[Freeipa-devel] [PATCH 0047] Allow underscore in DNAME targets
Petr Spacek
pspacek at redhat.com
Thu Apr 11 13:02:47 UTC 2013
On 11.4.2013 14:43, Simo Sorce wrote:
> On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
>> On 04/11/2013 12:05 PM, Tomas Babej wrote:
>>> Hi,
>>>
>>> Makes DNAME target validation less strict and allows underscore.
>>> This is requirement for IPA sites.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3550
>>>
>>> Tomas
>>
>> I checked with Petr², and he said it would make sense to also enable
>> underscores for the other records types.
>> For records other than TXT, SRV, DNAME, and NSEC we could warn if
>> underscores are used, but that's probably not worth the trouble -- just
>> allowing underscores everywhere is fine.
>>
>
> Underscores are invalid DNS characters, they should not be allowed for A
> records, only for DNAME, and SRV records IMO.
AFAIK underscore is not allowed in 'host names' (= A/AAAA), but generally
should be okay. (This limitation came from 1988 ...)
> That said I am ok allowing them on other records provided we warn
> prominently.
We definitely need to allow underscore in DNAME, SRV, NSEC and TXT. Warning
for these records is not meaningful.
I'm okay with any check/warning/whatever for other records as long as --force
can be used to disable the check.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list