[Freeipa-devel] [PATCH 0107-0108] Fix DNS wildcard validation
Petr Viktorin
pviktori at redhat.com
Fri Sep 5 10:30:17 UTC 2014
On 09/05/2014 12:21 PM, Petr Spacek wrote:
> On 3.9.2014 14:40, Martin Basti wrote:
>> On 02/09/14 17:33, Petr Spacek wrote:
>>> On 21.8.2014 10:58, Martin Basti wrote:
>>>> On 21/08/14 08:43, Petr Spacek wrote:
>>>>> On 20.8.2014 17:37, Martin Basti wrote:
>>>>>> + # dissallowed wildcard (RFC 4592)
>>>>>> + no_wildcard_rtypes = ['CNAME', 'DNAME', 'DS', 'NS']
>>>>> NACK
>>>>>
>>>>> http://tools.ietf.org/html/rfc4592#section-4.3 doesn't forbid CNAME
>>>>> with
>>>>> wildcard owner name. This subsection is is just a "note" for
>>>>> implementers
>>>>> about proper wildcard handling.
>>>>>
>>>>> Sorry :-)
>>>>>
>>>> Thank you!
>>>>
>>>> Updated patches attached.
>>>>
>>>
>>> # ipa dnsrecord-add ipa.example. '*' --ns-rec='ns'
>>> ipa: ERROR: invalid 'idnsname': owner of DNAME, DS, NS records should
>>> not be
>>> a wildcard domain name (RFC 4592)
>>>
>>> It would be nice to have more specific reference to RFC: 'RFC 4592
>>> section 4'.
>>>
>>> CondACK: It can be pushed if you amend the error message.
>>>
>> Updated patch attached.
>> Please push to branches: ipa 4.0.x, 4.1, master
>
> The error message seems okay, it can be pushed.
Pushed to:
master: 028b3d1009122e01f32710463a96cacddd4d26c1
ipa-4-0: 3c6f83e41de097a23c4839c2d14b091c7bacc562
ipa-4-1: 031677c80b1b9a2706186421e651c6132b14e6e2
--
Petr³
More information about the Freeipa-devel
mailing list