On 11.4.2013 14:52, Petr Viktorin wrote:
On 04/11/2013 02:43 PM, Simo Sorce wrote:
On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
On 04/11/2013 12:05 PM, Tomas Babej wrote:
Hi,

Makes DNAME target validation less strict and allows underscore.
This is requirement for IPA sites.

https://fedorahosted.org/freeipa/ticket/3550

Tomas

I checked with PetrĀ², and he said it would make sense to also enable
underscores for the other records types.
For records other than TXT, SRV, DNAME, and NSEC we could warn if
underscores are used, but that's probably not worth the trouble -- just
allowing underscores everywhere is fine.


Underscores are invalid DNS characters, they should not be allowed for A
records, only for DNAME, and SRV records IMO.

Technically, they're invalid *hostname* characters; in DNS itself anything goes.
Exactly.

Interestingly, we already allow them for A records:
$ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=1.2.3.4
   Record name: _bogus
   A record: 1.2.3.4
AD sometimes create crazy A records in DNS tree, so I guess it is allowed for compatibility. (Imagine that - IPA DNS used for AD domain!)

But this ticket is not about the record name, it's about record data (i.e. the
*target* of the DNAME).
This ticket *is* about names and targets at same time:

Text from the ticket:
> We need to allow underscore in record names and also DNAME targets.

--
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to