Bug 35254 – UDM Module allows leading dot for dns alias

Bug 35254 - UDM Module allows leading dot for dns alias


Summary:	UDM Module allows leading dot for dns alias

Status:	RESOLVED WORKSFORME

Product:	UCS
Classification:	Unclassified
Component:	UMC - DNS
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Philipp Hahn
QA Contact:

URL:
Keywords:

Duplicates:	35256 35438 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-07-04 08:13 CEST by Tim Petersen
Modified:	2017-04-18 13:15 CEST (History)
CC List:	4 users (show)

See Also:	28363 25354
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	1: Nuisance – not a big deal but noticeable
User Pain:	0.017
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Petersen

2014-07-04 08:13:43 CEST

I had no passion to grab the rfc in order to determine if this behaviour is correct but practically a leading dot in an alias record seems to be corrupt:


root@master:~# udm dns/alias create --set cname=foo.domain.bar --set name=.corrupt --set zonettl=3 --superordinate zoneName=domain.tim,cn=dns,dc=domain,dc=tim
Object created: relativeDomainName=.corrupt,zoneName=domain.tim,cn=dns,dc=domain,dc=tim


root@master:~# dig @127.0.0.1 -p 7777 $(ucr get domainname) -t AXFR

; <<>> DiG 9.8.0-P4 <<>> @127.0.0.1 -p 7777 domain.tim -t AXFR
; (1 server found)
;; global options: +cmd
; Transfer failed.


root@master:~# grep sdb_put /var/log/syslog
master named[30436]: LDAP sdb zone 'domain.tim': dns_sdb_put... failed for foo.domain.bar.

Comment 1 Philipp Hahn

2014-07-04 08:42:38 CEST

<http://tools.ietf.org/html/rfc2181#section-11>
> The length of any one label is limited to between 1 and 63 octets.

Comment 2 Janek Walkenhorst

2014-07-17 18:53:35 CEST

The dns/alias name is now limited to valid DNS label characters:
 ^[0-9A-Za-z]([0-9A-Za-z-]{0,61}[0-9A-Za-z])?$
univention-directory-manager-modules (9.0.76-16.1215.201407171853)

Advisory
 2014-06-11-univention-directory-manager-modules.yaml
updated.

Comment 3 Stefan Gohmann

2014-07-19 14:09:07 CEST

The Samba 4 jenkins tests failed:

E: failed Alias: Invalid valueAdding CNAME record "ff22c05b-00fe-4614-8c2b-78ce64bff69f._msdcs master093.autotest093.local." to zone autotest093.local...

Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 400, in <module>
    main()
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 371, in main
    add_cname_record(*args)
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 282, in add_cname_record
    record['name'] = name
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 282, in __setitem__
    raise univention.admin.uexceptions.valueInvalidSyntax, "%s: %s"%(self.descriptions[key].short_description,err)
univention.admin.uexceptions.valueInvalidSyntax: Alias: Invalid value

Comment 4 Stefan Gohmann

2014-07-23 06:11:19 CEST

(In reply to Stefan Gohmann from comment #3)
> The Samba 4 jenkins tests failed:

I've set the syntax back to string again because I need the jenkins results: r52069

Comment 5 Stefan Gohmann

2014-07-28 22:05:15 CEST

*** Bug 34679 has been marked as a duplicate of this bug. ***

Comment 6 Stefan Gohmann

2014-07-28 22:05:39 CEST

*** Bug 35438 has been marked as a duplicate of this bug. ***

Comment 7 Janek Walkenhorst

2014-07-29 12:45:54 CEST

Changes reverted (9.0.76-18)

Comment 8 Stefan Gohmann

2014-10-14 21:02:06 CEST

I don't think that the fix is currently so important.

Comment 9 Philipp Hahn

2017-04-18 13:09:04 CEST

# udm dns/alias create --set cname="foo.$(ucr get domainname)" --set name=.corrupt --set zonettl=3 --superordinate "$(udm dns/forward_zone list |sed -ne 's/^DN: //p;T;q')"
E: Invalid Syntax: Alias: Labels must be between 1 and 63 characters long!

Comment 10 Philipp Hahn

2017-04-18 13:15:41 CEST

*** Bug 35256 has been marked as a duplicate of this bug. ***