[leafnode-list] Re: Disabling The "Is Valid FQDN" Check

Matthias Andree matthias.andree at gmx.de
Thu May 5 17:39:27 CEST 2011 

Guys,

this is a longish discussion, so I will not go into all the details.

The inconvenience of not allowing commonplace local TLDs is actually a
safety measure so that your posts appear not only in your local
leafnode, but also in the actual Usenet.

You may think that duplicates don't happen because the local part
differs, but search the web for "birthday paradoxon" to know it's not to
be taken lightly.


A few key notes though:

- Leafnode blocks some domains that are notorious for duplicate names.
It does not require that the hostname resolves in DNS.


- Leafnode does attempt to qualify its own hostname through the system
resolver, whatever the libc uses. Name Service Switch use is commonplace
today.


- Usenet is stricter than Internet mail about Message-IDs because the
world-wide distribution and "multiple feed" concepts in Usenet rely on it.

If ever you duplicate another computer's host name, these two computers
can block each other's messages.  Messages with a "seen" Message-ID
aren't transported, but silently dropped (except on first injection when
they are rejected).  See birthday paradoxon (mentioned above).

In worse cases, two different articles with the same Message-ID are
afoot, causing confusion.  This is extremely hard to detect so must be
avoided.


- I do not support servers that overwrite the Message-ID or don't
advertise moderated groups as such.

You can read from them but you must never post to them.  Leafnode-2
cannot detect that articles are successully posted there and will
consequently retransmit the articles in an endless loop.

Please report all servers that overwrite or modify Message-IDs to me so
that I can prevent leafnode from posting to these servers.


- Whiskers, duplicating the server's name as your own hostname is a
reliable way to get messages dropped on the floor by loop detection aka.
duplicate Path suppression. If you wonder why you're never getting
responses to your posts, a duplicate Path component is why.  Use a
subdomain.

Individual.net and Thomas Hochstein were mentioned as providers of
"hostnames" for Usenet Message-ID use.


- I will not offer an option to defeat the hostname checks.  There are
sufficient ways to get, for cheap or for free, a useful domain name.

It is arguably possible to write code such that leafnode can run in a
fetch-only configuration and only complain when someone tries to post,
but I clearly prefer "fail noisily up front if something's wrong" to
"fail only in some cases later" (later = when the news admin has left
the site, for instance), which strips quite a lot of functionality.


- I should probably implement code later that checks if servers
overwrite the Message-ID and block posting to them, and also code that
checks if Message-IDs shadow that of other servers, and, again, block
these for posting.


- Some clients are notorious to create invalid Message-IDs in Usenet, by
just duplicating the sender's domain. This is extremely dangerous.

HTH
Matthias

More information about the leafnode-list mailing list