Hosts: Some entries are invalid according to systemd-resolved

Created on 21 Dec 2019 · 7Comments · Source: StevenBlack/hosts

systemctl status systemd-resolved.service

systemd[1]: Started Network Name Resolution.
systemd-resolved[2417]: /etc/hosts:23128: hostname "ghm_bulgaria.hit.gemius.pl" is not valid, ignoring.
systemd-resolved[2417]: /etc/hosts:28739: hostname "philadelphia_cbslocal.us.intellitxt.com" is not valid, ignoring.
systemd-resolved[2417]: /etc/hosts:28943: hostname "___id___.c.mystat-in.net" is not valid, ignoring.
systemd-resolved[2417]: /etc/hosts:35769: hostname "www.zgarniij_vouchher.skroc.pl" is not valid, ignoring.
systemd-resolved[2417]: /etc/hosts:35776: hostname "zgarniij_vouchher.skroc.pl" is not valid, ignoring.
systemd-resolved[2417]: /etc/hosts:49891: hostname "www.forgotten_dark_angel.tripod.com" is not valid, ignoring.
systemd-resolved[2417]: /etc/hosts:52703: hostname "www.topmodel_virginie.cmonbook.com" is not valid, ignoring.
systemd-resolved[2417]: /etc/hosts:54941: hostname "forgotten_dark_angel.tripod.com" is not valid, ignoring.
systemd-resolved[2417]: /etc/hosts:58638: hostname "topmodel_virginie.cmonbook.com" is not valid, ignoring.

Source

davidsierradz

👎1 👍1

Most helpful comment

Hey Steve @StevenBlack, this is a false-positive issue.

Indeed, to quote the service issue:

Hostname with underscores and invalid according to RFC, see http://domainkeys.sourceforge.net/underscore.html

But, as you know, between RFC and reality there is a huge difference. And the linked link explains it:

Several well-known Internet and technology companies have DNS records that use the underscore

Underscores are allowed in certain DNS entries. In fact, they are specified to be used in a DNS RFC, written by a DNS guru. They are used in DNS labels by major Internet and technology companies.

This is a reality, if you follow the RFC, it should not be allowed, but it's commonly seen in the wild. And as the company who uses that strategy probably knows that issue like this one will happen, it in fact also used to avoid blocking by projects mentioned in this project. They probably play with it.

It's starting to become a common strategy as the browser (the target) will resolve.

I know It's not the place for the promotion of PyFunceble Steve @StevenBlack, but if you let me quote some outputs of it:

Syntax test with PyFunceble:

ghm_bulgaria.hit.gemius.pl VALID      
philadelphia_cbslocal.us.intellitxt.com VALID      
___id___.c.mystat-in.net VALID      
www.zgarniij_vouchher.skroc.pl VALID      
zgarniij_vouchher.skroc.pl VALID      
www.forgotten_dark_angel.tripod.com VALID      
forgotten_dark_angel.tripod.com VALID      
www.topmodel_virginie.cmonbook.com VALID      
topmodel_virginie.cmonbook.com VALID

Availability test with PyFunceble:

[Retracted]

Subject                                                                                              Status      Expiration Date   Source     HTTP Code 
---------------------------------------------------------------------------------------------------- ----------- ----------------- ---------- ----------
ghm_bulgaria.hit.gemius.pl                                                                           ACTIVE      Unknown           DNSLOOKUP  200       
philadelphia_cbslocal.us.intellitxt.com                                                              ACTIVE      Unknown           DNSLOOKUP  404       
___id___.c.mystat-in.net                                                                             ACTIVE      Unknown           DNSLOOKUP  301       
www.zgarniij_vouchher.skroc.pl                                                                       ACTIVE      Unknown           DNSLOOKUP  200       
zgarniij_vouchher.skroc.pl                                                                           ACTIVE      Unknown           DNSLOOKUP  200       
www.forgotten_dark_angel.tripod.com                                                                  ACTIVE      Unknown           DNSLOOKUP  404       
forgotten_dark_angel.tripod.com                                                                      ACTIVE      Unknown           DNSLOOKUP  200       
www.topmodel_virginie.cmonbook.com                                                                   ACTIVE      Unknown           DNSLOOKUP  301       
topmodel_virginie.cmonbook.com                                                                       ACTIVE      Unknown           DNSLOOKUP  301

As you can see they all respond with a status code. This means the targets (browsers) will also respond to exchanged data or requests.

I hope that this will help understand this issue at a deeper level. Let me know if something is not clear.

Cheers!

funilrys on 21 Dec 2019

👍2

All 7 comments

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

welcome[bot] on 21 Dec 2019

Thanks for this David @davidsierradz.

Here's how this breaks down by source:

mvps.org

ghm_bulgaria.hit.gemius.pl
philadelphia_cbslocal.us.intellitxt.com
___id___.c.mystat-in.net

@fademind (KADhosts):

www.zgarniij_vouchher.skroc.pl
zgarniij_vouchher.skroc.pl

@Clefspeare13:

www.forgotten_dark_angel.tripod.com
forgotten_dark_angel.tripod.com
www.topmodel_virginie.cmonbook.com
topmodel_virginie.cmonbook.com

@Sinfonietta:

forgotten_dark_angel.tripod.com
topmodel_virginie.cmonbook.com

StevenBlack on 21 Dec 2019

👎1

@hawkeye116477
@krystian3w

FadeMind on 21 Dec 2019

Hmm, this is correct URL, it redirects to fake shop. Pi-hole doesn't show any error, blocks it correctly, same thing is if I add it to hosts file.

https://github.com/pi-hole/AdminLTE/pull/292

hawkeye116477 on 21 Dec 2019