[Freeipa-devel] [PATCH 0047] Allow underscore in DNAME targets
Simo Sorce
simo at redhat.com
Thu Apr 11 13:59:26 UTC 2013
On Thu, 2013-04-11 at 14:52 +0200, Petr Viktorin wrote:
> On 04/11/2013 02:43 PM, Simo Sorce wrote:
> > On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
> >> On 04/11/2013 12:05 PM, Tomas Babej wrote:
> >>> Hi,
> >>>
> >>> Makes DNAME target validation less strict and allows underscore.
> >>> This is requirement for IPA sites.
> >>>
> >>> https://fedorahosted.org/freeipa/ticket/3550
> >>>
> >>> Tomas
> >>
> >> I checked with Petr², and he said it would make sense to also enable
> >> underscores for the other records types.
> >> For records other than TXT, SRV, DNAME, and NSEC we could warn if
> >> underscores are used, but that's probably not worth the trouble -- just
> >> allowing underscores everywhere is fine.
> >>
> >
> > Underscores are invalid DNS characters, they should not be allowed for A
> > records, only for DNAME, and SRV records IMO.
>
> Technically, they're invalid *hostname* characters; in DNS itself
> anything goes.
>
> Interestingly, we already allow them for A records:
> $ ipa dnsrecord-add idm.lab.eng.brq.redhat.com _bogus --a-rec=1.2.3.4
> Record name: _bogus
> A record: 1.2.3.4
>
> But this ticket is not about the record name, it's about record data
> (i.e. the *target* of the DNAME).
So we are restricting record *data* but *not* record names ? That's ...
odd.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list