There is much debate in the tech world regarding illegal characters in domain names. The most common question asked is regarding the use of the underscore _ character in domain names with many people confused, arguing about it or throwing RFC’s into people’s faces. Now while RFC’s are there for a good reason it doesn’t mean that the use of underscores in domain names does not work. Just because an RFC (guideline) say’s something does not mean you can not get past those guidelines. It’s the same as your government saying the speed limit on this road is 60 km/h, it does not stop you speeding does it?

So can I or cant’ I use an underscore?

The answer is actually yes and no. So let me explain this to you. Domain names you buy from domain name sellers or resellers can NOT contain an underscore. Simple as that. This is where the RFC’s are incredibly clear and also enforced. If you do not believe me, go here to GoDaddy and try and register any one of these domain names.

iwant_an_underscore.com
ireallywant_an_underscore.co.uk
isobadly_want_an_underscore.click

You will see a definitive and final answer to this endless debate … NO you can NOT buy such a domain name or any domain name for that matter which contains an underscore.

But you said I CAN use an underscore … huh?

Yes I did but now let me explain where you can and can’t use an underscore in domain names. As seen above you can not buy a domain containing underscores but you certainly can use underscores in host names in DNS. So you head off today and go buy the domain name igotmyunderscore.com

So now you set up your web site and all of that with people visiting you at www.igotmyunderscore.com but now you don’t like using www so you want to use an underscore, hell it’s your choice. So now you want your web site at an address like this my_cool_site.igotmyunderscore.com … can it be done? Hell yeah !!

In local DNS you can certainly user the underscore character. But again you need to understand this works only in HOST NAMES not in the actual root/TLD domain name itself, proof was that you could not buy one containing and underscore could you?

So you can by all means have any of the following host names pointing to your web site, mail servers or anything for that matter. my_mail.mydomain.com, my_ftp_server.mydomain.com or my_silly_web_site.mydomain.com

Any of the above host names when configured in a local DNS server like BIND9 will certainly work and will also resolve worldwide. So that means anyone in the world can reach your web services using those names containing underscores.

I tried this in BIND and it does not work?

And so did I and it also did not work. In fact I tried this many times over the past few months to try and prove it works and failed every time but just recently I found how to make it work.

In a normal BIND zone file configuration (in named.conf.local) you will normally see your zones specified like this.

zone "abuse.co.za" {
type master;
file "/var/lib/bind/abuse.co.za.hosts";
};

That’s the standard way we configure zones in BIND. So sticking to the above format, we try and add host names into our zone file which now contain the underscore character and we reload BIND and we get this nasty message in our logs.

bad owner name (check-names)

Ahhhh there’s our clue. We need to change the way BIND loads zones because by default BIND does name checking for illegal characters (let’s violate some RFC’s). So we make a small change to our configuration in named.conf.local as follows. (This MUST be done on primary and all secondary name servers for your domain otherwise if only done on the primary, the secondaries will fail loading the zone changes). So we change our configuration to this below (simply adding the check-names ignore; line)

zone "abuse.co.za" {
type master;
file "/var/lib/bind/abuse.co.za.hosts";
check-names ignore;
};

NOW you can reload BIND and your zone file containing the illegal underscore character will successfully reload and you can resolves those host names with the underscores in them anywhere over the internet.

You can test this right now if you do not believe me by doing an nslookup against this host name I configured.

nslookup _hello-world.abuse.co.za

You will get an answer as follows

Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: _hello-world.abuse.co.za
Address: 149.56.195.48

If Google public DNS resolves it, any DNS server in the world will resolve it, simple as that.

Here’s some other tests I did and the outcome of them and how they could be used.

underscore domain names invalid valid bind

Asked and Answered

So there you have it, a definitive answer to a debate that has been going on for ever and will continue to go on for ever until people actually understand the full story.

Does it mean using underscores is a good idea? I personally don’t think so for my own reasons but if you want to use them, go ahead and underscore away if that is what you choose to do. 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.