[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What do people use public suffix for?

Jay Ashworth <jra at baylink.com> writes:

> ----- Original Message -----
>> From: "John Levine" <johnl at iecc.com>
>> The public suffix list contains points in the DNS where (roughly
>> speaking) names below that point are under different management from
>> each other and from that name. It's here: http://publicsuffix.org/
>> The idea is that abc.foo.com and xyz.foo.com have the same management,
>> but abc.co.uk and xyz.co.uk do not.
>> You don't have to tell me that it's a gross crock, but it seems to
>> be a useful one. What do people use it for? Here's what I know of:
>> * Web browsers use it to manage cookies to keep a site from putting
>> cookies that will affect other sites, e.g. abc.foo.co.uk can set a
>> cookie for foo.co.uk but not for co.uk.
>> * DMARC (www.dmarc.org) uses it to find a policy record in the DNS
>> that describes a subtree, e.g., if you get mail that purports to be
>> from eBay at reply1.ebay.com it checks the policy at ebay.com.
>> What other current applications are there?
> Seems to me that it's a crock because *it should be in the DNS*.

It is already, isn't it?  The NS and SOA records will tell you all there
is to know about zone splits and cross zone relations.

> I should be able to retrieve the AS (administrative split) record 
> for .co.uk, and there should be one that says, "yup, there's an
> administrative split below me; nothing under there is mine unless 
> you also get an exception record for a subdomain".

Use the SOA record.  If it is identical for two zones, then the
adminstrative authority for those zones is the same.

For example, "microsoft.co.uk" and "microsoft.com" can be considered
under the same administration:

 bjorn at nemi:~$ dig +short soa microsoft.co.uk 
 ns1.msft.net. msnhst.microsoft.com. 2013032601 1800 900 2419200 3600
 bjorn at nemi:~$ dig +short soa microsoft.com
 ns1.msft.net. msnhst.microsoft.com. 2013041803 300 600 2419200 3600

While "apple.co.uk" and "apple.com" may be, depending on how strict you
are going to be when comparing:

 bjorn at nemi:~$ dig +short soa apple.co.uk 
 nserver.euro.apple.com. hostmaster.apple.com. 10 1800 900 2592000 1800
 bjorn at nemi:~$ dig +short soa apple.com
 gridmaster-ib.apple.com. hostmaster.apple.com. 2010086586 1800 900 2016000 86500