[Freeipa-devel] [PATCH 0047] Allow underscore in DNAME targets
Tomas Babej
tbabej at redhat.com
Tue Apr 23 12:02:20 UTC 2013
On 04/11/2013 04:35 PM, Petr Viktorin wrote:
> On 04/11/2013 03:59 PM, Simo Sorce wrote:
>> On Thu, 2013-04-11 at 14:52 +0200, Petr Viktorin wrote:
>>> On 04/11/2013 02:43 PM, Simo Sorce wrote:
>>>> On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
>>>>> On 04/11/2013 12:05 PM, Tomas Babej wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Makes DNAME target validation less strict and allows underscore.
>>>>>> This is requirement for IPA sites.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/3550
>>>>>>
>>>>>> Tomas
>>>>>
>>>>> I checked with Petr², and he said it would make sense to also enable
>>>>> underscores for the other records types.
>>>>> For records other than TXT, SRV, DNAME, and NSEC we could warn if
>>>>> underscores are used, but that's probably not worth the trouble --
>>>>> just
>>>>> allowing underscores everywhere is fine.
>>>>>
>>>>
>>>> Underscores are invalid DNS characters, they should not be allowed
>>>> for A
>>>> records, only for DNAME, and SRV records IMO.
>>>
>>> Technically, they're invalid *hostname* characters; in DNS itself
>>> anything goes.
>>>
>>> Interestingly, we already allow them for A records:
>>> $ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=1.2.3.4
>>> Record name: _bogus
>>> A record: 1.2.3.4
>>>
>>> But this ticket is not about the record name, it's about record data
>>> (i.e. the *target* of the DNAME).
>>
>> So we are restricting record *data* but *not* record names ? That's ...
>> odd.
>
> Yes. Apparently we relaxed the name validation because underscores are
> used in AD or other exotic/nonstandard setups, and now we need to
> relax the data validation as well.
>
> I filed a ticket to add warnings for underscores in A records:
> https://fedorahosted.org/freeipa/ticket/3557
>
>
Sorry for letting this rot on the list, I thought I sent the patch
already. Patchwork saved me this time.
Here's the updated patch.
Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0047-2-Allow-underscore-in-record-targets.patch
Type: text/x-patch
Size: 3106 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130423/fc1b7587/attachment.bin>
More information about the Freeipa-devel
mailing list