On Thu, 2013-04-11 at 14:52 +0200, Petr Viktorin wrote:
> On 04/11/2013 02:43 PM, Simo Sorce wrote:
> > On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
> >> On 04/11/2013 12:05 PM, Tomas Babej wrote:
> >>> Hi,
> >>> Makes DNAME target validation less strict and allows underscore.
> >>> This is requirement for IPA sites.
> >>> https://fedorahosted.org/freeipa/ticket/3550
> >>> Tomas
> >> I checked with Petr², and he said it would make sense to also enable
> >> underscores for the other records types.
> >> For records other than TXT, SRV, DNAME, and NSEC we could warn if
> >> underscores are used, but that's probably not worth the trouble -- just
> >> allowing underscores everywhere is fine.
> > Underscores are invalid DNS characters, they should not be allowed for A
> > records, only for DNAME, and SRV records IMO.
> Technically, they're invalid *hostname* characters; in DNS itself
> anything goes.
> Interestingly, we already allow them for A records:
> $ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=184.108.40.206
> Record name: _bogus
> A record: 220.127.116.11
> But this ticket is not about the record name, it's about record data
> (i.e. the *target* of the DNAME).
So we are restricting record *data* but *not* record names ? That's ...
Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list