255オクテットのドメインはツラみがある! / endless-work

6f36ff3943be908c5d2259f4aef09ea6?s=47 Jun Watanabe
March 31, 2019
Technology
1
3.2k

255オクテットのドメインはツラみがある! / endless-work

Presented on PHPerKaigi 2019 https://phperkaigi.jp/

longest domain here!
Shorten :
http://bit.ly/endless_work

original :
https://workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.work/

6f36ff3943be908c5d2259f4aef09ea6?s=128

Jun Watanabe

March 31, 2019
Tweet

Want more?

6f36ff3943be908c5d2259f4aef09ea6?s=48 rela1470
3
1.7k
6f36ff3943be908c5d2259f4aef09ea6?s=48 rela1470
0
35
6f36ff3943be908c5d2259f4aef09ea6?s=48 rela1470
0
220
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
10
550
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
2
280
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
190
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
6
350
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
6
220
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
3
310
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
4
580
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
170
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
4
250

Transcript

  1. 1.

    255จࣈͷ υϝΠϯ͸ πϥΈ͕͋Δ! 2019/03/31(Sun) PHPerKaigi 2019 Jun Watanabe@rela1470

  2. 2.

    15෼࿮ͳͷʹ εϥΠυ110ຕͳͷͰ ઌʹ·ͱΊ ɾ255จࣈ͡Όͳ͍(͝ΊΜ) ɾ64จࣈҎ্Ͱཁ஫ҙ!!!!

  3. 3.

    υϝΠϯͬͯ ͍ͭͷ·ʹ͔ ૿͑ͯ·͢ΑͶ!

  4. 4.

    Θͨͳ΂͸ 13ݸ΋ͬͯ·ͨ͠

  5. 5.

    New gTLD ଓʑొ৔

  6. 6.
    None
  7. 7.

    yasero.dev ࣗ෼ͷମॏΛࡽ͢αΠτ

  8. 8.

    ͱ͍͏͜ͱͰຊ୊…

  9. 9.

    υϝΠϯͬͯ Ͳ͜·Ͱ௕͘Ͱ͖Δ͔ ஌ͬͯ·͔͢?

  10. 10.

    255จࣈͷ υϝΠϯ͸ πϥΈ͕͋Δ! 2019/03/31(Sun) PHPerKaigi 2019 Jun Watanabe@rela1470

  11. 11.

    workworkworkworkworkwork. workworkworkworkworkworkw orkworkworkwork.workworkwo rkworkworkworkworkworkwork workworkworkworkworkwork. workworkworkworkworkworkw orkworkworkworkworkworkwor kworkwork.workworkworkwork workworkworkworkworkworkw orkworkworkworkwork.work

  12. 12.

    workυϝΠϯ 1ԁͰͨ͠

  13. 13.
    None
  14. 14.

    ͋Γ͕ͱ͏ ͍͟͝·͢!

  15. 15.

    (དྷ೥΋͓ئ͍͠·͢)

  16. 16.

    ͋Ε?

  17. 17.

    255จࣈͷ υϝΠϯ͸ πϥΈ͕͋Δ! 2019/03/31(Sun) PHPerKaigi 2019 Jun Watanabe@rela1470

  18. 18.

    workworkworkworkworkwork. workworkworkworkworkworkw orkworkworkwork.workworkwo rkworkworkworkworkworkwork workworkworkworkworkwork. workworkworkworkworkworkw orkworkworkworkworkworkwor kworkwork.workworkworkwork workworkworkworkworkworkw orkworkworkworkwork.work

  19. 19.

    ͦ͏ͳΜͰ͢

  20. 20.

    253จࣈ ͔͠ͳ͍ͧ

  21. 21.

    ͓࿳ͼͱగਖ਼

  22. 22.

    255จࣈͷ υϝΠϯ͸ πϥΈ͕͋Δ! 2019/03/31(Sun) PHPerKaigi 2019 Jun Watanabe@rela1470

  23. 23.

    255ΦΫςοτͷ υϝΠϯ͸ πϥΈ͕͋Δ! 2019/03/31(Sun) PHPerKaigi 2019 Jun Watanabe@rela1470

  24. 24.
    None
  25. 25.

    Ͳ͜Ͱఆٛ͞Ε͍ͯΔ͔

  26. 26.

    RFC1035 2.3.4. Size limits 255 Octet

  27. 27.

    1 Octet 8 bit 1 Byte

  28. 28.

    ༨ஊ 1Byte = 8 Bit ʹͳͬͨͷ͸ 2008೥ IEC 80000-13
 https://www.iso.org/standard/31898.html

    JIS͸ະൃߦ IECΛӾཡ͢Δʹ͸158 CHF (17,450ԁ)…
  29. 29.

    ࠞཚ͠ͳ͍ͨΊʹ΋ Octet Λ࢖͓͏!

  30. 30.

    ͞Βʹ༨ஊ URLશମͷ੍ݶ͸ͳ͍

  31. 31.

    100ສจࣈ·Ͱಈ࡞֬ೝࡁΈ https://qiita.com/nwtgck/items/e83473dc63386d2da3e5

  32. 32.

    ؓ࿩ٳ୊

  33. 33.

    υϝΠϯͷσʔλ಺໿

  34. 34.

    work . work ↓ϥϕϧ ↑ ۠੾Γจࣈ ୈ2ϨϕϧυϝΠϯ ୈ1ϨϕϧυϝΠϯ

  35. 35.

    DNSϝοηʔδ ࠓճͷυϝΠϯͷྫ

  36. 36.

    ఆٛจࣈ௕ ΦΫςοτ ϥϕϧจࣈྻ NBY ΦΫςοτ  XPSLXPSLXPSLXPSLXPSLXPSL  XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL 

    XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL  XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL  XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL  XPSL  0DUFU 0DUFU   workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.workworkworkworkwor kworkworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkworkwor kworkworkworkwork.workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.work ↓ = 255 octet = 253จࣈ(υοτؚ)
  37. 37.

    ϝʔϧΞυϨε͸?

  38. 38.

    RFC5321 4.5.3.1.3. Path 256 Octet

  39. 39.

    શମͰ࠷େ 256 Octet ·Ͱ (υοτ΍ΞοτϚʔΫ΋ؚΉ) υϝΠϯͰ 255 Octet ࢖͏ͷͰ…

  40. 40.

    υϝΠϯ͕࠷େ௕ͩͱ ࣮࣭ൃߦͰ͖ͳ͍ @workworkworkworkworkwork.workworkworkworkwo rkworkworkworkworkwork.workworkworkworkworkw orkworkworkworkworkworkworkworkworkwork.work workworkworkworkworkworkworkworkworkworkwork workworkwork.workworkworkworkworkworkworkwor kworkworkworkworkworkworkwork.work ↑Ͱ256ΦΫςοτ(254จࣈ)

  41. 41.

    ࣮ࡍʹӡ༻͍͖ͯ͠

  42. 42.

    DNS

  43. 43.
    None
  44. 44.

    ໊͓લυοτίϜ͞Μ ͦ΋ͦ΋ෳ਺ϥϕϧ͕ ߟྀ͞Εͯͳ͍ ϫΠϧυΧʔυͰͳΜͱ͔

  45. 45.

    SLAର৅ͷαʔϏεΛ ࢖͍·͠ΐ͏

  46. 46.

    Amazon Route 53

  47. 47.

    IDCF Cloud DNS

  48. 48.

    nginx

  49. 49.

    vi nginx.conf ———- server { listen 80; server_name workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.workworkwor kworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkwor

    kworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkworkwor kworkworkworkwork.work; } —————— nginx -t nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 32 nginx: configuration file /etc/nginx/nginx.conf test failed nginx.conf server_name͕௕͗͢Δ
  50. 50.

    vi nginx.conf ———- http { server_names_hash_bucket_size 512; } bucketSize֦ு

  51. 51.
    None
  52. 52.

    HTTPSԽ

  53. 53.
    None
  54. 54.

    DNS name too long # /usr/local/certbot/certbot-auto certonly --webroot -w /work.work

    - d workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.wo rkworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkw orkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkwork workworkworkworkworkworkworkworkworkworkwork.work Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate An unexpected error occurred: The request message was malformed :: Error creating new authz :: DNS name too long Please see the logfiles in /var/log/letsencrypt for more details.
  55. 55.

    certbot͕230จࣈҎ্Λ ड͚෇͚ͳ͍

  56. 56.

    ಺෦తʹJSONͷϝλ৘ใͰ 25จࣈ࢖ͬͯ͠·͏ͨΊ letsencrypt/boulder.git/policy/pa.go@126 // TODO(#3237): Right now our schema for

    the authz table only allows 255 characters // for identifiers, including JSON wrapping, which takes up 25 characters. For // now, we only allow identifiers up to 230 characters in length. When we are // able to do a migration to update this table, we can allow DNS names up to // 253 characters in length. maxLabelLength = 63 maxDNSIdentifierLength = 230 `identifier` varchar(255) NOT NULL, {"type":"dns","value":"example.com"} https://community.letsencrypt.org/t/i-want-use-max-255-octet-domain/51279
  57. 57.
    None
  58. 58.
    None
  59. 59.
    None
  60. 60.

    Let’s Encrypt ͕ବ໨ͳΒ…

  61. 61.

    ී௨ͷ༗ྉSSLͳΒ ͍͚Μͷ͔

  62. 62.

    # openssl req -new -key key.pem -out key.csr Common Name

    (eg, fully qualified host name) []:workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork .workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workwo rkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkw orkworkworkworkworkworkworkworkworkworkworkwork.work OpenSSLͰCSRൃߦ΍!
  63. 63.

    string is too long, it needs to be less than

    64 bytes long
  64. 64.

    OpenSSL͕ବ໨ͳΒ…

  65. 65.

    Microsoft IIS

  66. 66.

    CSRൃߦͰ͖·ͨ͠

  67. 67.

    CoreSSL͞ΜͰਃ੥

  68. 68.
    None
  69. 69.

    CSR͸ೝ͚ࣝͨ͠Ͳ αʔϏεଆͰ஄͔Εͨ

  70. 70.

    ্Ґূ໌ہ Symantec Comodo GeoTrust ͷ੍ݶ https://knowledge.symantec.com/jp/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO24065

  71. 71.

    RFC 5280 Appendix A.1 ub-common-name-length INTEGER ::= 64 ͪΐͬͱࣗ৴ͳ͍

  72. 72.

    ͝ฦۚ ରԠ௖͖ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠

  73. 73.

    ແྉͰ230จࣈ·Ͱ͍͚Δ let's encrypt ٯʹ༏लઆ

  74. 74.
    None
  75. 75.

    ࣗલ͕ବ໨ͳΒ...

  76. 76.

    αʔόʔϨε΍!

  77. 77.

    Firebase Hosting ແྉSSL+ແྉCDN(݄50GB·Ͱ)

  78. 78.

    Firebase Hosting ແྉSSL+ແྉCDN(݄50GB·Ͱ)

  79. 79.

    Firebase Hosting ແྉSSL+ແྉCDN(݄50GB·Ͱ)

  80. 80.

    SSL͕͍ͭ·Ͱܦͬͯ΋ ൓ө͞Εͳ͍

  81. 81.

    UI΋յΕΔ

  82. 82.

    ͦͯ͠2019೥

  83. 83.

    υϝΠϯͷ௕͕͞ ࠷େ64จࣈʹ੍ݶ͞ΕͯΔ…

  84. 84.

    Firebase͕ ବ໨ͳΒ Netlify΍!

  85. 85.
    None
  86. 86.
    None
  87. 87.

    UI͸΋ͪΖΜյΕΔ

  88. 88.

    ͔͠͠ 255 octet ͷ υϝΠϯ͸ొ࿥Ͱ͖ͨ (ͼͬ͘Γ)

  89. 89.

    SSL͸…?

  90. 90.

    DNS name too long

  91. 91.

    Netlify ແྉSSL

  92. 92.

    230จࣈʹ཈͑ͨΒ ͍͚Δ΍Ζ!

  93. 93.

    CN was longer than 64 bytes

  94. 94.
    None
  95. 95.

    Firebase SSLରԠඞਢ 64 octet ·Ͱ Netlify SSL͸ 64 octet ·Ͱ

    httpͰ΋Α͚Ε͹ 255 octet ·Ͱ
  96. 96.

    SSLରԠͷເ͸௵͑ͨ…

  97. 97.
    None
  98. 98.

    ACME v2 API ϫΠϧυΧʔυূ໌ॻ

  99. 99.

    CN was longer than 64 bytes ./certbot-auto certonly —manual -d

    *.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkw orkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkwork workworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkwor kworkworkworkworkwork.work -m jun@harine.jp --agree-tos --manual- public-ip --preferred-challenges dns-01 --server https://acme- v02.api.letsencrypt.org/directory An unexpected error occurred: The request message was malformed :: Error finalizing order :: issuing precertificate: CN was longer than 64 bytes
  100. 100.

    cert-bot SAN ରԠ υϝΠϯෳ਺ࢦఆͰ͖Δ & ઌ಄ͷυϝΠϯ͕CNʹ

  101. 101.

    workworkworkworkworkw orkworkworkworkworkwor kworkworkworkwork.work 65จࣈ

  102. 102.

    workworkworkworkwork. work 25จࣈ

  103. 103.

    ./certbot-auto certonly --manual -d workworkworkworkwork.work -d *.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkw orkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkwork workworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkwor kworkworkworkworkwork.work

    -m jun@harine.jp --agree-tos --manual- public-ip --preferred-challenges dns-01 --server https://acme- v02.api.letsencrypt.org/directory
  104. 104.

    Congratulations! ./certbot-auto certonly --manual -d workworkworkworkwork.work -d *.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkw orkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkwork workworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkwor

    kworkworkworkworkwork.work -m jun@harine.jp --agree-tos --manual- public-ip --preferred-challenges dns-01 --server https://acme- v02.api.letsencrypt.org/directory IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/workworkworkworkwork.work/fullchain.pem
  105. 105.
    None
  106. 106.
    None
  107. 107.

    https:// workworkworkworkworkwork.w orkworkworkworkworkworkwor kworkworkwork.workworkwork workworkworkworkworkworkw orkworkworkworkworkwork.wo rkworkworkworkworkworkwork workworkworkworkworkworkw orkwork.workworkworkworkwo rkworkworkworkworkworkwork

    workworkworkwork.work/
  108. 108.

    http:// work.workworkworkworkworkw orkworkworkworkworkworkwor kworkworkwork.workworkwork workworkworkworkworkworkw orkworkworkworkworkwork.wo rkworkworkworkworkworkwork workworkworkworkworkworkw orkwork.workworkworkworkwo rkworkworkworkworkworkwork

    workworkworkwork.work/
  109. 109.

    http:// workwork.workworkworkworkw orkworkworkworkworkworkwor kworkworkwork.workworkwork workworkworkworkworkworkw orkworkworkworkworkwork.wor kworkworkworkworkworkwork workworkworkworkworkworkw orkwork.workworkworkworkwor kworkworkworkworkworkwork

    workworkworkwork.work/public
  110. 110.

    http://bit.ly/endless_work http://bit.ly/work_netlify http://bit.ly/work_githubpages Jun Watanabe@rela1470 https://rela.red/ https://yasero.dev/ Available for hire!