On 04/25/2013 12:03 PM, Petr Viktorin wrote:
On 04/23/2013 02:02 PM, Tomas Babej wrote:
On 04/11/2013 04:35 PM, Petr Viktorin wrote:
On 04/11/2013 03:59 PM, Simo Sorce wrote:
On Thu, 2013-04-11 at 14:52 +0200, Petr Viktorin wrote:
On 04/11/2013 02:43 PM, Simo Sorce wrote:
On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
On 04/11/2013 12:05 PM, Tomas Babej wrote:

Makes DNAME target validation less strict and allows underscore.
This is requirement for IPA sites.



I checked with PetrĀ², and he said it would make sense to also enable
underscores for the other records types.
For records other than TXT, SRV, DNAME, and NSEC we could warn if
underscores are used, but that's probably not worth the trouble --
allowing underscores everywhere is fine.

Underscores are invalid DNS characters, they should not be allowed
for A
records, only for DNAME, and SRV records IMO.

Technically, they're invalid *hostname* characters; in DNS itself
anything goes.

Interestingly, we already allow them for A records:
$ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=
    Record name: _bogus
    A record:

But this ticket is not about the record name, it's about record data
(i.e. the *target* of the DNAME).

So we are restricting record *data* but *not* record names ? That's  ...

Yes. Apparently we relaxed the name validation because underscores are
used in AD or other exotic/nonstandard setups, and now we need to
relax the data validation as well.

I filed a ticket to add warnings for underscores in A records:

Sorry for letting this rot on the list, I thought I sent the patch
already. Patchwork saved me this time.

Here's the updated patch.



Pushed to master, ipa-3-1 (rebased).


Freeipa-devel mailing list

Reply via email to