DNS A record with https:// in the label











up vote
1
down vote

favorite












I recently encountered for the first time an A record of the form:



https://www.example.com.    <TTL>   IN  A   <IP address>


As far as I know, this record is deliberate (i.e. not an error). I know that the colon and forward-slash are valid characters for a label, per RFC 2181, but I don't understand the record's purpose. Does some certificate authority use this form for domain control validation? Does this form protect against some type of exploit? Trap some kind of user error or known issue with software?










share|improve this question


























    up vote
    1
    down vote

    favorite












    I recently encountered for the first time an A record of the form:



    https://www.example.com.    <TTL>   IN  A   <IP address>


    As far as I know, this record is deliberate (i.e. not an error). I know that the colon and forward-slash are valid characters for a label, per RFC 2181, but I don't understand the record's purpose. Does some certificate authority use this form for domain control validation? Does this form protect against some type of exploit? Trap some kind of user error or known issue with software?










    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I recently encountered for the first time an A record of the form:



      https://www.example.com.    <TTL>   IN  A   <IP address>


      As far as I know, this record is deliberate (i.e. not an error). I know that the colon and forward-slash are valid characters for a label, per RFC 2181, but I don't understand the record's purpose. Does some certificate authority use this form for domain control validation? Does this form protect against some type of exploit? Trap some kind of user error or known issue with software?










      share|improve this question













      I recently encountered for the first time an A record of the form:



      https://www.example.com.    <TTL>   IN  A   <IP address>


      As far as I know, this record is deliberate (i.e. not an error). I know that the colon and forward-slash are valid characters for a label, per RFC 2181, but I don't understand the record's purpose. Does some certificate authority use this form for domain control validation? Does this form protect against some type of exploit? Trap some kind of user error or known issue with software?







      domain-name-system a-record






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 2 hours ago









      Binky

      63




      63






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          5
          down vote













          The most likely explanation is a user unfamiliar with DNS tried to configure the DNS records and made a mistake that's glaringly obvious to anyone familiar with DNS, but not to people who aren't.



          While a DNS label can be any arbitary binary data generally, you should read the rest of section 11, in particular:




          Note however, that the various applications that make use of DNS data
          can have restrictions imposed on what particular values are
          acceptable in their environment. For example, that any binary label
          can have an MX record does not imply that any binary name can be used
          as the host part of an e-mail address. Clients of the DNS can impose
          whatever restrictions are appropriate to their circumstances on the
          values they use as keys for DNS lookup requests, and on the values
          returned by the DNS. If the client has such restrictions, it is
          solely responsible for validating the data from the DNS to ensure
          that it conforms before it makes any use of that data.




          Among other things, this means that the label syntax may be constrained depending on the RR type. As specified in RFC 1123 section 2.1 and RFC 952, Internet host names have such a constrained syntax, in which the colon and slash are not valid.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














             

            draft saved


            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f941735%2fdns-a-record-with-https-in-the-label%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            5
            down vote













            The most likely explanation is a user unfamiliar with DNS tried to configure the DNS records and made a mistake that's glaringly obvious to anyone familiar with DNS, but not to people who aren't.



            While a DNS label can be any arbitary binary data generally, you should read the rest of section 11, in particular:




            Note however, that the various applications that make use of DNS data
            can have restrictions imposed on what particular values are
            acceptable in their environment. For example, that any binary label
            can have an MX record does not imply that any binary name can be used
            as the host part of an e-mail address. Clients of the DNS can impose
            whatever restrictions are appropriate to their circumstances on the
            values they use as keys for DNS lookup requests, and on the values
            returned by the DNS. If the client has such restrictions, it is
            solely responsible for validating the data from the DNS to ensure
            that it conforms before it makes any use of that data.




            Among other things, this means that the label syntax may be constrained depending on the RR type. As specified in RFC 1123 section 2.1 and RFC 952, Internet host names have such a constrained syntax, in which the colon and slash are not valid.






            share|improve this answer



























              up vote
              5
              down vote













              The most likely explanation is a user unfamiliar with DNS tried to configure the DNS records and made a mistake that's glaringly obvious to anyone familiar with DNS, but not to people who aren't.



              While a DNS label can be any arbitary binary data generally, you should read the rest of section 11, in particular:




              Note however, that the various applications that make use of DNS data
              can have restrictions imposed on what particular values are
              acceptable in their environment. For example, that any binary label
              can have an MX record does not imply that any binary name can be used
              as the host part of an e-mail address. Clients of the DNS can impose
              whatever restrictions are appropriate to their circumstances on the
              values they use as keys for DNS lookup requests, and on the values
              returned by the DNS. If the client has such restrictions, it is
              solely responsible for validating the data from the DNS to ensure
              that it conforms before it makes any use of that data.




              Among other things, this means that the label syntax may be constrained depending on the RR type. As specified in RFC 1123 section 2.1 and RFC 952, Internet host names have such a constrained syntax, in which the colon and slash are not valid.






              share|improve this answer

























                up vote
                5
                down vote










                up vote
                5
                down vote









                The most likely explanation is a user unfamiliar with DNS tried to configure the DNS records and made a mistake that's glaringly obvious to anyone familiar with DNS, but not to people who aren't.



                While a DNS label can be any arbitary binary data generally, you should read the rest of section 11, in particular:




                Note however, that the various applications that make use of DNS data
                can have restrictions imposed on what particular values are
                acceptable in their environment. For example, that any binary label
                can have an MX record does not imply that any binary name can be used
                as the host part of an e-mail address. Clients of the DNS can impose
                whatever restrictions are appropriate to their circumstances on the
                values they use as keys for DNS lookup requests, and on the values
                returned by the DNS. If the client has such restrictions, it is
                solely responsible for validating the data from the DNS to ensure
                that it conforms before it makes any use of that data.




                Among other things, this means that the label syntax may be constrained depending on the RR type. As specified in RFC 1123 section 2.1 and RFC 952, Internet host names have such a constrained syntax, in which the colon and slash are not valid.






                share|improve this answer














                The most likely explanation is a user unfamiliar with DNS tried to configure the DNS records and made a mistake that's glaringly obvious to anyone familiar with DNS, but not to people who aren't.



                While a DNS label can be any arbitary binary data generally, you should read the rest of section 11, in particular:




                Note however, that the various applications that make use of DNS data
                can have restrictions imposed on what particular values are
                acceptable in their environment. For example, that any binary label
                can have an MX record does not imply that any binary name can be used
                as the host part of an e-mail address. Clients of the DNS can impose
                whatever restrictions are appropriate to their circumstances on the
                values they use as keys for DNS lookup requests, and on the values
                returned by the DNS. If the client has such restrictions, it is
                solely responsible for validating the data from the DNS to ensure
                that it conforms before it makes any use of that data.




                Among other things, this means that the label syntax may be constrained depending on the RR type. As specified in RFC 1123 section 2.1 and RFC 952, Internet host names have such a constrained syntax, in which the colon and slash are not valid.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 2 hours ago

























                answered 2 hours ago









                Michael Hampton

                162k26299612




                162k26299612






























                     

                    draft saved


                    draft discarded



















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f941735%2fdns-a-record-with-https-in-the-label%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    404 Error Contact Form 7 ajax form submitting

                    How to know if a Active Directory user can login interactively

                    TypeError: fit_transform() missing 1 required positional argument: 'X'