He's completely correct. Most do not support AAC. That does not mean AAC supporting ones are difficult to find. I'm sure you can understand that nuance.
To demonstrate this phenomenon using your highly scientific method, replace AAC in your amazon search with aptX, or leave it out altogether.
The compare count of product listings.:)
A brave thing to say full of the world's single largest collection of supertasters and audiophones who can pass the Pepsi challenge between 256kbps AAC and FLAC with headphones.
That's alright. I don't have any lossless media, and AAC/aptX encodes about as much dynamic range as anything I get of iTunes store. For the 15 FLAC guys out there, you should probably just get an adapter.
I agree that you can hear the difference between BlueTooth and wired.
Depends. If you have BT headphones that support AAC codec, the quality is about the same as anything purchased from iTunes store, making a wire irrelevant.
If you're falling back to SBC, due to lack of AAC support (common), it will sound like music played over a set of rope-connected tin cans.
Depends on the codec in use.
SBC is garbage, it really is. If that's one's only experience with bluetooth audio- I can't blame them for hating it.
aptX/AAC are pretty damn decent, with fairly tiny reductions in dynamic range, LDAC is amazing.
on the iOS side, you're however limited to SBC/AAC, and AAC isn't supported in as many headphone sets as aptX (that I can find) so my Samsung sounds amazingly better than my iPhone over BT headphones.
Or that the Democratic People's Republic of Korea isn't democratic...
Oh wait.
The NSDAP had a lot to do with socialism for a while, and eventually morphed into fascism, which was a unique pairing of left and right wing economic ideologies (a fusion between private corporations and the government, suppression of worker rights in favor of the corporations).
The socialists were all purged from the NSDAP during the Night of the Long Knives, and then all left-wing parties in Germany were officially banned.
To me, not really being partisan about it, I see a bunch of people trying to defend their side's malpractice and skirting some very serious laws, that have absolutely been skirted in the past by members of every political organization in this country. That does not however justify it, and it should be condemned *wherever* it happens, regardless of who's team did it.
If that's not you- forgive my haste in calling you out.
Any citizen of the United States, wherever he may be, who, without authority of the United States, directly or indirectly commences or carries on any correspondence or intercourse with any foreign government or any officer or agent thereof, with intent to influence the measures or conduct of any foreign government or of any officer or agent thereof, in relation to any disputes or controversies with the United States, or to defeat the measures of the United States, shall be fined under this title or imprisoned not more than three years, or both.
And one more question...had it been an American citizen would it have been legal?
As long as that citizen was not acting as an agent of a foreign government.
I'm asking because campaigns put a lot of effort into digging up dirt, so I'm wondering why it matters what the source of that dirt is.
Because you're free to collude with any American to bring around a political shift in the United States, but the second you start doing that with agents of a foreign government, you're treading very close to what, in many countries of the world, is called treason.
Hypothetically speaking, say Hillary were going to win. Say Russian interference secured the win for Donald. The US government would have been overthrown by the Russian government. Non-violently, of course, but the end result the same.
Americans are allowed to non-violently overthrow our government. It's our job every election cycle. Foreign governments are not. That's an act of war.
Fortunately for Russia- just like all the countries we have done the same thing to, nobody can *really* physically make good on the consequences of them committing an act of war.
FWIW, I'm a Cold War vet, I'm very much against any Russian interference
Then you should fucking know better, sir.
And let's remember that their goal is to divide us, and it appears to be working.
Can't argue there. But I can say you are not helping by attempting to weasel out of the criminal element for sake of Party.
A fascinating claim from the only person in this thread morderated as a troll... much less morderated twice as a troll.
The dripping irony. Can trolls not see their reflection in mirrors?
I knew as soon as I saw this thread, I would hear the sound furious slurping coming from you in desperate attempt at defense of your pet project's great leader.
Of course someone who disagrees that a bug is a bug disagrees about whether or not it should be called a bug, and treated as such outside of his control.
Unfortunately for him, and his favorite fellatrix, he's wrong. His bugs are bugs, whether or not he marks them WONTFIX or NOTABUG or otherwise.
Have you noticed that you attack every single disagreement with your assertions that are never backed up with any facts whatsoever with, "read the link stupid!"
And then you ignore when someone jumps up and informs you that you're illiterate, or didn't read the link yourself.
Every time. Tell me, is it pathological?
2 post so far marked Troll. Carry on, soldier. Poettering will never tire of your services.
Ever written software to live-patch a kernel? Written kernel modules with intelligence allowing them to be inserted into kernels you don't have the source or ABI for? Ever gotten a CVE for a vulnerability you discovered in an operating system used by millions of people?
Did you break what was probably one of the first cellular phone bootloader RSA signature protection schemes?
No, ZK. You have done nothing. You're a shill for pet ideas. You run around commenting about shit you know nothing about, adding zero value to anything.
You talk shit to your betters with zero understanding of how fucking irrelevant you are. There's a reason you're commonly moderated a troll. The only thing broken here is your capacity for critical thinking.
You think a lower uid gives you some kind of cred?
6502? Is that supposed to impress me? I had to write an emulator for the 6502 in school.
I had written my own DNS server before you had ever had a +5 moderated comment on Slashdot.
I was busy making my mark on the world instead of lurking on Slashdot. You're a fucking troll dude. Get a clue. Seek help. Try contributing to the world instead of arguing about shit you have no real understanding of.
Netflix is the server; The client (s) are the web browsers requesting domain name resolution.
You couldn't be more correct- and since the client (web browser/netflix) did actually make the request to the glibc nss mechanism, the glibc nss mechanism also allowed it, and forwarded it off to the systemd-resolve daemon, who also allowed it, tossed it through its punycode IDNA library, and then forwarded it to its system-configured resolver, everyone in that chain agreed it was perfectly valid. libidn2 simply had a bug where it removed the underscore. This bug is acknowledged.
You've defeated your own fucking argument so many times everyone here has lost count. You are not a very literate person. I suspect that could be corrected with a little effort on your part.
That is a URI validator (i don't remember any of us looking to validate URIs?!), and if you click that link, you'll note that you get a (correct) NX_DOMAIN from the DNS server you are attached to. It's not rejected due to any validation (at least on my non-shit IE browser, or system running a broken systemd resolver linked with the experimental IDN2 library). You're too fucking stupid to see how stupid you are. It's painful to watch.
Here's a fun one for you to try-
Do you control an authoritative nameserver? I do.
A recursor? me too.
Let's go ahead and see just how invalid that domain is-
The check-names statement will cause any host name for the zone to be checked for compliance with RFC 952 and RFC 1123 and take the defined action. Care should be taken when using this statement because many modern RRs, for example, SRV use names which do not meet these standards (they contain underscore) but which are permitted by RFC 2181 which greatly liberalized the rules for names (see labels and names). The default is not to perform host name checks. check-names may also appear in a view or options clause where it has a different syntax.
Oh good- it's off by default. Makes sense. Even if it weren't, the BIND authors (including your vaunted Mr. Vixie) saw fit to recognize that there are instances where obviously you don't want restrictive rules on RRs, since, as they noted, RFC2181 removes said restrictions on DNS names/labels across the board.
Moving on...
Test rig in place.
[root@dns1 named]# dig @localhost a is_zk_a_dropout.are_underscores_allowed.com
Any more questions? Other than how I got slashdot not to think that was a valid URL?
Dude- we get it. Underscores are illegal in hostnames. Many client softwares enforce this behavior, and they're free to. Nobody ever denied this. However, what a "host name" is isn't really clearly defined, or even really super relevant in today's world where things are anycast, RRs can literally hold arbitrary data, etc.
Any step between the client and the server is *barred* by RFC from applying validation to a hostname that the client or server does not want.
Do I need to post a screenshot of my browser resolving that as well, or will you just shut. the. fuck. up?
RFC2181 is authoritative for the Domain Name System, and exists precisely because fucking imbeciles such as yourself are too dim-witted to differentiate between the database that is DNS, and the conceptualization of host names and domain names and what is proper for them.
RFC2181 says clients need not care for what your rules about host names are. They don't fucking matter. Clients are able to request any kind of RR with any label. Period. You are *denied* the right to impose your validation of the use of Netflix's DNS names upon Netflix's client. You can call them invalid in whatever Visual Basic shit you wrote last week, but any implementation of the Domain Name System must honor Netflix's request for those name labels, as they are perfectly valid within the Domain Name System. You lose. Go back to the help desk, dude. Quit name dropping, and quit citing shit that doesn't even support your argument. You're embarrassing yourself.
I think I'll just keep being a lot more relevant than you, because I understand the concepts at play, and you simply do not.
Simply stated, "The Netflix domain names" do not have to be considered a valid label by any piece of client software. But any client may consider them valid if they so wish. Any server in the middle should transport them unmolested. This is why their scheme works- everywhere. Because the people who implement the internet, myself included, are a lot fucking smarter than you.
You are making the same mistake that the toolshed above you is making.
The application determining validity in this instance is email/SMTP. It is allowed to impose *any* restrictions it likes, including STD3 compliance of hostnames.
No other client software is obligated to follow those rules.
Underscores are legal for *ANY* use for *ANY* RR type. This is unambiguously stated. You don't have to consider those as valid names within your application when you determine whether or not you want to resolve them, but every layer past you, all the way to the server, should (and will) consider them valid.
I'm a network engineer by trade for a large regional ISP in the Seattle area with more than 11,000 customers.
Good luck, indeed.
A DNS label is just that, a DNS label. Just as the netflix client asked for. Resolution of a DNS label. libidn2 mangled that when it handed it off to the resolver due to some well known issues in libidn2 that did not exist in libidn.
You are so far out of your league it isn't even funny. You literally have no idea what you're talking about.
I get it now- you're shilling for systemd...
You realize that systemd's resolve doesn't give 2 squats of piss whether or not there is an underscore in one of the names when it encodes it into a DNS query?
Do you know why it doesn't? Because it *shouldn't*
This issue is with the internationalization IDNA/Punycode-to-ASCII non-transitional flags in use that are mangling the hostname before systemd's DNS resolver forwards the request.
It says a bit more than that.
It says, essentially, that any name label is valid for any RR, and it is up to the client to determine whether or not it considers it valid for resolution.
In this instance, Netflix is the client. It considers that name valid for its service, and is well within its rights to do so. In the instance that they published that as a URL for you to put into your browser, they would be stepping into bad-netizen territory.
The real issue here has nothing to do with resolvers. All resolvers will handle this just fine. This has to do with a flag enabled by default in the way that systemd-resolve uses libidn2, that flag, which is typically disabled when using libidn (even by default using its command line utils) is the enforcement of STD3 rules in IDNA-To-ASCII conversion.
Other than that- the systemd resolve does exactly as it should... attempts to resolve the name, even with the underscore. The problem is the STD3 rules application to the name by libidn2 gives back a mangled name.
That doesn't says that at all....
It in fact says, "you can have underscores as part of the domain name, but it's possible browsers may not bother to try to resolve it."
You are such a manipulative shit.
That is in fact not the issue. The issue is that libidn2 has STD3 rules in effect by default, in the way that systemd is using it.
STD3 rule applicability is contentious for this *very reason*
You, the link you provided, and Internet Explorer all agree that you shouldn't use underscores for labels unless they're a specific kind of label. You all conform to the STD3 rules for "host names"
The rest of the internet does not, and conforms to the RFC2181 reading which says, "labels are whatever the hell the client wants them to be, and the proper behavior for a server is to pass them along unmolested."
swalker@swalker-samtop:~$ idn --usestd3asciirules ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net
idn: idna_to_ascii_4z: Non-digit/letter/hyphen in input
swalker@swalker-samtop:~$ idn -a ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net
ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net
This is a matter of IDNA/Punycode behavior and default changes between transitional/non-transitional specs and a million other very hotly debated items governing the internationalization of domain names.
Those restrictions aside, any binary string whatever can be used as the label of any resource record.
Is in fact the issue here, as the RFC it is sourced from again, in no uncertain terms, specifies the behavior of DNS labels. The client should determine what is valid. Netflix is the client in this instance. It's having libidn2's IDNA STD3 rule default imposed upon it, which is bad netizen behavior for whoever made that decision, again, clearly outlined in the above mentioned RFC.
The DNS itself places only one restriction on the particular labels
that can be used to identify resource records. That one restriction
relates to the length of the label and the full name. The length of
any one label is limited to between 1 and 63 octets. A full domain
name is limited to 255 octets (including the separators). The zero
length full name is defined as representing the root of the DNS tree,
and is typically written and displayed as ".". Those restrictions
aside, any binary string whatever can be used as the label of any
resource record.
Slashdot Mirror
This sounds like the kind of stuff you read in the ads in high-end audiophile magazines,
Or a quarter of the /. posts about this article.
He's completely correct. Most do not support AAC. That does not mean AAC supporting ones are difficult to find. I'm sure you can understand that nuance. :)
To demonstrate this phenomenon using your highly scientific method, replace AAC in your amazon search with aptX, or leave it out altogether.
The compare count of product listings.
Not if it's one of the majority of BT A2DP receivers that doesn't implement the AAC codec.
A brave thing to say full of the world's single largest collection of supertasters and audiophones who can pass the Pepsi challenge between 256kbps AAC and FLAC with headphones.
/Sarcasm
That's alright. I don't have any lossless media, and AAC/aptX encodes about as much dynamic range as anything I get of iTunes store. For the 15 FLAC guys out there, you should probably just get an adapter.
I agree that you can hear the difference between BlueTooth and wired.
Depends. If you have BT headphones that support AAC codec, the quality is about the same as anything purchased from iTunes store, making a wire irrelevant.
If you're falling back to SBC, due to lack of AAC support (common), it will sound like music played over a set of rope-connected tin cans.
Depends on the codec in use.
SBC is garbage, it really is. If that's one's only experience with bluetooth audio- I can't blame them for hating it.
aptX/AAC are pretty damn decent, with fairly tiny reductions in dynamic range, LDAC is amazing.
on the iOS side, you're however limited to SBC/AAC, and AAC isn't supported in as many headphone sets as aptX (that I can find) so my Samsung sounds amazingly better than my iPhone over BT headphones.
Or that the Democratic People's Republic of Korea isn't democratic...
Oh wait.
The NSDAP had a lot to do with socialism for a while, and eventually morphed into fascism, which was a unique pairing of left and right wing economic ideologies (a fusion between private corporations and the government, suppression of worker rights in favor of the corporations).
The socialists were all purged from the NSDAP during the Night of the Long Knives, and then all left-wing parties in Germany were officially banned.
Don't be a fucking toolshed.
Then let me apologize for the accusation.
To me, not really being partisan about it, I see a bunch of people trying to defend their side's malpractice and skirting some very serious laws, that have absolutely been skirted in the past by members of every political organization in this country. That does not however justify it, and it should be condemned *wherever* it happens, regardless of who's team did it.
If that's not you- forgive my haste in calling you out.
Can you please cite what law that breaks?
Any citizen of the United States, wherever he may be, who, without authority of the United States, directly or indirectly commences or carries on any correspondence or intercourse with any foreign government or any officer or agent thereof, with intent to influence the measures or conduct of any foreign government or of any officer or agent thereof, in relation to any disputes or controversies with the United States, or to defeat the measures of the United States, shall be fined under this title or imprisoned not more than three years, or both.
And one more question...had it been an American citizen would it have been legal?
As long as that citizen was not acting as an agent of a foreign government.
I'm asking because campaigns put a lot of effort into digging up dirt, so I'm wondering why it matters what the source of that dirt is.
Because you're free to collude with any American to bring around a political shift in the United States, but the second you start doing that with agents of a foreign government, you're treading very close to what, in many countries of the world, is called treason.
Hypothetically speaking, say Hillary were going to win. Say Russian interference secured the win for Donald. The US government would have been overthrown by the Russian government. Non-violently, of course, but the end result the same.
Americans are allowed to non-violently overthrow our government. It's our job every election cycle. Foreign governments are not. That's an act of war.
Fortunately for Russia- just like all the countries we have done the same thing to, nobody can *really* physically make good on the consequences of them committing an act of war.
FWIW, I'm a Cold War vet, I'm very much against any Russian interference
Then you should fucking know better, sir.
And let's remember that their goal is to divide us, and it appears to be working.
Can't argue there. But I can say you are not helping by attempting to weasel out of the criminal element for sake of Party.
Not if Mr. Hitler, as an organ of the state (Fuhrer), so empowered, had the lawful right to deprive you of your life.
Let it go- you made a silly generalized argument which was plain wrong.
Sometimes unlawful things aren't wrong things.
A fascinating claim from the only person in this thread morderated as a troll... much less morderated twice as a troll.
The dripping irony. Can trolls not see their reflection in mirrors?
I knew as soon as I saw this thread, I would hear the sound furious slurping coming from you in desperate attempt at defense of your pet project's great leader.
Of course someone who disagrees that a bug is a bug disagrees about whether or not it should be called a bug, and treated as such outside of his control.
Unfortunately for him, and his favorite fellatrix, he's wrong. His bugs are bugs, whether or not he marks them WONTFIX or NOTABUG or otherwise.
Have you noticed that you attack every single disagreement with your assertions that are never backed up with any facts whatsoever with, "read the link stupid!"
And then you ignore when someone jumps up and informs you that you're illiterate, or didn't read the link yourself.
Every time. Tell me, is it pathological?
2 post so far marked Troll. Carry on, soldier. Poettering will never tire of your services.
https://www.androidcentral.com...
http://www.howardforums.com/sh...
Ever written software to live-patch a kernel? Written kernel modules with intelligence allowing them to be inserted into kernels you don't have the source or ABI for? Ever gotten a CVE for a vulnerability you discovered in an operating system used by millions of people?
Did you break what was probably one of the first cellular phone bootloader RSA signature protection schemes?
No, ZK. You have done nothing. You're a shill for pet ideas. You run around commenting about shit you know nothing about, adding zero value to anything.
You talk shit to your betters with zero understanding of how fucking irrelevant you are. There's a reason you're commonly moderated a troll. The only thing broken here is your capacity for critical thinking.
You think a lower uid gives you some kind of cred?
6502? Is that supposed to impress me? I had to write an emulator for the 6502 in school.
I had written my own DNS server before you had ever had a +5 moderated comment on Slashdot.
I was busy making my mark on the world instead of lurking on Slashdot. You're a fucking troll dude. Get a clue. Seek help. Try contributing to the world instead of arguing about shit you have no real understanding of.
Netflix is the server; The client (s) are the web browsers requesting domain name resolution.
You couldn't be more correct- and since the client (web browser/netflix) did actually make the request to the glibc nss mechanism, the glibc nss mechanism also allowed it, and forwarded it off to the systemd-resolve daemon, who also allowed it, tossed it through its punycode IDNA library, and then forwarded it to its system-configured resolver, everyone in that chain agreed it was perfectly valid. libidn2 simply had a bug where it removed the underscore. This bug is acknowledged.
You've defeated your own fucking argument so many times everyone here has lost count. You are not a very literate person. I suspect that could be corrected with a little effort on your part.
Here's a fun one for you to try-
Do you control an authoritative nameserver? I do.
A recursor? me too.
Let's go ahead and see just how invalid that domain is-
The check-names statement will cause any host name for the zone to be checked for compliance with RFC 952 and RFC 1123 and take the defined action. Care should be taken when using this statement because many modern RRs, for example, SRV use names which do not meet these standards (they contain underscore) but which are permitted by RFC 2181 which greatly liberalized the rules for names (see labels and names). The default is not to perform host name checks. check-names may also appear in a view or options clause where it has a different syntax.
Oh good- it's off by default. Makes sense. Even if it weren't, the BIND authors (including your vaunted Mr. Vixie) saw fit to recognize that there are instances where obviously you don't want restrictive rules on RRs, since, as they noted, RFC2181 removes said restrictions on DNS names/labels across the board.
Moving on...
Test rig in place.
[root@dns1 named]# dig @localhost a is_zk_a_dropout.are_underscores_allowed.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22950
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
;; QUESTION SECTION:
;is_zk_a_dropout.are_underscores_allowed.com. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 30 02:05:45 PDT 2017
;; MSG SIZE rcvd: 158
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> @localhost a is_zk_a_dropout.are_underscores_allowed.com
; (2 servers found)
; EDNS: version: 0, flags:; udp: 4096
is_zk_a_dropout.are_underscores_allowed.com. 10800 IN A 0.0.0.1
are_underscores_allowed.com. 10800 IN NS dns1.are_underscores_allowed.com.
are_underscores_allowed.com. 10800 IN NS dns2.are_underscores_allowed.com.
dns1.are_underscores_allowed.com. 10800 IN A 127.0.0.1
dns2.are_underscores_allowed.com. 10800 IN A 127.0.0.1
I'm going to have to accept 0.0.0.1 as a boolean yes. You are indeed a dropout.
Double checking, though...
[root@dns1 named]# host is_zk_a_dropout.are_underscores_allowed.com
is_zk_a_dropout.are_underscores_allowed.com has address 0.0.0.1
Moving on...
[root@dns1 named]# curl http://is_zk_talking_out_of_his_ass.are_underscores_allowed.com/zks_lunch.txt
Yup.
Any more questions? Other than how I got slashdot not to think that was a valid URL?
Dude- we get it. Underscores are illegal in hostnames. Many client softwares enforce this behavior, and they're free to. Nobody ever denied this. However, what a "host name" is isn't really clearly defined, or even really super relevant in today's world where things are anycast, RRs can literally hold arbitrary data, etc.
Any step between the client and the server is *barred* by RFC from applying validation to a hostname that the client or server does not want.
Do I need to post a screenshot of my browser resolving that as well, or will you just shut. the. fuck. up?
RFC2181 is authoritative for the Domain Name System, and exists precisely because fucking imbeciles such as yourself are too dim-witted to differentiate between the database that is DNS, and the conceptualization of host names and domain names and what is proper for them.
RFC2181 says clients need not care for what your rules about host names are. They don't fucking matter. Clients are able to request any kind of RR with any label. Period. You are *denied* the right to impose your validation of the use of Netflix's DNS names upon Netflix's client. You can call them invalid in whatever Visual Basic shit you wrote last week, but any implementation of the Domain Name System must honor Netflix's request for those name labels, as they are perfectly valid within the Domain Name System. You lose. Go back to the help desk, dude. Quit name dropping, and quit citing shit that doesn't even support your argument. You're embarrassing yourself.
LOL.
I think I'll just keep being a lot more relevant than you, because I understand the concepts at play, and you simply do not.
Simply stated, "The Netflix domain names" do not have to be considered a valid label by any piece of client software. But any client may consider them valid if they so wish. Any server in the middle should transport them unmolested. This is why their scheme works- everywhere. Because the people who implement the internet, myself included, are a lot fucking smarter than you.
You are making the same mistake that the toolshed above you is making.
The application determining validity in this instance is email/SMTP. It is allowed to impose *any* restrictions it likes, including STD3 compliance of hostnames.
No other client software is obligated to follow those rules.
Underscores are legal for *ANY* use for *ANY* RR type. This is unambiguously stated. You don't have to consider those as valid names within your application when you determine whether or not you want to resolve them, but every layer past you, all the way to the server, should (and will) consider them valid.
I'm a network engineer by trade for a large regional ISP in the Seattle area with more than 11,000 customers.
Good luck, indeed.
A DNS label is just that, a DNS label. Just as the netflix client asked for. Resolution of a DNS label. libidn2 mangled that when it handed it off to the resolver due to some well known issues in libidn2 that did not exist in libidn.
You are so far out of your league it isn't even funny. You literally have no idea what you're talking about.
but It's fairly common practice to reject them for A and AAAA records
This is a blatant lie. That is why Netflix works.
I get it now- you're shilling for systemd...
You realize that systemd's resolve doesn't give 2 squats of piss whether or not there is an underscore in one of the names when it encodes it into a DNS query?
Do you know why it doesn't? Because it *shouldn't*
This issue is with the internationalization IDNA/Punycode-to-ASCII non-transitional flags in use that are mangling the hostname before systemd's DNS resolver forwards the request.
It says a bit more than that.
It says, essentially, that any name label is valid for any RR, and it is up to the client to determine whether or not it considers it valid for resolution.
In this instance, Netflix is the client. It considers that name valid for its service, and is well within its rights to do so. In the instance that they published that as a URL for you to put into your browser, they would be stepping into bad-netizen territory.
The real issue here has nothing to do with resolvers. All resolvers will handle this just fine. This has to do with a flag enabled by default in the way that systemd-resolve uses libidn2, that flag, which is typically disabled when using libidn (even by default using its command line utils) is the enforcement of STD3 rules in IDNA-To-ASCII conversion.
Other than that- the systemd resolve does exactly as it should... attempts to resolve the name, even with the underscore. The problem is the STD3 rules application to the name by libidn2 gives back a mangled name.
That doesn't says that at all....
It in fact says, "you can have underscores as part of the domain name, but it's possible browsers may not bother to try to resolve it."
You are such a manipulative shit.
STD3 rule applicability is contentious for this *very reason*
You, the link you provided, and Internet Explorer all agree that you shouldn't use underscores for labels unless they're a specific kind of label. You all conform to the STD3 rules for "host names"
The rest of the internet does not, and conforms to the RFC2181 reading which says, "labels are whatever the hell the client wants them to be, and the proper behavior for a server is to pass them along unmolested."
swalker@swalker-samtop:~$ idn --usestd3asciirules ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net
idn: idna_to_ascii_4z: Non-digit/letter/hyphen in input
swalker@swalker-samtop:~$ idn -a ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net
ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net
This is a matter of IDNA/Punycode behavior and default changes between transitional/non-transitional specs and a million other very hotly debated items governing the internationalization of domain names.
Those restrictions aside, any binary string whatever can be used as the label of any resource record. Is in fact the issue here, as the RFC it is sourced from again, in no uncertain terms, specifies the behavior of DNS labels. The client should determine what is valid. Netflix is the client in this instance. It's having libidn2's IDNA STD3 rule default imposed upon it, which is bad netizen behavior for whoever made that decision, again, clearly outlined in the above mentioned RFC.
IDNA UseSTD3ASCIIRules flag (default off)
The DNS itself places only one restriction on the particular labels that can be used to identify resource records. That one restriction relates to the length of the label and the full name. The length of any one label is limited to between 1 and 63 octets. A full domain name is limited to 255 octets (including the separators). The zero length full name is defined as representing the root of the DNS tree, and is typically written and displayed as ".". Those restrictions aside, any binary string whatever can be used as the label of any resource record.