On 11.4.2013 14:43, Simo Sorce wrote:
On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
On 04/11/2013 12:05 PM, Tomas Babej wrote:
Hi,
Makes DNAME target validation less strict and allows underscore.
This is requirement for IPA sites.
https://fedorahosted.org/freeipa/ticket/3550
Tomas
I checked with PetrĀ², and he said it would make sense to also enable
underscores for the other records types.
For records other than TXT, SRV, DNAME, and NSEC we could warn if
underscores are used, but that's probably not worth the trouble -- just
allowing underscores everywhere is fine.
Underscores are invalid DNS characters, they should not be allowed for A
records, only for DNAME, and SRV records IMO.
AFAIK underscore is not allowed in 'host names' (= A/AAAA), but generally
should be okay. (This limitation came from 1988 ...)
That said I am ok allowing them on other records provided we warn
prominently.
We definitely need to allow underscore in DNAME, SRV, NSEC and TXT. Warning
for these records is not meaningful.
I'm okay with any check/warning/whatever for other records as long as --force
can be used to disable the check.
--
Petr^2 Spacek
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
