On Thu, 2013-04-11 at 14:52 +0200, Petr Viktorin wrote: > On 04/11/2013 02:43 PM, Simo Sorce wrote: > > On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote: > >> On 04/11/2013 12:05 PM, Tomas Babej wrote: > >>> Hi, > >>> > >>> Makes DNAME target validation less strict and allows underscore. > >>> This is requirement for IPA sites. > >>> > >>> https://fedorahosted.org/freeipa/ticket/3550 > >>> > >>> Tomas > >> > >> I checked with Petr², and he said it would make sense to also enable > >> underscores for the other records types. > >> For records other than TXT, SRV, DNAME, and NSEC we could warn if > >> underscores are used, but that's probably not worth the trouble -- just > >> allowing underscores everywhere is fine. > >> > > > > Underscores are invalid DNS characters, they should not be allowed for A > > records, only for DNAME, and SRV records IMO. > > Technically, they're invalid *hostname* characters; in DNS itself > anything goes. > > Interestingly, we already allow them for A records: > $ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=18.104.22.168 > Record name: _bogus > A record: 22.214.171.124 > > But this ticket is not about the record name, it's about record data > (i.e. the *target* of the DNAME).
So we are restricting record *data* but *not* record names ? That's ... odd. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel