Rick Swift & Apple & Embedded I make things. Sometimes, I’ll talk about it here.

My Gorram Frakking Blog

DNS Standards to Support Wide-Area Bonjour

2008 FEB 28 Computers

Over the past few weeks I've been trying to move my DNS services to third-party DNS providers, like DreamHost, FreeDNS, and DynDNS. So far, I haven't found a provider that accepts arbitrary data for the various resource records' values (including spaces), severely limiting how nice wide-area Bonjour can be. I've been able to advertise services, they just look bad.
For more information, consult these pages on Bonjour and Wide-Area Bonjour.
Here I've tried to collect relevant parts of DNS-related RFCs to provide evidence that DNS service providers should support arbitrary characters in their DNS records.
Summary: there’s no reason a DNS provider should restrict the content of any resource record name or data field, except for its length. Those providers who use HTML forms for configuration can also make it easy to use UTF-8 text by just accepting what’s entered into each form field, and handle conversion to BIND configurations themselves (if that’s their implementation).

RFC1035 Domain Names—Implementation and Specification

From 3.3. “Standard RRs,” page 12:

<domain-name> is a domain name represented asa series of labels, and terminated by a label with zero length. <character-string> is a single length octet followed by that number of characters. <character-string> is treated as binary information, and can be up to 256 characters in length (including the length octet).

3.3.12. “PTR RDATA format,” page 17:

PTRDNAME

where:

PTRDNAME A <domain-name> which points to some location in the domain name space.

PTR records cause no additional sectionprocessing. These RRs are used in special domains to point to some other location in the domain space. These records are simple data, and don't imply any special processing similar to that performed by CNAME, which identifies aliases. See the description of the IN-ADDR.ARPA domain for an example.

From 5.1. “Format,” page 33:

<domain-name>s make up a large share of the data in the master file. The labels in the domain name are expressed as character strings and separated by dots. Quoting conventions allow arbitrary characters to be stored in domain names. Domain names that end in a dot are called absolute, and are taken as complete. Domain names which do not end in a dot are called relative; the actual domain name is the concatenation of the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as an argument to the master file loading routine. A relative name is an error when no origin is available.

…

<character-string> is expressed in one or two ways: as a contiguous set of characters without interior spaces, or as a string beginning with a " and ending with a ". Inside a " delimited string any character can occur, except for a " itself, which must be quoted using \ (back slash).

…

Because these files are text files severalspecial encodings are necessary to allow arbitrary data to be loaded. In particular:

of the root.
@ A free standing @ is used to denote the current origin.
\X where X is any character other than a digit (0-9), is used to quote that character so that its special meaning does not apply. For example, "\." can be used to place a dot character in a label.
\DDD where each D is a digit is the octet corresponding to the decimal number described by DDD. The resulting octet is assumed to be text and is not checked for special meaning.
( ) Parentheses are used to group data that crosses a line boundary. In effect, line terminations are not recognized within parentheses.
; Semicolon is used to start a comment; the remainder of the line is ignored.

RFC2181 “Clarifications to the DNS Specification”

Section 11. “Name Syntax”:

Occasionally it is assumed that the Domain Name System serves only the purpose of mapping Internet host names to data, and mapping Internet addresses to host names. This is not correct, the DNS is a general (if somewhat limited) hierarchical database, and can store almost any kind of data, for almost any purpose.

The DNS itself places only one restriction on the particular labels that can be used to identify resource records. That one restriction relates to the length of the label and the full name. The length of any one label is limited to between 1 and 63 octets. A full domain name is limited to 255 octets (including the separators). The zero length full name is defined as representing the root of the DNS tree, and is typically written and displayed as ".". Those restrictions aside, any binary string whatever can be used as the label of any resource record. Similarly, any binary string can serve as the value of any record that includes a domain name as some or all of its value (SOA, NS, MX, PTR, CNAME, and any others that may be added). Implementations of the DNS protocols must not place any restrictions on the labels that can be used. In particular, DNS servers must not refuse to serve a zone because it contains labels that might not be acceptable to some DNS client programs. A DNS server may be configurable to issue warnings when loading, or even to refuse to load, a primary zone containing labels that might be considered questionable, however this should not happen by default.

Note however, that the various applications that make use of DNS data can have restrictions imposed on what particular values are acceptable in their environment. For example, that any binary label can have an MX record does not imply that any binary name can be used as the host part of an e-mail address. Clients of the DNS can impose whatever restrictions are appropriate to their circumstances on the values they use as keys for DNS lookup requests, and on the values returned by the DNS. If the client has such restrictions, it is solely responsible for validating the data from the DNS to ensure that it conforms before it makes any use of that data.

See also [RFC1123] section 6.1.3.5.

RFC1123 section 6.1.3.5:

6.1.3.5 Extensibility

DNS software MUST support all well-known, class-independent formats [DNS:2], and SHOULD be written to minimize the trauma associated with the introduction of new well-known types and local experimentation with non-standard types.

DISCUSSION:

The data types and classes used by the DNS are extensible, and thus new types will be added and old types deleted or redefined. Introduction of new data types ought to be dependent only upon the rules for compression of domain names inside DNS messages, and the translation between printable (i.e., master file) and internal formats for Resource Records (RRs).

Compression relies on knowledge of the format of data inside a particular RR. Hence compression must only be used for the contents of well-known, class-independent RRs, and must never be used for class-specific RRs or RR types that are not well-known. The owner name of an RR is always eligible for compression.

A name server may acquire, via zone transfer, RRs that the server doesn't know how to convert to printable format. A resolver can receive similar information as the result of queries. For proper operation, this data must be preserved, and hence the implication is that DNS software cannot use textual formats for internal storage.

The DNS defines domain name syntax very generally—a string of labels each containing up to 63 8-bit octets, separated by dots, and with a maximum total of 255 octets. Particular applications of the DNS are permitted to further constrain the syntax of the domain names they use, although the DNS deployment has led to some applications allowing more general names. In particular, Section 2.1 of this document liberalizes slightly the syntax of a legal Internet host name that was defined in RFC-952 [DNS:4].

Uneffingbelievable. San Carlos is suing a man for having no trash

2008 JAN 31 Society

I couldn't believe the article when I read it. I live here. I wish I lived in a house so I could do the same thing (I'm in an apartment 'till my house is built).

Uh...Windoze in Space?

2007 NOV 1 Space

I’ve been watching a lot of NASA TV lately (always do when the Shuttle visits the ISS, although probably more this time than previously).
One thing I’ve noticed a lot more this trip than any other: lots of stupid issues with Microsoft Windoze software. Problems getting email, problems getting printers to print, etc.
Now, I’ve seen lots of Macs in use at NASA. You can see them in Mission Control on NASA TV. You can see them in photos of the various labs all over the country.
Why aren’t they using Macs in orbit? I know Macs have their share of problems, too, but seriously. Email, word documents, printing…this kind of stuff works much, much better on a Mac than it does on Windows (if you don’t think so, you’re a fucking moron and should be sterilized to keep you from reproducing). Plus, you get the benefits of a virus-free OS. I know if I were in space, that’s what I’d want.

Update: Time Machine

2007 OCT 27 Apple / Computers

Feh. Time Machine sucks. After a painful setup process, I left Time Machine to do its thing. I just saw it mount a disk image that it created on the remote volume, so I know that all the speculation about enhancements to AFP (and possibly HFS+) are bunk. If it’s going to create disk images, it could do the same thing on any kind of file server. There’s no excuse for the AEBS not working.
That, I’m sick, and it’s pretty clear Cal’s going to lose to ASU. Fuck, what a shitty weekend.
Update: Feh. Time Machine does not estimate time remaining nor current data rate. I seem to be getting about 28.92 GB/h (over wired gigabit Ethernet).
Update: Time Machine really consumes CPU cycles. When the MBP is idle, the fans are not audible. Since Time Machine has been backing up, they've been continuously audible. The average data transfer rate has dropped to 16.9 GB/h. I have spent a few minutes of the last two hours watching streaming video, and doing a little bit of other work, but mostly it has been running undisturbed. mdimport is also running, not sure why.
Update: The combination of Time Machine and Leopard on the client and server make for some seriously fast network volume mounting! Whereas SuperDuper! takes ages to mount a network volume served by a Buffalo GigaStation NAS (first the volume, then the disk image on that volume, a process that takes several minutes), Time Machine and Leopard get the disk image mounted in seconds. After clicking on the Time Machine icon in the Dock, most of the time spent waiting for time machine to actually engage (with a tip of the hat to Picard) is waiting on the server’s drives to wake up.
I have yet to see how well the whole system does when I sleep the MBP, go to another network, and wake it up again. Maybe I’ll try that this afternoon. For sure I’ll try it when I go to work tomorrow.
One other note: When engaging Time Machine, the network volume does not mount; only the disk image mounts. Not sure how they pull that off, but maybe that’s one of the enhancements to AFP in Leopard. Hardware Growler reports both the server volume and the disk image mounting; just the network volume is hidden from the desktop (even though I have configured things to show mounted volumes).
When Time Machine begins an automatic backup, it does not display the floating progress window. Opening the System Preferencs panel shows a progress bar, though.
Update: Time Machine doesn’t deal well with lost servers. I engaged Time Machine, let it mount the backup volume (disk image), closed the lid on the MBP (it took a minute or more to sleep, but this is not new behavior in Leopard for me), and went to a breakfast place with free WiFi. There, I opened the MBP, saw the Time Machine screen still up, waited for Hardware Growler to indicate that the system had self-assigned an IP address, and then started moving through time. After a bit of back-and-forth, Time Machine appeared to hang (although the starry background animation continued). After several minutes (5 - 10), I decided to force-quit Time Machine. Pressing Command-Option-Escape had no effect, and after pressing it several times, Time Machine suddenly disengaged and there was a server-disconnect dialog on the screen.
Also, during the time that Time Machine was up, a dialog was presented asking if I wanted to join one of a couple of networks, including the free one at at the breakfast place. However, I was unable to click on any of the networks to select them, and hence, was unable to join a network (the window could move, and the “Other…” and “Cancel” buttons worked fine). Feh. Feh.

Time Machine, AirPort Extreme and ZFS

2007 OCT 27 Apple / Computers

First, the good news. It’s not new news, but it’s still good. Leopard shipped with a read-only implementation of ZFS. To get a beta version of a full read/write ZFS, you need to have an Apple Developer Connection account (the free Online membership is enough). Look in the “Mac OS X” section of the downloads area. I’m using v1.1.
Now, the bad news: you can’t use ZFS storage pools as your Time Machine Backup drive. Sigh. I’m not surprised, but I had hoped. Eventually, it makes sense for Apple to move to ZFS as the default file system, but who knows how long that will take? For the time being, HFS+ (Mac OS Extended) file systems store meta data about files that other file systems can’t handle natively. I suspect this is true of ZFS, too. You can hack your way around these limitations, by simply creating additional files on the system and storing the meta data in there, but that’s ugly. My hope is that Apple will enhance ZFS to support HFS+’s metadata natively, and that will be that.
Time Machine has other limitations, too. I’m not too upset that I can’t yet use ZFS for my backups (so long as Apple fixes this in the next six months or so), but I am upset that I can’t use the AirPort Extreme Base Station as a backup file server. It was said, in the months leading up to the release of Leopard, that Time Machine could back up to the AEBS. In fact, it’s the reason I bought the AEBS: I couldn’t be sure that a non-Apple file server would properly support AFP, and I had it on good authority (Apple) that the AEBS would do the trick.
I can speculate as to why: other Mac backup solutions, like SuperDuper!, create a disk image on the target volume to work around limitations in AFP. Although I’m not certain of the precise limitations, they have to do with file ownership and permissions (for example, a user ID on one system is not necessarily the same as a user ID on another system). From what I understand, Apple has enhanced AFP in Leopard (and by one account, HFS+, or at least the filesystem API) to accommodate the needs of backup software.
So, at the last minute, Apple tells us that you can’t use an AEBS as a backup server, but you can use Personal File Sharing on another machine running 10.5. I have an older PowerBook sitting around, so I decided to buy a FireWire external drive and use that as my backup solution (for now).
I bought a Buffalo DriveStation Duo. I chose it because Fry’s had it (I could get it right now) and I was able to verify that it can operate in JBOD mode. I wanted to try using ZFS first, and if that didn’t work, the DriveStation supports mirroring.
I followed the directions in the Apple ZFS Readme’s Getting Started section. As described in the readme, it was necessary to repartition the drives to use the GUID Partition Table. I had a bit of difficulty with this. The volumes mounted when I first connected it, and I used the Finder to unmount them. I tried to make a ZFS pool before repartitioning, which ZFS did without complaint, and which subsequently caused a new volume to mount. I unmounted that, but attempts to repartition resulted in “resource busy” errors (the other drive repartitioned fine). Disconnecting the entire DriveStation and reconnecting it seemed to fix it.
I built a nice ZFS mirrored pool out of the two drives, shared it via Personal File Sharing, and mounted it on the other Mac. Time Machine refused to recognize it as an acceptable backup volume. I briefly considered making a disk image on the drive and trying that, but decided I disliked that solution enough that I didn't want to use it even if it worked.
Attempting to use the ZFS pool on the local machine also doesn’t work.
The next step was to reconfigure the DriveStation as a mirrored array, with an HFS+ volume format. I tried to do this with the RAIDSetting application from Buffalo, but it failed with complaints about the "The old volume lable [sic] is not valid. Delete volume label by using disk utility.” After half a dozen attempts to repartition the drives as PeeCee drives, I still can’t get RAIDSetting to function without complaint. The front of the DriveStation shows a green #2 and a yellow flashing #1.
Also note: the RAIDSetting app from Buffalo only works on PowerPC Macs. Basically, the Buffalo DriveStation Mac support is crap, and I would recommend strongly against using it (if you want to use their RAID support).
I finally decided to just play through the pain, and ignore the error. It seems to set the drive into the right mode, so we’ll see what happens.
As I write this, I’ve mounted the new, shared HFS+ Backup volume on my MacBook Pro, and Time Machine is “Preparing.” I’ll try to post an update if it works.