On Thu, 2013-04-11 at 14:52 +0200, Petr Viktorin wrote:
> On 04/11/2013 02:43 PM, Simo Sorce wrote:
> > On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
> >> On 04/11/2013 12:05 PM, Tomas Babej wrote:
> >>> Hi,
> >>>
> >>> Makes DNAME target validation less strict and allows underscore.
> >>> This is requirement for IPA sites.
> >>>
> >>> https://fedorahosted.org/freeipa/ticket/3550
> >>>
> >>> Tomas
> >>
> >> I checked with PetrĀ², and he said it would make sense to also enable
> >> underscores for the other records types.
> >> For records other than TXT, SRV, DNAME, and NSEC we could warn if
> >> underscores are used, but that's probably not worth the trouble -- just
> >> allowing underscores everywhere is fine.
> >>
> >
> > Underscores are invalid DNS characters, they should not be allowed for A
> > records, only for DNAME, and SRV records IMO.
> 
> Technically, they're invalid *hostname* characters; in DNS itself 
> anything goes.
> 
> Interestingly, we already allow them for A records:
> $ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=1.2.3.4
>    Record name: _bogus
>    A record: 1.2.3.4
> 
> But this ticket is not about the record name, it's about record data 
> (i.e. the *target* of the DNAME).

So we are restricting record *data* but *not* record names ? That's  ...
odd.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to