[Freeipa-devel] [PATCH 0107-0108] Fix DNS wildcard validation
Martin Basti
mbasti at redhat.com
Wed Sep 3 12:40:22 UTC 2014
On 02/09/14 17:33, Petr Spacek wrote:
> On 21.8.2014 10:58, Martin Basti wrote:
>> On 21/08/14 08:43, Petr Spacek wrote:
>>> On 20.8.2014 17:37, Martin Basti wrote:
>>>> + # dissallowed wildcard (RFC 4592)
>>>> + no_wildcard_rtypes = ['CNAME', 'DNAME', 'DS', 'NS']
>>> NACK
>>>
>>> http://tools.ietf.org/html/rfc4592#section-4.3 doesn't forbid CNAME
>>> with
>>> wildcard owner name. This subsection is is just a "note" for
>>> implementers
>>> about proper wildcard handling.
>>>
>>> Sorry :-)
>>>
>> Thank you!
>>
>> Updated patches attached.
>>
>
> # ipa dnsrecord-add ipa.example. '*' --ns-rec='ns'
> ipa: ERROR: invalid 'idnsname': owner of DNAME, DS, NS records should
> not be a wildcard domain name (RFC 4592)
>
> It would be nice to have more specific reference to RFC: 'RFC 4592
> section 4'.
>
> CondACK: It can be pushed if you amend the error message.
>
Updated patch attached.
Please push to branches: ipa 4.0.x, 4.1, master
--
Martin Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0107.3-FIX-DNS-wildcard-records-RFC4592.patch
Type: text/x-patch
Size: 2413 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140903/fc978ec6/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0108.3-Tests-DNS-wildcard-records.patch
Type: text/x-patch
Size: 3926 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140903/fc978ec6/attachment-0001.bin>
More information about the Freeipa-devel
mailing list