[Freeipa-devel] [PATCH 0047] Allow underscore in DNAME targets
Petr Spacek
pspacek at redhat.com
Thu Apr 11 13:05:46 UTC 2013
On 11.4.2013 14:52, Petr Viktorin wrote:
> On 04/11/2013 02:43 PM, Simo Sorce wrote:
>> On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
>>> On 04/11/2013 12:05 PM, Tomas Babej wrote:
>>>> Hi,
>>>>
>>>> Makes DNAME target validation less strict and allows underscore.
>>>> This is requirement for IPA sites.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3550
>>>>
>>>> Tomas
>>>
>>> I checked with Petr², and he said it would make sense to also enable
>>> underscores for the other records types.
>>> For records other than TXT, SRV, DNAME, and NSEC we could warn if
>>> underscores are used, but that's probably not worth the trouble -- just
>>> allowing underscores everywhere is fine.
>>>
>>
>> Underscores are invalid DNS characters, they should not be allowed for A
>> records, only for DNAME, and SRV records IMO.
>
> Technically, they're invalid *hostname* characters; in DNS itself anything goes.
Exactly.
> Interestingly, we already allow them for A records:
> $ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=1.2.3.4
> Record name: _bogus
> A record: 1.2.3.4
AD sometimes create crazy A records in DNS tree, so I guess it is allowed for
compatibility. (Imagine that - IPA DNS used for AD domain!)
> But this ticket is not about the record name, it's about record data (i.e. the
> *target* of the DNAME).
This ticket *is* about names and targets at same time:
Text from the ticket:
> We need to allow underscore in record names and also DNAME targets.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list