or worse pseudo random) does not guarantee unique.
>
> 256 bits of /dev/random? No - not guaranteed, but the odds would be
> pretty good. That's 51 caseless letters give or take.

Using big random numbers is probably more reliable, but philosophically
I like the idea of "doing it right".


--
sig goes here...
Peter D.

Moe Trin

On Thu, 10 Jan 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
<>, Peter D. wrote:

>Moe Trin wrote:

>>> What would be wrong with a LHS of a time stamp and a sequential
>>> message count? (Assuming unique RHS.)
>>
>> Probably nothing - what's the resolution of your timestamp, and how
>> fast can you post?
>
>In general, computers are really good at counting. I would be
>prepared to trust the count part of the LHS for a given installation.
>The date part of the LHS only has to have enough resolution to
>distinguish between re-installations.

I'm not trying to be silly, but I'd rather have the time with a bit more
resolution - minutes at least - and have the count start from the
existence of this instance of the posting daemon. The size of the
message ID field isn't currently specified (other than the general
limit of section 2.2.3 of RFC2822), so including a 32 bit time_t and
perhaps a 4 bit message number allows "unique" to 16 messages per
second for a Very Long Time(tm) in 9 hex characters.

[leafnode.sourceforge.net/doc_en/README-FQDN.html - no registered domain]

>> I don't think I've ever encountered the later.
>
>The instructions helped me work out how things were supposed to
>work and what my ISP should do. My ISP wasn't interested and
>probably didn't understand the problem, but I was able to get
>a working solution anyway.

I can understand that - the help-droid you spoke to isn't used to the
concept of message-IDs, and why your software is having a problem.
After all, he's never heard of it before, and there is nothing in his
script-book ("customer has this problem, tell him to do that") about
it. Recall that most users who are accessing news are doing so with
some form of on-line tool - most often Lookout, or some web browser,
and "they don't have this problem".

>> And there is nothing that would prevent some other user from using
>> the name (unlike a real hostname).
>
>Is there anything stopping everyone using microsoft.com in the
>RHS of their message_IDs (apart from it being really silly)?

No - nothing at all. Now it may be the newsgroups I scan, but a quick
grep through my news spool doesn't show a single 'Message-ID' or
'References' header with that string, and I'd expect anyone posting
from microsoft would be posting with a FQDN in the RHS, not just the
domain name. Further, I expect their non-public hostnames to be
something in the 'hostname.subdomain.microsoft.com' form/style. They
certainly have enough employees that they wouldn't be using the
hostname.microsoft.com construct - you run into unique hostname
problems after a few thousand hosts.

Thus, it's likely that anyone using microsoft.com _alone_ on the RHS
is going to be tripping over others who are using that name without
authorization. I really doubt it would conflict with any posts that
are really from someone at microsoft. That also assumes that there
are individuals posting from there. My company has a policy against
posting with the company username (never mind posting from company
systems for anything not explicitly company specific - and I'm not
designated as a "company spokesman", so that's out).

>> [using /dev/random to create RHS]

>Using big random numbers is probably more reliable, but philosophically
>I like the idea of "doing it right".

It's probably a lot safer - while 50 random letters is a huge pool of
random possibilities (something like 1.16 x 10^77) someone has warned
that "Ah, but million-to-one chances come up nine times out of ten..."
especially when the results are going to be bad for you ;-)

Old guy