Discuss mailing list

[opennic <opennic AT ultimatedns.net>]

On 2026-01-29 01:17, e AT eo.gl wrote:
> On Jan 29, 2026 12:32 AM, Renard Bleu <dnsadmin123456 AT proton.me> wrote:
> > Aaaa...... yes, the Tier-1 DNS servers for .o TLD (ns9 and
> > ns11.opennic.glue) are down. And I just checked the zone files and
> > it shows that currently there is no domain registered under .o TLD.
> > Maybe you may ask the owner of ns9/ns11 for help. Or more directly,
> > you can ask in OpenNIC IRC channel (Server: irc.libera.chat:6697
> > (use SSL) Channel: #opennic) for help.
> >
> > Sent with Proton Mail secure email.
>
> I also added the maintainer to the CC of the mail but the mail server 
> rejected my
> e-mail. Both the nameservers are down and the registration hosting website 
> is also
> down. Maybe I'll try IRC later.
>
> On Jan 29, 2026 6:06 AM, Jacob Bachmeyer <jcb62281 AT gmail.com> wrote:
> > On 1/28/26 12:48, Renard Bleu wrote:
> > > Hello,
> > >
> > > There is an issue that, domains with .o TLD may be mistaken as an
> > > object file with .o extension name (eg. intermediate output file
> > > produced by a compiler from c or cpp source code).
> > > (ref link:
> > > https://community.cloudflare.com/t/opennic-domain-names/98832/2
> > > ). Therefore, I think it is not secure for domain name operators to
> > > provide .o domain name registration services.
> >
> > That is ridiculous because DNS and the filesystem are separate
> > namespaces.  There is no possibility of confusion between a .o
> > domain
> > and an object file unless you work very hard to be stupid about it.
> >
> > Even the plausible scenario of storing files downloaded from a Web site
> > in a tree corresponding to the URL does not produce confusion because
> > the ".o" name in that case would be a *directory*, which is different in
> > the filesystem from any file that could have that name.  (Never mind
> > that downloaded resources and object files are rather unlikely to appear
> > in the same directory.)
> >
> > In short, this claim of "not secure" is bogus.
> >
> > -- Jacob
>
> Even though the DNS and the filesystem are seperate entities, there are some
> attack surfaces that can run both spaces. For example, browser address bars 
> can
> run websites using DNS and run files, or file explorer bar can run web 
> addresses,
> or the Windows Run utility can execute commands with it. This is where it 
> can be
> confusing. We can distinguish between them and avoid those kind of problems, 
> but a
> regular or people with less experience with computers and internet can be
> exploited with this TLD & extension confussion. Of course, the setup may 
> vary and
> especially, the .o domain is so hard to confuse with the file. The .zip TLD 
> is
> more problematic in that manner.

It is not the WWW clients responsibility to decide the nature of the content 
by name.
It is the server operators responsibility to INFORM the client of the nature 
of the
content. This has *always* been the case. RFCs are written for just these 
purposes.
Ignorance is no excuse or reason for prevention of valid requests.
If your client thinks it's smarter than the server operators declaration of 
content
type. You need to use a different client. Who knows what else your client is 
doing
wrong.
IOW if everyone strictly conforms to clearly defined standards. Everyone will 
always
know what to expect.
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

Attachment: 0x895A7103.asc
Description: application/pgp-keys