Comment 1 Philipp Hahn 2012-12-05 11:14:42 CET

Ähnliches auch bei CNAMEs: Dort kann man auch ungültige Host-Namen angeben (bei mir war es apt..knut.univention.de.). Aufgefallen ist das nur bei einem Zone-Transfer, wo besagter falscher RR dann fehlte.

Comment 2 Philipp Hahn 2015-11-10 16:47:20 CET

For IPv6 entering the reverse IPv6 address in nibble format is very error prone

Comment 3 Philipp Hahn 2016-10-17 13:34:31 CEST

As this bug requires a API change → UCS-4.2

Comment 4 Philipp Hahn 2016-11-21 06:18:23 CET

This is much worse:

# udm dns/ptr_record list --superordinate zoneName=1.1.in-addr.arpa,cn=dns,dc=phahn,dc=qa
 DN: relativeDomainName=3.4,zoneName=1.1.in-addr.arpa,cn=dns,dc=phahn,dc=qa
   ptr_record: omar.knut.univention.de.
   address: 3.4
# dig +short @localhost -p 7777 -x 1.1.4.3
 omar.knut.univention.de.

# udm dns/ptr_record list --superordinate zoneName=4.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa,cn=dns,dc=phahn,dc=qa
 DN: relativeDomainName=8.0.0.0.7.0.0.0.6.0.0.0.5.0.0.0.0.0.0,zoneName=4.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa,cn=dns,dc=phahn,dc=qa
   ptr_record: master41.phahn.qa.
   address: 8.0.0.0.7.0.0.0.6.0.0.0.5.0.0.0.0.0.0
# dig +short @localhost -p 7777 -x 1:2:3:4000:5:6:7:8
 master41.phahn.qa.


DN1 () { sed -ne 's/^DN: //p;T;q'; }
LB=$(ucr get ldap/base) R=$RANDOM
udm dns/forward_zone create --set zone=dns$R --set nameserver=$(hostname -f) --set mx='10 ...'
udm dns/alias create --superordinate zoneName=dns$R,$LB --set name=test1 --set cname=a.b
udm dns/alias create --superordinate zoneName=dns$R,$LB --set name=test2 --set cname=a..b.
udm dns/alias create --superordinate zoneName=dns$R,$LB --set name=test3 --set cname=a.b.
dig +noall +question +answer @localhost -p 7777 test1.dns$R. cname
 ;test1.dns17224.                        IN      CNAME
 test1.dns17224.         10800   IN      CNAME   a.b.dns17224.
dig +noall +question +answer @localhost -p 7777 test2.dns$R. cname
 ;test2.dns17224.                        IN      CNAME
dig +noall +question +answer @localhost -p 7777 test3.dns$R. cname
 ;test3.dns17224.                        IN      CNAME
 test3.dns17224.         10800   IN      CNAME   a.b.
dig +noall +question +answer @localhost -p 7777 dns$R. mx
 ;dns17224.                      IN      MX
dig +noall @localhost -p 7777 dns$R axfr
 ; Transfer failed.
tail /vag/log/daemon.log
 named[4656]: dns_rdata_fromtext: buffer-0x7f5942385730:1: near 'a..b.': empty label
 named[4656]: LDAP sdb zone 'dns17224': dns_sdb_put... failed for a..b.

r74606 | Bug #26354 udm: Implement dns.ptr search
r74605 | Bug #26354 udm: Validate dns.ptr
r74604 | Bug #25354 udm: Validate DNS domain name syntax

Comment 5 Florian Best 2016-11-21 13:11:02 CET

r74604
+msgstr "Der vollständige Domänenname muß zwischen 1 udn 255 zeichen lang sein!"
s/udn/und/
s/muß/muss/
s/zeichen/Zeichen/

Comment 6 Philipp Hahn 2016-11-21 15:03:02 CET

r74643 | Bug #25354 udm: Validate DNS domain name syntax

Package: univention-directory-manager-modules
Version: 11.0.3-47.1441.201611211501
Branch: ucs_4.1-0
Scope: errata4.1-4

r74644 | Bug #25354 udm: Validate DNS domain name syntax YAML

Comment 7 Stefan Gohmann 2016-11-23 05:38:50 CET

Some of our Jenkins setups fail now. See here for example:

http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/ADMemberMultiEnv/13/Mode=module,Version=w2k12r2-france/testReport/

Configure /usr/lib/univention-install/15univention-heimdal-kdc.inst
2016-11-22 16:52:11.352159816-05:00 (in joinscript_init)
E: failed Name: Value may not contain other than numbers, letters and dots!
Adding TXT record "_kerberos AUTOTEST225.LOCAL" to zone autotest225.local...
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 400, in <module>
    main()
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 367, in main
    add_txt_record(*args)
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 234, in add_txt_record
    record['name'] = name
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 260, in __setitem__
    raise univention.admin.uexceptions.valueInvalidSyntax, "%s: %s" % (self.descriptions[key].short_description, err)
univention.admin.uexceptions.valueInvalidSyntax: Name: Value may not contain other than numbers, letters and dots!

Is it related to these changes?

Comment 8 Stefan Gohmann 2016-11-23 07:47:36 CET

There are more test results which might be caused by these changes:

http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s4,Systemrolle=master/lastCompletedBuild/testReport/00_checks/10_s4_connector_rejects/test/
----------------------------------------------------------------------------
[2016-11-22 18:12:13.492092] UCS rejected
[2016-11-22 18:12:13.492153] 
[2016-11-22 18:12:13.492263] 
[2016-11-22 18:12:13.492277] S4 rejected
[2016-11-22 18:12:13.492314] 
[2016-11-22 18:12:13.492481]     1:    S4 DN: DC=gc,DC=_msdcs.autotest091.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=autotest091,DC=local
[2016-11-22 18:12:13.492639]          UCS DN: <not found>
[2016-11-22 18:12:13.492723]     2:    S4 DN: DC=05ddc0b4-de3c-4b3d-87b4-7b0e5a96ade4,DC=_msdcs.autotest091.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=autotest091,DC=local
[2016-11-22 18:12:13.492835]          UCS DN: <not found>
[2016-11-22 18:12:13.492920] 
[2016-11-22 18:12:13.492956] 	last synced USN: 3817
[2016-11-22 18:12:17.038297] S4CONNECTOR WARNING: Found 2 reject(s)! Please check output of univention-s4connector-list-rejected.
----------------------------------------------------------------------------

Comment 9 Florian Best 2016-11-23 10:23:53 CET

See also Bug #35254 with the same symptoms (Bug #35438). If I remember correctly, the joinscripts of S4 are creating "invalid" entries.

Comment 10 Stefan Gohmann 2016-11-26 17:17:31 CET

(In reply to Stefan Gohmann from comment #8)
> There are more test results which might be caused by these changes:

It looks like that it breaks all of our Jenkins tests or at least a lot of test environments. Since we will release an UCS@school release next week, please revert your changes.

Comment 11 Philipp Hahn 2016-11-28 09:54:05 CET

*** Bug 35041 has been marked as a duplicate of this bug. ***

Comment 12 Philipp Hahn 2016-11-28 10:05:21 CET

r74749 | Bug #25354 udm: Validate DNS domain name syntax UCS-4.1-4
r74751 | Bug #25354 udm: Validate DNS domain name syntax UCS-4.2-0
 There's a new syntax class dnsHostname now used for SOA.primary/NS/SRV.location/MX.server, which checks for valid "host names", while dnsName was relaxed to allow any DNS label/name.
 Summary:
 - RFC2181: DNS allows everything:
   - 1<=|label|<=63
   - 1<=|total|<=253 (+ trailing dot + 1 byte for length -> max 255)
   - All-digits are allowed, as long as the TLD is not-all-numeric
 - RFC5321: SMTP restricts hostnames to Letter-Digits-Hyphen

Package: univention-directory-manager-modules
Version: 11.0.3-48.1442.201611271952
Branch: ucs_4.1-0
Scope: errata4.1-4

r74754 | Bug #25354 udm: Validate DNS domain name syntax YAML
 univention-directory-manager-modules.yaml

Comment 13 Philipp Hahn 2016-11-30 11:32:16 CET

r74820 | Bug #25354 test.dns: Add RFC1123 tests
r74819 | Bug #25354 udm: Allow RFC1123 DNS names

Package: univention-directory-manager-modules
Version: 11.0.3-49.1443.201611301119
Branch: ucs_4.1-0
Scope: errata4.1-4

Package: ucs-test
Version: 6.0.37-14.1560.201611301121
Branch: ucs_4.1-0
Scope: errata4.1-4

r74822 | Bug #25354 test.dns: Add RFC1123 tests
r74821 | Bug #25354 udm: Allow RFC1123 DNS names

r74823 | Bug #25354 udm: Allow RFC1123 DNS names YAML
 univention-directory-manager-modules.yaml

Comment 14 Florian Best 2016-12-21 15:48:42 CET

OK: dns/forward zone|reverse zone nameserver
OK: computers/* dnsEntryZoneAlias (stripping trailing dot)
~OK: Wrong: container/dc dnsForwardZone uses dnsName while the values are DN's but it's not create-able and editable at all.
OK: dns/txt_record
OK: dns/srv_record (removal of location.server not possible)
OK: dns/host_record (name, MX)
OK: dns/ptr_record (the tooltip says that trailing dot is required, while it isn't enforced)
OK: dns/alias (name, CNAME)
OK: mail/domain

I get the following error if I want to add a DNS forward zone named "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.":
The LDAP object could not be saved: LDAP Error Other (e.g., implementation specific) error

Prior to this it was:
Zone name: Invalid DNS zone name! (Must not end with a ".", only "0"-"9", "A"-"Z", "a"-"z", and "-" allowed)

→ OK: No real regression
OK: YAML
OK: UCS 4.2 merge

Comment 15 Florian Best 2016-12-22 18:30:35 CET

I oversaw two commits in my QA which were done with the wrong bug number.

univention-directory-manager-modules (12.0.7-1):
r74606 | Bug #26354 udm: Implement dns.ptr search
r74605 | Bug #26354 udm: Validate dns.ptr

Comment 16 Florian Best 2016-12-23 15:27:29 CET

This works very nice, especially that the whole IP is now shown in UMC!
There are two commits only in UCS 4.2 and we are releasing this as 4.1-1 errata. IMO okay, the bug is mentioned in both YAML and changelog correctly.

I added a missing translation:
univention-directory-manager-modules (12.0.9-1):
r75540 | Bug #25354: add missing translation

Comment 17 Janek Walkenhorst 2017-01-05 11:22:33 CET

<http://errata.software-univention.de/ucs/4.1/367.html>

Comment 18 Philipp Hahn 2018-02-16 09:43:54 CET

*** Bug 38734 has been marked as a duplicate of this bug. ***