The same goes for domain names; do NOT use a public...

Sindarina, Edge Case Detective's posts Post Back to profile

The same goes for domain names; do NOT use a public domain name you do not control in your configuration, documentation, or UI language.

Instead, use one of the available reserved domain names documented in RFC 2606, such as 'example.com', 'example.net', or the .example top-level domain.

❌ test.com
❌ yourdomain.com
✅ example.com
✅ yourdomain.example

Pass it on to your fellow developers, designers, documentation writers, and so forth.

Full RFC text is here;

https://datatracker.ietf.org/doc/rfc2606/

2/ 🧵

Like 1 24 Jun 2023 at 8:22 | Open on ngmx.com

33 comments

Sindarina, Edge Case Detective

Oh, and please, if you are sending email, don't make up random addresses for your app to test with. Only send mail to addresses you know are valid, and for which you have permission to send mail.

If you need to test SMTP while developing software, use a mock SMTP server that drops all outgoing email in a local directory, so you can inspect it without dumping a metric ton of email in your upstream's SMTP queue.

If you absolutely must generate unique email addresses for testing, either register a domain for that purpose and set up mail handling for it, or use the .test TLD, and have as many unique domain names as you like.

3/ END

Oh, and please, if you are sending email, don't make up random addresses for your app to test with. Only send mail to addresses you know are valid, and for which you have permission to send mail.

Expand text...

24 Jun 2023 at 8:27 | Open on ngmx.com

Sindarina, Edge Case Detective

There's always at least one person who doth protest too loudly, whenever they are alerted to bad habits like these 😂

24 Jun 2023 at 18:28 | Open on ngmx.com

Sindarina, Edge Case Detective

ADDENDUM: If you need to generate reverse DNS records for IP addresses, DO NOT simply paste in the entire IPv4 address as the hostname, such as in this example;

❌ 198.51.100.1.net.example
❌ 198.51.100.2.net.example

If you absolutely need to use dots, like for delegation within a large enterprise or to clients, reverse the string instead;

✅ 1.100.51.198.rev.net.example
✅ 2.100.51.198.rev.net.example

Most to least specific, always.

In the vast majority of cases, keep it simple, with something like this;

✅ ip-198-51-100-1.dhcp.net.example
✅ ip-198-51-100-2.dhcp.net.example

Can be delegated if needs be, and is clearly separate.

ADDENDUM: If you need to generate reverse DNS records for IP addresses, DO NOT simply paste in the entire IPv4 address as the hostname, such as in this example;

❌ 198.51.100.1.net.example
❌ 198.51.100.2.net.example

If you absolutely need to use dots, like for delegation within a large enterprise or to clients, reverse the string instead;

Expand text...

2 Mar 2024 at 18:54 | Open on ngmx.com

AlisonW ♿🏳️‍🌈

@sindarina
And for your non-routable local network use a subdomain of .INTERNAL !

31 Dec 2024 at 19:47 | Open on fedimon.uk

sebastian büttrich

@sindarina
I hardly dare say it, but in a recent network deployment I assisted with, the head of IT had insisted real routable random IPs be used in their private network, as private ones were to easy to guess and thus abuse ...
I shall not disclose where ...

31 Dec 2024 at 15:41 | Open on mastodon.cc

Sindarina, Edge Case Detective

@sebastian Oh dear 😂

31 Dec 2024 at 16:23 | Open on ngmx.com

Zimmie

@sebastian @sindarina I know of a network equipment vendor which used a real, public address block belonging to a real, much larger company internally in a product they shipped. There were a few companies which were customers of both. Hilarity ensued.

The same network equipment vendor now uses 192.0.2 internally in a major product. Their reasoning is nobody should be using it, therefore *they* should use it.

31 Dec 2024 at 16:31 | Open on infosec.exchange

Paul_IPv6

@sindarina

when i was doing tech support for an open source DNS server, we regularly got support customers wondering why using fake roots or fake DNS names that collided with the public DNS kept breaking things.

i also worked for a large ISP that really pushed using IPv6 because they'd had problems in their NOC with many reuses of RFC1918 space and address collisions.

RFCs are not for the faint of heart but they have lots of good info and lots of reasons why you should follow them. ;)

31 Dec 2024 at 21:50 | Open on infosec.exchange

Gwenn

@sindarina
4/ Do not use "/dev/sda" or any valid volume name in an example for a formatting command.

25 Jun 2023 at 10:15 | Open on mamot.fr

jordan

@sindarina had to alert my company that we were sending automated emails of sensitive data to an email address at test.com before. whoever owns those domains probably has access to every secret in the country by now...

25 Jun 2023 at 11:53 | Open on mastodon.jordanwages.com

Zimmie

@wagesj45 @sindarina I’ve worked for a company which used a public domain name which they don’t own as their internal AD domain name. So much data leakage.

31 Dec 2024 at 16:34 | Open on infosec.exchange

Jens Dibbern

@sindarina And, for the love of god, start using test e-mail infrastructure. It's a 10 minute job to start a greenmail container or something similar. Gazillions of postmasters are sick of seeing your junk in their logs.

25 Jun 2023 at 20:23 | Open on mastodon.social

Roger

@sindarina a good mock SMTP option is mailtrap.io

3 Mar 2024 at 18:27 | Open on woof.group

MTRNord (they/them)

@sindarina Reminds me that Grafana sets a default alert contact to every instance which afaik cant be removed using provisioning. Which is annoying as fastmail keeps complaining about unable to send email to example.com :|

31 Dec 2024 at 16:30 | Open on mastodon.mtrnord.blog

Pixelcode 🇺🇦

@sindarina

Also, Germany's Federal Network Agency has defined various “drama numbers” – unassigned phone numbers for use in movies: https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Sachgebiete/Telekommunikation/Unternehmen_Institutionen/Nummerierung/Rufnummern/mittlg148_2021.pdf?__blob=publicationFile&v=1

Landline:
Berlin: 030 23125 000 – 999
Frankfurt a.M.: 069 90009 000 – 999
Hamburg: 040 66969 000 – 999
Cologne: 0221 4710 000 – 999
Munich: 089 99998 000 – 999

Mobile:
0152 28817386
0152 28895456
0152 54599371
0171 39200 00 – 99
0172 9925904
0172 9968532
0172 9973185
0172 9973186
0172 9980752
0174 9091317
0174 9464308
0176 040690 00 – 99

@sindarina

Expand text...

31 Dec 2024 at 16:55 | Open on social.tchncs.de

Raven667

@pixelcode @sindarina 66969...nice (that may or may not be a coincidence, a giggling German is not out of the question)

31 Dec 2024 at 21:19 | Open on hachyderm.io

Raven667

@sindarina I set up a little ansible play that adds regex-based virtualhost config to postfix that effectively makes _all_ mail delivered to a local user, for our QA hosts, so all the cron jobs and reporting jobs and whatnot that use /usr/sbin/sendmail have their output captured and *don't* *leak*, because customers _love_ it when they get a bunch of weird reports and errors from random QA systems in various states of broken when testing (so does the helpdesk when fielding their paniced calls).

31 Dec 2024 at 21:17 | Open on hachyderm.io

Sindarina, Edge Case Detective

@raven667 There are also mock SMTP servers that just take all mail sent and put it into a local folder for analysis.

31 Dec 2024 at 21:28 | Open on ngmx.com

Beko Pharm

@sindarina
....and don't use .local at home either. Learn about home.arpa

24 Jun 2023 at 10:56 | Open on social.tchncs.de

Sindastra♀️✅

@bekopharm .local is reserved and safe, and intended to be used with mDNS (which is implemented in "Bonjour" and "Avahi" and is sometimes referred to as "zeroconf", although that's not quite the correct term). 🤓

24 Jun 2023 at 12:35 | Open on chaos.social

kepstin

@sindastra @bekopharm I agree that you wouldn't want to use ".local" as a DNS domain tho. That way leads to annoying device discovery failure, such as printers not working.

24 Jun 2023 at 13:07 | Open on tenforward.social

Beko Pharm

@kepstin @sindastra this

24 Jun 2023 at 13:33 | Open on social.tchncs.de

Sindastra♀️✅

@bekopharm @kepstin Oh, you two mean not to use ".local" as that "find domain"?

As in, fine for mDNS but not for the default in LAN?

24 Jun 2023 at 13:51 | Open on chaos.social

kepstin

@sindastra @bekopharm exactly; ".local" and a few special ranges of arpa reverse-dns domains are reserved for special use by RFC6762 and should not be used for anything other than Multicast DNS.

The special handling for these domains is described in https://www.rfc-editor.org/rfc/rfc6762#section-22.1 - includes things like that DNS libraries and DNS servers should recognize the domain and refuse to forward/resolve queries for it.

24 Jun 2023 at 17:32 | Open on tenforward.social

embix

@bekopharm @kepstin @sindastra @sindarina And although .mail, .corp and .home were rejected as gTLD, they could still be assigned in the future, if enshittification goes forth.

24 Jun 2023 at 18:00 | Open on norden.social

clacke: looking for something 🇸🇪🇭🇰💙💛

@bekopharm This is the first time I hear of home.arpa. RFC: rfc-editor.org/rfc/rfc8375.htm…

"This document specifies the behavior that is expected from the Domain Name System with regard to DNS queries for names ending with '.home.arpa.' and designates this domain as a special-use domain name. 'home.arpa.' is designated for non-unique use in residential home networks. The Home Networking Control Protocol (HNCP) is updated to use the 'home.arpa.' domain instead of '.home'."

@sindarina

25 Jun 2023 at 9:02 | Open on libranet.de

timokoola

@sindarina I wish there was a similar, international standard on fake phone numbers. Once, a lifetime ago, our misconfigured test system picked up test phone numbers from a database and sent them SMS messages. 😅