Draft: RFC 6761 handling for invalid and *.localhost

[gbr-mendes]

This is a draft PR for issue #118569.

Motivation

RFC 6761 defines special-use domain names:

• invalid and *.invalid must always return NXDOMAIN
• localhost and *.localhost must always resolve to the loopback address

Currently, .NET relies fully on the OS resolver, which may allow invalid to resolve if defined in /etc/hosts or DNS, and may not handle *.localhost consistently across platforms.

Proposed approach

• Intercept invalid and *.invalid before OS resolution → throw SocketException with HostNotFound (simulate NXDOMAIN).
• Intercept localhost and *.localhost before OS resolution → return IPAddress.Loopback and IPAddress.IPv6Loopback.
• Otherwise, fallback to the platform resolver as today.

Status

• Draft PR to validate the idea/approach with maintainers.
• No tests included yet.
• Once approach is confirmed, I’ll proceed with the real implementation, unit tests and CI validation.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

[rzikm]

I think the approach is fine, but needs a bit of improvement and testing.

[rzikm]

I think we can put this to a helper method and use fewer comparison to check:

        static bool MatchesReservedName(string name, string reservedName)
        {
            // check if equal to reserved name or is a subdomain of it
            return name.Equals(reservedName, StringComparison.OrdinalIgnoreCase) ||
                (name.Length > reservedName.Length && name[name.Length - reservedName.Length - 1] == '.');
        }

[filipnavara]

@rzikm That doesn't sound like a correct comparison. It only checks for the . character and not the rest of the string, so it would also match foo.xxvalid with reservedName == invalid.

[filipnavara]

You could probably do something like name.EndsWith(reservedName, StringComparison.OrdinalIgnoreCase) && (name.Length == reservedName.Length || (name.Length > reservedName.Length && name[name.Length - reservedName.Length - 1] == '.')). It's not very readable though...

[rzikm]

right, I messed it, it was supposed to be as you wrote.

As for readability, that's what the descriptive name of the helper function is for :)

[gbr-mendes]

Thanks, everyone. I'll continue with the adjustments. Considering the example provided by @filipnavara , I'll write some tests to ensure the OS resolver is called when expected.

[MihaZupan]

Perf-wise, you're likely looking at sub-nanosecond differences between the two (the JIT will inline direct comparisons here, there's no call overhead), so I'd prefer whatever option we feel is more readable. I'd lean towards the pattern used in the PR.

[rzikm]

This needs to handle cases where IPv6 is disabled. We should not return IPv6Loopback in those cases. Symmetrically for IPv4.

[wfurt]

I'm also wondering if one could pre-allocate immutable answer is this should probably not change through the process life.

[ManickaP]

I think the whole new block should be inside the resolution activity BeforeResolution and AfterResolution. Otherwise, there won't be any diagnostics about this special case.
And addressFamily should be taken into consideration, current code return both IP v4 and v6 regardless of this value.

[wfurt]

may be worth of diag log as well.

[gbr-mendes]

@rzikm based on the discussion I implemented the changes to consolidate reserved name checks, filter supported loopbacks by AddressFamily, and add diagnostic logging for special-use domains.

During testing, I tried disabling IPv6 on my host, and it was still returned by GetLoopbacksForAddressFamily. My concern is that using SocketProtocolSupportPal.OSSupportsIPv6 directly might not reflect the actual interface capabilities. Perhaps it would be safer to check the network interfaces themselves via NetworkInterface.Supports(NetworkInterfaceComponent), as described here:
https://learn.microsoft.com/en-us/dotnet/api/system.net.networkinformation.networkinterface.supports?view=net-9.0

I’d like some guidance on whether this approach makes sense, or if the current OS-level check is sufficient.

[gbr-mendes]

@gbr-mendes please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@dotnet-policy-service agree [company="{your company}"]

Options:

• (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.

@dotnet-policy-service agree

• (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.

@dotnet-policy-service agree company="Microsoft"

Contributor License Agreement

@dotnet-policy-service agree

[dotnet-policy-service]

Draft Pull Request was automatically closed for 30 days of inactivity. Please let us know if you'd like to reopen it.

[rzikm]

Sorry for ignoring this, it slipped my attention.

@wfurt do you have any thoughts on how to check for IPv4/IPv6 support reliably?

[rzikm]

"." + reservedName will always allocate a new string (and will penalize all calls)

Suggested change

	return name.Equals(reservedName, StringComparison.OrdinalIgnoreCase) ||
	name.EndsWith("." + reservedName, StringComparison.OrdinalIgnoreCase);
	// name == reservedName or name.EndsWith($".{reservedName}");
	return name.EndsWith(reservedName, StringComparison.OrdinalIgnoreCase) &&
	(name.Length == reservedName.Length || name[name.Length - reservedName.Length - 1] == '.');

[wfurt]

I think the only really reliable way is to check if the 127.0.0.1 and ::1 are configured on loopback. AFAIK they always are on Windows and the loopback does not really exist as interface. On Linux/Mac the Kernel may support IPv6 but of the address is not there connect/bind will fail. One could possibly do static check once. It may change in theory during process run but I feel that is less likely. If we accept it we can construct the response upfront.

In general DNS can point to addresses that do not exist or work. For example, on Linux the "loopback" will always resolve to 172.0.0.1 if if you remove the address. Same for loopback6 AFAIK.

[terry-teppo]

I think the only really reliable way is to check if the 127.0.0.1 and ::1 are configured on loopback. AFAIK they always are on Windows and the loopback does not really exist as interface. On Linux/Mac the Kernel may support IPv6 but of the address is not there connect/bind will fail. One could possibly do static check once. It may change in theory during process run but I feel that is less likely. If we accept it we can construct the response upfront.

In general DNS can point to addresses that do not exist or work. For example, on Linux the "loopback" will always resolve to 172.0.0.1 if if you remove the address. Same for loopback6 AFAIK.

The entire theory of 127.0.0.1 in v4 is to confirm IP install was correct- So admins start with ping 127 sweet tcp/ip installed correctly next item up for bid. if that fail they check the localloop compiled correctly. then that ip installed - at that point you can start looking at device communications - good old days when nothing worked as it was supposed to.

just uninstall tcp/ip and 127 should stop working.

Sure, we use it in other ways, but that was the heart of what we used it for; been long time since seen local loops fail and ip installs fail though.

[dotnet-policy-service]

Draft Pull Request was automatically closed for 30 days of inactivity. Please let us know if you'd like to reopen it.