[Freeipa-devel] [PATCH 0047] Allow underscore in DNAME targets
Petr Viktorin
pviktori at redhat.com
Thu Apr 11 12:52:52 UTC 2013
On 04/11/2013 02:43 PM, Simo Sorce wrote:
> On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
>> On 04/11/2013 12:05 PM, Tomas Babej wrote:
>>> Hi,
>>>
>>> Makes DNAME target validation less strict and allows underscore.
>>> This is requirement for IPA sites.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3550
>>>
>>> Tomas
>>
>> I checked with Petr², and he said it would make sense to also enable
>> underscores for the other records types.
>> For records other than TXT, SRV, DNAME, and NSEC we could warn if
>> underscores are used, but that's probably not worth the trouble -- just
>> allowing underscores everywhere is fine.
>>
>
> Underscores are invalid DNS characters, they should not be allowed for A
> records, only for DNAME, and SRV records IMO.
Technically, they're invalid *hostname* characters; in DNS itself
anything goes.
Interestingly, we already allow them for A records:
$ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=1.2.3.4
Record name: _bogus
A record: 1.2.3.4
But this ticket is not about the record name, it's about record data
(i.e. the *target* of the DNAME).
> That said I am ok allowing them on other records provided we warn
> prominently.
>
> Simo.
--
Petr³
More information about the Freeipa-devel
mailing list